Figure 196 AH and the IPv4 Packet

IPV4 Packet without Authentication Header

Original IP Header



IPV4 Packet with Authentication Header

Original IP Header

Authentication Header


Select the appropriate IPsec transforms . Transforms and transform sets are the defined combination of IPsec algorithm and encryption algorithm. The combination you select can focus more on authentication, encryption, or combine to cover both. The following protocols, algorithms, and so on, are combined to create your transforms:

• IPsec protocol AH and ESP

• Encryption algorithm DES, 3DES, or AES

• Hash algorithm SHA-1 and MD5 (with or without HMAC)

Table 19-3 lists the possible combinations for transforms. When combined, the transforms make a transform set .


AH, MD5 hash, HMAC variant (authentication) ah-sha-hmac

AH, SHA-1 hash, HMAC variant (authentication)

ESP Encryption Transform

Description esp-null

ESP, Null encryption esp-des

ESP, DES (56 bit encryption)


ESP, AES (128 bit encryption) esp-3des

ESP, 3DES (168 bit encryption) esp-aes 192

ESP, AES-192 (192 bit encryption) esp-aes 256

ESP, AES-256 (256 bit encryption) ESP Authentication Transform Description esp-md5-hmac

ESP, MD5 hash (HMAC variant) esp-sha-hmac

ESP, SHA-1 hash (HMAC variant)

0 0

Post a comment