Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
893
Views
0
Helpful
2
Replies

IPSec and AH and ESP combine them in one command

zillah2004
Level 1
Level 1

‎04-15-2007 01:07 AM - edited ‎02-21-2020 02:58 PM

http://www.cisco.com/en/US/products/ps6922/products_command_reference_chapter09186a008069c11f.html#wp1010369

Since IPSec defines two protocols: Authentication Header (AH) protocol and Encapsulating Security Payload (ESP) protocol.

I find I am some how not getting my mind around why cisco combine two different protcols like this command below:

RTA(config)#crypto ipsec transform-set secure ah-md5-hmac esp-des-hmac

As you can see AH protocol is used for authentication and ESP is used for encryption!!!

Labels:
0 Helpful
2 Replies 2

zillah2004
Level 1
Level 1

‎04-17-2007 07:18 PM

Any comment ?

Thanks

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎04-17-2007 10:52 PM

Hi

AH is not used that much in the real world in terms of IPSEC VPN's. The reason being that AH does not work well with NAT and ESP has it's own form of authentcation built in which although not quite as rigorous as AH is adequate for most people.

However if you really wanted to use ESP purely for encryption and wanted to rely on AH for auhentication then Cisco give you the option to do that. As i say, not commonly used in the real world.

HTH

Jon

0 Helpful
Customers Also Viewed These Support Documents