Cirkuit Planet MH-1000 Manuale Utente

Multi-Homing Security Gateway User’s Manual 

placement depends on whether ESP is used in transport mode or tunnel mode. 

 

ESP Trailer: Placed after the encrypted data, the ESP Trailer contains padding that is used to align the 

encrypted data. 

 

ESP Authentication Data: This contains an Integrity Check Value (ICV) for when ESP's optional 

authentication feature is used. 

 

ESP provides authentication, integrity, and confidentiality, which provides data content protection, and 

protects against data tampering. A typical ESP packet looks like this: 

 

Pad 

Pad 

Next 

Data 

 
 

IV 

Authentication Data 

SPI 

Sequence Number 

Security Associations are a one-way relationships between sender and receiver that specify IPSec-related 

parameters. They provide data protection by using the defined IPSec protocols, and allow organizations to 

control according to the security policy in effect, which resources may communicate securely. 

 

SA is identified by 3 parameters: 

- Security Parameters Index (SPI), a locally unique value 

- Destination IP Address 

- Security Protocol: (AH or ESP, but not both) 

 

There are several other parameters associated with an SA that are stored in a Security Association 

database. 

To exchange data between different types of VPNs, IPSec provides two major modes: 

 

- Tunnel Mode 

This mode is used for host-to-host security. Protection extends to the payload of IP data, and the IP 

 

 

 

 

- 92 -