Part 2: IPSEC Story- AH & ESP
IPSEC Story- AH & ESP
A lot of you want to discuss on AH (Authentication Header) & ESP ( Encapsulation Security Payload). AH and ESP are two protocol headers for securing data in IPSEC. Here in this article we will discuss both and the difference between them.
 |
| Fig-1.1- IPSEC AH & ESP |
Authentication Header (AH):
This is one of the protocol header used in the IPSEC but does not encrypt any data when sending the traffic from source to destination over the internet. But AH uses authentication and integrity for the data. AH uses IP Protocol 51
Note: AH uses the hash algorithm to compute the value on payload and header of a packet but if the header changes like in the case of NAT, then AH will not able to resolve it and it will reject the packet. So drawbacks are
- It does not encrypt any data when sending the traffic from source to destination over the internet
- If the header changes like in the case of NAT, then AH will not able to resolve it and it will reject the packet.
Encapsulation Security Payload (ESP):
This is the another protocol header used in the IPSEC which encrypt, authentication and takes care of the integrity of the data. So now the question in place, Did ESP work through the NAT device.
The Answer is yes, ESP introduces both an additional header and trailer to a packet for the integrity of the data, as if NAT changes packet header, ESP understand and work with the NAT devices. ESP uses IP Protocol 50
 |
| Fig 1.2- AH & ESP |
