Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity.

Authentication Header (AH): Provides authentication and integrity.

Internet Key Exchange (IKE): Provides key management and Security Association (SA) management.

Encapsulating Security Payload (ESP)

ESP provides authentication, integrity, and confidentiality, which protect against data tampering and, most importantly, provides message content protection.

IPSec provides an open framework for implementing industry standard algorithms, such as SHA and MD5. The algorithms IPSec uses produce a unique and unforgeable identifier for each packet, which is a data equivalent of a fingerprint. This fingerprint allows the device to determine if a packet has been tampered with. Furthermore, packets that are not authenticated are discarded and not delivered to the intended receiver.

ESP also provides all encryption services in IPSec. Encryption translates a readable message into an unreadable format to hide the message content. The opposite process, called decryption, translates the message content from an unreadable format to a readable message. Encryption/ decryption allows only the sender and the authorized receiver to read the data. In addition, ESP has an option to perform authentication, called ESP authentication. Using ESP authentication, ESP provides authentication and integrity for the payload and not for the IP header.

Figure F-1: Original packet and packet with IPSec Encapsulated Security Payload

Virtual Private Networking

F-3

201-10301-02, May 2005

Page 251
Image 251
NETGEAR FWG114P v2 manual Encapsulating Security Payload ESP