05-16-2006 07:20 AM - edited 02-21-2020 02:25 PM
IPSEC AH SECURITY & ESP PROTOCOLS
USES TWO TRANSPORT AND TUNNEL MODES.
IN ALL AH & ESP FOUR MODES IP PACKET IS EXPANDED USING 3DES AND AES
HOWMANY BYTES THE IP PACKETS ARE EXPANDED USING ALL MODES
PROTOCOL MODES (3DES) (AES)
============== ====== =====
AH TRANSPORT MODE-
AH TUNNEL MODE-
ESP TRANSPORT MODE-
ESP TUNNEL MODE-
05-22-2006 10:03 AM
The following table lists the suggested MTU values for
each tunnel/mode combination assuming the outgoing physical interface
has an MTU of 1500.
Tunnel Combination
Specific MTU Needed
Recommended MTU
GRE + IPsec (Transport mode)
1440 bytes
1400 bytes
GRE + IPsec (Tunnel mode)
1420 bytes
1400 bytes
-------------------------------------
IPSEC + GRE
24 bytes GRE header
4 bytes SPI (ESP header)
4 bytes Sequence (ESP Header)
8 byte IV (IOS ESP-DES/3DES)
6 byte pad (ESP-DES/3DES 64 bit)
1 byte Pad length (ESP Trailer)
1 byte Next Header (ESP Trailer)
12 bytes ESP MD5 96 digest
============================
1500 - 60 (Bytes Total) = 1440
IPSEC + GRE + AH
24 bytes GRE header
4 bytes SPI (ESP header)
4 bytes Sequence (ESP Header)
8 byte IV (IOS ESP-DES/3DES)
6 byte pad (ESP-DES/3DES 64 bit)
1 byte Pad length (ESP Trailer)
1 byte Next Header (ESP Trailer)
12 bytes ESP MD5 96 digest
1 byte Next Header (AH Header)
1 byte Payload Length (AH Header)
2 byte reserved (AH Header)
4 byte SPI (AH Header)
4 byte Sequence (AH Header)
12 bytes AH MD5 96 digest
============================
1500 - 84 (Bytes Total) = 1416
----------------------------------------------------------------------------------------
06-06-2006 06:27 AM
AH transport 24 bytes
AH tunnel 44 bytes
ESP transport 37 bytes 3DES, 63bytes AES
ESP tunel 57 bytes 3DES, 83bytes AES
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide