Skip header
 

Encryption and Authentication by IPsec

IPsec consists of two main functions: the encryption function, which ensures the confidentiality of data, and the authentication function, which verifies the sender of the data and the data's integrity. This machine's IPsec function supports two security protocols: the ESP protocol, which enables both of the IPsec functions at the same time, and the AH protocol, which enables only the authentication function.

ESP Protocol

The ESP protocol provides secure transmission through both encryption and authentication. This protocol does not provide header authentication.

  • For successful encryption, both the sender and receiver must specify the same encryption algorithm and encryption key. The encryption algorithm and encryption key are specified automatically.

  • For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. The authentication algorithm and authentication key are specified automatically.

AH Protocol

The AH protocol provides secure transmission through authentication of packets only, including headers.

  • For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. The authentication algorithm and authentication key are specified automatically.

AH Protocol + ESP Protocol

When combined, the ESP and AH protocols provide secure transmission through both encryption and authentication. These protocols provide header authentication.

  • For successful encryption, both the sender and receiver must specify the same encryption algorithm and encryption key. The encryption algorithm and encryption key are specified automatically.

  • For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. The authentication algorithm and authentication key are specified automatically.

Note

  • Some operating systems use the term "Compliance" in place of "Authentication".