Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114
E-4
Virtual Private Networking
Figure 4-7: Original packet and packet with IPSec Encapsulated Security Payload
The ESP header is inserted into the packet between the IP header and any subsequent packet
contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt
the ESP header, nor does it encrypt the ESP authentication.
Authentication Header (AH)
AH provides authentication and integrity, which protect against data tampering, using the same
algorithms as ESP. AH also provides optional anti-replay protection, which protects against
unauthorized retransmission of packets. The authentication header is inserted into the packet
between the IP header and any subsequent packet contents. The payload is not touched.
Although AH protects the packet’s origin, destination, and contents from being tampered with, the
identity of the sender and receiver is known. In addition, AH does not protect the data’s
confidentiality. If data is intercepted and only AH is used, the message contents can be read. ESP
protects data confidentiality. For added protection in certain cases, AH and ESP can be used
together. In the following table, IP HDR represents the IP header and includes both source and
destination IP addresses.
Summary of Contents for ProSafe FWAG114
Page 4: ...iv ...
Page 20: ...Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 2 8 Introduction ...
Page 118: ...Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 9 8 Troubleshooting ...
Page 188: ...Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 8 Glossary ...