Netgear fr314 부록 매뉴얼
TechNote: VPN Configuration Case Studies
VPN Concepts, Tips, and Techniques
1-3
Version 1.0, July 2003
•
Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and
integrity.
integrity.
•
Authentication Header (AH): Provides authentication and integrity.
•
Internet Key Exchange (IKE): Provides key management and Security Association (SA)
management.
management.
Encapsulating Security Payload (ESP)
ESP provides authentication, integrity, and confidentiality, which protect against data tampering
and, most importantly, provide message content protection.
and, most importantly, provide message content protection.
IPSec provides an open framework for implementing industry standard algorithms, such as SHA
and MD5. The algorithms IPSec uses produce a unique and unforgeable identifier for each packet,
which is a data equivalent of a fingerprint. This fingerprint allows the device to determine if a
packet has been tampered with. Furthermore, packets that are not authenticated are discarded and
not delivered to the intended receiver.
and MD5. The algorithms IPSec uses produce a unique and unforgeable identifier for each packet,
which is a data equivalent of a fingerprint. This fingerprint allows the device to determine if a
packet has been tampered with. Furthermore, packets that are not authenticated are discarded and
not delivered to the intended receiver.
ESP also provides all encryption services in IPSec. Encryption translates a readable message into
an unreadable format to hide the message content. The opposite process, called decryption,
translates the message content from an unreadable format to a readable message. Encryption/
decryption allows only the sender and the authorized receiver to read the data. In addition, ESP has
an option to perform authentication, called ESP authentication. Using ESP authentication, ESP
provides authentication and integrity for the payload and not for the IP header.
an unreadable format to hide the message content. The opposite process, called decryption,
translates the message content from an unreadable format to a readable message. Encryption/
decryption allows only the sender and the authorized receiver to read the data. In addition, ESP has
an option to perform authentication, called ESP authentication. Using ESP authentication, ESP
provides authentication and integrity for the payload and not for the IP header.
Figure 1-1: Original packet and packet with IPSec Encapsulated Security Payload
Intro2VPN.fm Page 3 Sunday, November 23, 2003 12:57 PM