IPsec consists of 2 main functions: the encryption function, which ensures data confidentiality, and the authentication function, which verifies the sender of the data and the data's integrity. This machine's IPsec function supports 2 security protocols: the ESP protocol, which enables both of the IPsec functions at the same time, and the AH protocol, which enables only the authentication function.
ESP protocol
The ESP protocol provides secure transmission through both encryption and authentication. This protocol does not provide header authentication.
For successful encryption, both the sender and receiver must specify the same encryption algorithm and encryption key. If you use the encryption key auto exchange method, the encryption algorithm and encryption key are specified automatically.
For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. If you use the encryption key auto exchange method, the authentication algorithm and authentication key are specified automatically.
AH protocol
The AH protocol provides secure transmission through authentication of packets only, including headers.
For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. If you use the encryption key auto exchange method, the authentication algorithm and authentication key are specified automatically.
AH protocol + ESP protocol
When combined, the ESP and AH protocols provide secure transmission through both encryption and authentication. These protocols provide header authentication.
For successful encryption, both the sender and receiver must specify the same encryption algorithm and encryption key. If you use the encryption key auto exchange method, the encryption algorithm and encryption key are specified automatically.
For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. If you use the encryption key auto exchange method, the authentication algorithm and authentication key are specified automatically.
Some operating systems use the term "Compliance" in place of "Authentication".