Security Basics mailing list archives

RE: AH for IPSec esp tunnel mode?

From: "Dina Kamal" <dina () synergyct com>
Date: Wed, 9 Apr 2003 12:27:07 +0400

No ...you do not need to as long as you have esp/tunnel mode.
AH provides integrity and data origin authentication for the payload plus
the IP hearder where as ESP alone provides Confidentiality (Encryption),
integrity and authentication but for the payload only

But when you use ESP + tunnel mode , you actually obtain the benefits of
both

Regards,
Dina

-----Original Message-----
From: news [mailto:news () main gmane org]On Behalf Of Matthias Teege
Sent: Friday, April 04, 2003 3:44 PM
To: security-basics () securityfocus com
Subject: AH for IPSec esp tunnel mode?



I have a IPSec tunnel between to gateways in esp/tunnel mode. Is it
necessary to make use of ah in a setup like that?

Many thanks
Matthias
--
Matthias Teege -- http://www.mteege.de
make world not war
PGP-Key auf Anfrage


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------

Current thread:

AH for IPSec esp tunnel mode? Matthias Teege (Apr 04)
- RE: AH for IPSec esp tunnel mode? Dina Kamal (Apr 09)
- <Possible follow-ups>
- RE: AH for IPSec esp tunnel mode? Raghu Chinthoju (Apr 04)