Administrators Guide (Supporting Fabric OS v7.3.0) Manual

FIGURE 44 AH header in transport mode and tunnel mode

ESP provides authentication, and also provides privacy by encrypting the IP datagram. The use of an

ESP header is similar to the use of the AH header. A hash algorithm is used to calculate an

authentication value, the authentication value is sent in an IP datagram, and the same hash algorithm is

used by the receiver to verify the authentication value. ESP can be used in either transport mode or

tunnel mode, as shown in the following figure.

In an endpoint to endpoint configuration, both endpoints implement IPsec. Transport mode is commonly

used in endpoint to endpoint configurations, and only a single pair of addresses is used. Typically, this