Configuring IPsec IPsec Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 18-5
IPsec Overview
IPsec provides protection to IPv6 traffic. To achieve this, IPsec provides security services for IPv6 packets
at the network layer. These services include access control, data integrity, authentication, protection
against replay, and data confidentiality. IPsec enables a system to select the security protocols, encryption
and authentication algorithms, and use any cryptographic keys as required. IPsec uses the following two
protocols to provide security for an IPv6 datagram:
• Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication and
connectionless integrity.
• Authentication Header (AH) to provide connectionless integrity and data origin authentication for IPv6
datagrams and to provide optional protection against replay attacks. Unlike ESP, AH does not provide
confidentiality.
IPsec on an OmniSwitch operates in Transport mode. In transport mode only the payload of the IPv6
packet is encapsulated, and an IPsec header (AH or ESP) is inserted between the original IPv6 header and
the upper-layer protocol header. The figure below shows an IPv6 packet protected by IPsec in transport
mode.
IP Packet in IPsec Transport Mode
Encapsulating Security Payload (ESP)
The ESP protocol provides a means to ensure privacy (encryption), source authentication, and content
integrity (authentication). It helps provide enhanced security of the data packet and protects it against
eavesdropping during transit.
Note. The OmniSwitch currently supports the Transport Mode of operation.
To Next Page
Loading...
Need help?
General
