IBM 10 SP1 EAL4 Manuale Utente
In tunnel mode, the entire IP datagram is encapsulated, protecting the entire IP datagram.
An IP Packet with tunnel mode AH
5.4.3.4.1.2 Encapsulating Security Payload Protocol (ESP)
The Encapsulating Security Payload (ESP) header is defined in RFC 2406. Besides data confidentiality, ESP
also provides authentication and integrity as an option. The encrypted datagram is contained in the Data
section of the ESP header. When authentication is also chosen within the ESP protocol, the data is encrypted
first and then authenticated. The authenticated data is placed in the authentication data field. If no
authentication is specified within the ESP protocol, then this field is not used.
also provides authentication and integrity as an option. The encrypted datagram is contained in the Data
section of the ESP header. When authentication is also chosen within the ESP protocol, the data is encrypted
first and then authenticated. The authenticated data is placed in the authentication data field. If no
authentication is specified within the ESP protocol, then this field is not used.
ESP Header
When used in transport mode, the ESP header is inserted after the IP header and before any upper-layer
protocols, protecting only the upper layer protocols.
protocols, protecting only the upper layer protocols.
An IP Packet with transport mode ESP
In tunnel mode, the original IP header and any upper-layer protocols are encrypted and then authenticated if
specified.
specified.
76