Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec and AH and ESP combine them in one command

http://www.cisco.com/en/US/products/ps6922/products_command_reference_chapter09186a008069c11f.html#wp1010369

Since IPSec defines two protocols: Authentication Header (AH) protocol and Encapsulating Security Payload (ESP) protocol.

I find I am some how not getting my mind around why cisco combine two different protcols like this command below:

RTA(config)#crypto ipsec transform-set secure ah-md5-hmac esp-des-hmac

As you can see AH protocol is used for authentication and ESP is used for encryption!!!

2 REPLIES
New Member

Re: IPSec and AH and ESP combine them in one command

Any comment ?

Thanks

Hall of Fame Super Blue

Re: IPSec and AH and ESP combine them in one command

Hi

AH is not used that much in the real world in terms of IPSEC VPN's. The reason being that AH does not work well with NAT and ESP has it's own form of authentcation built in which although not quite as rigorous as AH is adequate for most people.

However if you really wanted to use ESP purely for encryption and wanted to rely on AH for auhentication then Cisco give you the option to do that. As i say, not commonly used in the real world.

HTH

Jon

219
Views
0
Helpful
2
Replies
CreatePlease to create content