58CHAPTER 17: CONFIGURING IPSEC

DES-CBC CANNOT be exported without a legal export license. See the release notes for your software for export restrictions.

ESP can be applied alone or with authentication headers.

Authentication Header AH is used to provide data integrity and data origin authentication and to provide (AH) protection against replays using the HMAC-MD5 or HMAC-SHA1 crypto

algorithm. For outbound traffic, AH computes ICV (integrity checksum value) and inserts an authentication header between the IP header and the higher layer protocol header. For inbound traffic, AH verifies the ICV and removes the AH. AH can be applied alone or with ESP.

Both HMAC-MD5 and HMAC-SHA1 are standards-based hash algorithms. In general, HMAC-SHA1 requires more computation and is considered to be more secure but slower.

Page 56
Image 56
3Com 11.1 manual Configuring Ipsec