Configuring IPsec IPsec Overview
OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-5
IP Packet in IPsec Transport Mode
Note. The OmniSwitch currently supports the Transport Mode of operation.
Encapsulating Security Payload (ESP)
The ESP protocol provides a means to ensure privacy (encryption), source authentication, and content
integrity (authentication). It helps provide enhanced security of the data packet and protects it against
eavesdropping during transit.
Unlike AH which only authenticates the data, ESP encrypts data and also optionally authenticates it. It
provides these services by encrypting the original payload and encapsulating the packet between a header
and a trailer, as shown in the figure below.
IP Packet protected by ESP
ESP is identified by a value of 50 in the IPv6 header. The ESP header is inserted after the IPv6 header and
before the upper layer protocol header. The Security Parameter Index (SPI) in the ESP header is a 32-bit
value that, combined with the destination address and protocol in the preceding IPv6 header, identifies the
security association (SA) to be used to process the packet. SPI helps distinguish multiple SA’s configured
for the same source and destination combination. The payload data field carries the data that is being
16 24 32-bit
Security association identifier (SPI)
Sequence Number
Payload data (variable length)
Padding (0-255 bytes)
Pad Length Next Header
Authentication Data (variable)
To Next Page
Loading...
