[TriLUG] FreeS/WAN

Jon Carnes jonc at nc.rr.com
Thu Nov 7 10:17:45 EST 2002


IP Sec is broken down into two processes with slightly different jobs.

ESP is designed to encrypt data sent across the internet. ESP only
scrambles the data inside a network packet (increasing the size of the
packet) but it doesn't touch the header of the packet.  

AH is designed to insure that the packet you receive actually comes from
the machine that claims to have sent the packet. AH adds a section to
the front of the data inside the packet. This added section contains a
hash of the packet as well as a verification of the packets header
information.  

NAT strips out the header information from a packet and replaces it with
its own information.  That doesn't affect ESP, but it hoses AH in
multiple ways. 



More information about the TriLUG mailing list