Brocade Web Tools Administrator's Guide v6.2.0 (53-1001194-01, April 2009)
Web Tools Administrator’s Guide 241
53-1001194-01
IPSec Concepts
17
IPSec header options
IPSec adds headers to an IP datagram to enable authentication and privacy. There are two options:
• Authentication Header (AH)
• Encapsulating Security Payload (ESP)
Authentication Header
AH can be used to authenticate a data stream, but does not provide encryption needed for privacy.
The AH contains a message authentication code (MAC). The MAC is created by a hash algorithm
calculation. The MAC is transmitted in an IP datagram. The same hash algorithm is then used by
the receiver to verify the integrity of the packet. AH can be used in either transport mode or tunnel
mode, as shown in Figure 118.
FIGURE 118 AH header in transport mode and tunnel mode
Encapsulating Security Payload
ESP provides authentication, and also provides privacy by encrypting the IP datagram. The use of
an ESP header is similar to the use of the AH header. A hash algorithm is used to calculate an
authentication value, the authentication value is sent in an IP datagram, and the same hash
algorithm is used by the receiver to verify the authentication value. ESP can be used in either
transport mode or tunnel mode, as shown in Figure 119.
FIGURE 119 ESP header in transport mode and tunnel mode