Cirkuit Planet MH-1000 User Manual

Multi-Homing Security Gateway User’s Manual 

IPSec contains three major components: 

- Authentication Header (AH): Provides authentication and integrity. 

- Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity. 

- Internet Key Exchange (IKE): Provides key management and Security Association (SA) management. 

 

These components are discussed below. 

The Authentication Header (AH) is a protocol that provides authentication and integrity, protecting data 

from tampering. It provides authentication of either all or part of the contents of a datagram through the 

addition of a header that is calculated based on the values in the datagram. 

 

The AH can also protect packets from unauthorized re-transmission with anti-replay functionality. The 

presence of the AH header allows us to verify the integrity of the message, but doesn't encrypt it. Thus, AH 

provides authentication but not privacy. ESP protects data confidentiality. Both AH and ESP can be used 

together for added protection. 

 

A typical AH packet looks like this: 

 

Reserved 

Payload 

Length 

Next

 

Header

 

SPI 

Authentication Data 

Sequence Number 

Encapsulating Security Payload (ESP) provides privacy for data through encryption. An encryption 

algorithm combines the data with a key to encrypt it. It then repackages the data using a special format, 

and transmits it to the destination. The receiver then decrypts the data using the same algorithm. ESP is 

usually used with AH to provide added data security. 

 

ESP divides its fields into three components… 

 

ESP Header: Placed before encrypted data, the ESP Header contains the SPI and Sequence Number. Its 

 

 

 

 

- 91 -