Hosting Provided By

RE: AH for IPSec esp tunnel mode?

From: Dina Kamal <dina(at)synergyct.com>
Date: Wed Apr 09 2003 - 04:27:07 EDT

No ...you do not need to as long as you have esp/tunnel mode. AH provides integrity and data origin authentication for the payload plus the IP hearder where as ESP alone provides Confidentiality (Encryption), integrity and authentication but for the payload only

But when you use ESP + tunnel mode , you actually obtain the benefits of both

Regards,
Dina

-----Original Message-----

From: news [mailto:news@main.gmane.org]On Behalf Of Matthias Teege Sent: Friday, April 04, 2003 3:44 PM
To: security-basics@securityfocus.com
Subject: AH for IPSec esp tunnel mode?

I have a IPSec tunnel between to gateways in esp/tunnel mode. Is it necessary to make use of ah in a setup like that?

Many thanks
Matthias
--

Matthias Teege -- http://www.mteege.de
make world not war
PGP-Key auf Anfrage

SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics

Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection.
http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you.

Received on Wed Apr 9 12:30:44 2003

This message: [ Message body ]
Next message: Moeckel, Sharon: "RE: Automated analysis of logs?"
Previous message: Chris Berry: "Desktops and Integrity scanning"
In reply to: Matthias Teege: "AH for IPSec esp tunnel mode?"
Reply: David Gillett: "RE: Encrypted file system over Internet"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:04:00 EDT