Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 2		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
3. Encapsulating Security Protocol
  


Packet fields: Authentication Data, Transport Mode page 6 of 11


Authentication Data
This optional field is variable in length, and is included only when integrity checks and authentication are active. The AD is calculated from the SPI to the Next Header field inclusive. The ESP specifications require that two authentication algorithms be supported: HMAC with MD5 and HMAC with SHA-1. Remember that the IP header is not covered in the AD.

Transport Mode
Here the ESP header is inserted immediately after the IP header. If the datagram already has IPSec header(s), then the ESP header is inserted before any of those. The ESP trailer and the optional authentication data are appended to the payload. In transport mode, ESP neither authenticates nor encrypts the IP header. But this mode has a low computational overhead. Like AH, transport mode is for hosts. Gateways do not even have to support this mode.

Figure 5
Transport Mode


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact