Re: IPSEC AH SECURITY PROTOCOL & ESP PROTOCOL

jabbar154 · ‎05-16-2006

IPSEC AH SECURITY & ESP PROTOCOLS

USES TWO TRANSPORT AND TUNNEL MODES.

IN ALL AH & ESP FOUR MODES IP PACKET IS EXPANDED USING 3DES AND AES

HOWMANY BYTES THE IP PACKETS ARE EXPANDED USING ALL MODES

PROTOCOL MODES (3DES) (AES)

============== ====== =====

AH TRANSPORT MODE-

AH TUNNEL MODE-

ESP TRANSPORT MODE-

ESP TUNNEL MODE-

carenas123 · ‎05-22-2006

The following table lists the suggested MTU values for

each tunnel/mode combination assuming the outgoing physical interface

has an MTU of 1500.

Tunnel Combination

Specific MTU Needed

Recommended MTU

GRE + IPsec (Transport mode)

1440 bytes

1400 bytes

GRE + IPsec (Tunnel mode)

1420 bytes

1400 bytes

-------------------------------------

IPSEC + GRE

24 bytes GRE header

4 bytes SPI (ESP header)

4 bytes Sequence (ESP Header)

8 byte IV (IOS ESP-DES/3DES)

6 byte pad (ESP-DES/3DES 64 bit)

1 byte Pad length (ESP Trailer)

1 byte Next Header (ESP Trailer)

12 bytes ESP MD5 96 digest

============================

1500 - 60 (Bytes Total) = 1440

IPSEC + GRE + AH

24 bytes GRE header

4 bytes SPI (ESP header)

4 bytes Sequence (ESP Header)

8 byte IV (IOS ESP-DES/3DES)

6 byte pad (ESP-DES/3DES 64 bit)

1 byte Pad length (ESP Trailer)

1 byte Next Header (ESP Trailer)

12 bytes ESP MD5 96 digest

1 byte Next Header (AH Header)

1 byte Payload Length (AH Header)

2 byte reserved (AH Header)

4 byte SPI (AH Header)

4 byte Sequence (AH Header)

12 bytes AH MD5 96 digest

============================

1500 - 84 (Bytes Total) = 1416

----------------------------------------------------------------------------------------

m.sir · ‎06-06-2006

AH transport 24 bytes

AH tunnel 44 bytes

ESP transport 37 bytes 3DES, 63bytes AES

ESP tunel 57 bytes 3DES, 83bytes AES

M.