Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC AH SECURITY PROTOCOL & ESP PROTOCOL

IPSEC AH SECURITY & ESP PROTOCOLS

USES TWO TRANSPORT AND TUNNEL MODES.

IN ALL AH & ESP FOUR MODES IP PACKET IS EXPANDED USING 3DES AND AES

HOWMANY BYTES THE IP PACKETS ARE EXPANDED USING ALL MODES

PROTOCOL MODES (3DES) (AES)

============== ====== =====

AH TRANSPORT MODE-

AH TUNNEL MODE-

ESP TRANSPORT MODE-

ESP TUNNEL MODE-

2 REPLIES
Silver

Re: IPSEC AH SECURITY PROTOCOL & ESP PROTOCOL

The following table lists the suggested MTU values for

each tunnel/mode combination assuming the outgoing physical interface

has an MTU of 1500.

Tunnel Combination

Specific MTU Needed

Recommended MTU

GRE + IPsec (Transport mode)

1440 bytes

1400 bytes

GRE + IPsec (Tunnel mode)

1420 bytes

1400 bytes

-------------------------------------

IPSEC + GRE

24 bytes GRE header

4 bytes SPI (ESP header)

4 bytes Sequence (ESP Header)

8 byte IV (IOS ESP-DES/3DES)

6 byte pad (ESP-DES/3DES 64 bit)

1 byte Pad length (ESP Trailer)

1 byte Next Header (ESP Trailer)

12 bytes ESP MD5 96 digest

============================

1500 - 60 (Bytes Total) = 1440

IPSEC + GRE + AH

24 bytes GRE header

4 bytes SPI (ESP header)

4 bytes Sequence (ESP Header)

8 byte IV (IOS ESP-DES/3DES)

6 byte pad (ESP-DES/3DES 64 bit)

1 byte Pad length (ESP Trailer)

1 byte Next Header (ESP Trailer)

12 bytes ESP MD5 96 digest

1 byte Next Header (AH Header)

1 byte Payload Length (AH Header)

2 byte reserved (AH Header)

4 byte SPI (AH Header)

4 byte Sequence (AH Header)

12 bytes AH MD5 96 digest

============================

1500 - 84 (Bytes Total) = 1416

----------------------------------------------------------------------------------------

Gold

Re: IPSEC AH SECURITY PROTOCOL & ESP PROTOCOL

AH transport 24 bytes

AH tunnel 44 bytes

ESP transport 37 bytes 3DES, 63bytes AES

ESP tunel 57 bytes 3DES, 83bytes AES

M.

286
Views
3
Helpful
2
Replies
CreatePlease login to create content