D-Link DFL-210-WCF-12 Product Manual - Page 399
NAT Traversal, ESP Encapsulating Security Payload
UPC - 790069601545
View all D-Link DFL-210-WCF-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 399 highlights
9.3.5. NAT Traversal Chapter 9. VPN Figure 9.1. The AH protocol AH uses a cryptographic hash function to produce a MAC from the data in the IP packet. This MAC is then transmitted with the packet, allowing the remote endpoint to verify the integrity of the original IP packet, making sure the data has not been tampered with on its way through the Internet. Apart from the IP packet data, AH also authenticates parts of the IP header. The AH protocol inserts an AH header after the original IP header. In tunnel mode, the AH header is inserted after the outer header, but before the original, inner IP header. ESP (Encapsulating Security Payload) The ESP protocol inserts an ESP header after the original IP header, in tunnel mode, the ESP header is inserted after the outer header, but before the original, inner IP header. All data after the ESP header is encrypted and/or authenticated. The difference from AH is that ESP also provides encryption of the IP packet. The authentication phase also differs in that ESP only authenticates the data after the ESP header; thus the outer IP header is left unprotected. The ESP protocol is used for both encryption and authentication of the IP packet. It can also be used to do either encryption only, or authentication only. Figure 9.2. The ESP protocol 9.3.5. NAT Traversal Both IKE and IPsec protocols present a problem in the functioning of NAT. Both protocols were not designed to work through NATs and because of this, a technique called "NAT traversal" has 399