Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 2		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
3. Encapsulating Security Protocol
  


ESP specifics page 2 of 11


ESP is identified by protocol number 50. The protocol header (IPv4, IPv6, or Extension) immediately preceding the AH header will contain this value in its Protocol (IPv4) or Next Header (IPv6, Extension) field.

ESP will only work with non-fragmented IP packets. However, an IP packet with ESP applied can be fragmented by intermediate routers. So, the destination must first reassemble the packet and then use ESP. If an IP packet appears to be a fragment (the offset field is non-zero, or the More Fragments bit is set), it is discarded by ESP.

If both encryption and the authentication with integrity check are active in the ESP processing, the receiver will first authenticate the packet. If this step is successful, ESP then proceeds with decryption. This saves computing resources and reduces vulnerability to denial-of-service attacks.


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact