Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

AH, ESP, HMAC-MD5 & HMAC-SHA-1, 3DES and AES

Hi All;

Can I understand that HMAC is one of the method to implement the (Authentication Header AH) and (Encapsulation Security Payload) ESP?

When to use Authentication Header (AH) and when to use Encapsulation Security Payload (ESP)?

Can we use 3DES or AES with Authentication Header?

Any help?

Regards

Bilal

3 REPLIES
Cisco Employee

Re: AH, ESP, HMAC-MD5 & HMAC-SHA-1, 3DES and AES

HMAC is a mechanism for message authentication   using cryptographic hash functions.

http://www.faqs.org/rfcs/rfc2104.html

AH—Authentication  Header. A security protocol which provides data authentication and  optional anti replay services. AH is embedded in the data to be  protected (a full IP datagram).

http://www.faqs.org/rfcs/rfc2402.html

ESP—Encapsulating  Security Payload. A security protocol which provides data privacy  services and optional data authentication, and anti replay services. ESP  encapsulates the data to be protected.

http://www.faqs.org/rfcs/rfc2406.html

If you will be using an ASA, you can not use AH anyway, as it is not supported :

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2172593

If using router code 12.4, you can not use AH with AES

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cfg_vpn_ipsec_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1047924

Most implementatin now uses ESP.

I hope this helps you.

Regards,

Community Member

Re: AH, ESP, HMAC-MD5 & HMAC-SHA-1, 3DES and AES

So HMAC is one of the mechanism that is used with Authenticaton Header, correct?

Cisco Employee

Re: AH, ESP, HMAC-MD5 & HMAC-SHA-1, 3DES and AES

AH and ESP are both protocols, you can use them for ipsec vpn.

HMAC can be included with either ESP or AH.

Check the sample transform sets as per documents I provided to you previously.

Regards,

3909
Views
0
Helpful
3
Replies
CreatePlease to create content