Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 2		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
3. Encapsulating Security Protocol
  


Why ESP and AH? page 9 of 11


The question might be asked, "Why would AH be supported in IPSec if the more encompassing ESP is available?"

There are two main reasons. First, ESP requires "strong" cryptographic methods. Even though the U.S. export policy has been recently liberalized, these policies are not universal. Depending on the local governmental climate, strong crypto may still be problematic. However, because AH is for authentication, it can be used and transmitted globally.

Second, one may need only authentication in a particular setting. AH uses less processing, and thus will be desirable for performance reasons.


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact