Netgear FWAG114 FWAG114 Reference Manual - Page 170

Authentication Header AH

Get Netgear FWAG114 - ProSafe Dual Band Wireless VPN Firewall Router PDF manuals and user guides
UPC - 606449026955
View all Netgear FWAG114 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 170 highlights

Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Figure 4-7: Original packet and packet with IPSec Encapsulated Security Payload The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does it encrypt the ESP authentication. Authentication Header (AH) AH provides authentication and integrity, which protect against data tampering, using the same algorithms as ESP. AH also provides optional anti-replay protection, which protects against unauthorized retransmission of packets. The authentication header is inserted into the packet between the IP header and any subsequent packet contents. The payload is not touched. Although AH protects the packet's origin, destination, and contents from being tampered with, the identity of the sender and receiver is known. In addition, AH does not protect the data's confidentiality. If data is intercepted and only AH is used, the message contents can be read. ESP protects data confidentiality. For added protection in certain cases, AH and ESP can be used together. In the following table, IP HDR represents the IP header and includes both source and destination IP addresses. E-4 Virtual Private Networking

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114
E-4
Virtual Private Networking
Figure 4-7:
Original packet and packet with IPSec Encapsulated Security Payload
The ESP header is inserted into the packet between the IP header and any subsequent packet
contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt
the ESP header, nor does it encrypt the ESP authentication.
Authentication Header (AH)
AH provides authentication and integrity, which protect against data tampering, using the same
algorithms as ESP. AH also provides optional anti-replay protection, which protects against
unauthorized retransmission of packets. The authentication header is inserted into the packet
between the IP header and any subsequent packet contents. The payload is not touched.
Although AH protects the packet’s origin, destination, and contents from being tampered with, the
identity of the sender and receiver is known. In addition, AH does not protect the data’s
confidentiality. If data is intercepted and only AH is used, the message contents can be read. ESP
protects data confidentiality. For added protection in certain cases, AH and ESP can be used
together. In the following table, IP HDR represents the IP header and includes both source and
destination IP addresses.