[strongSwan] Questions regarding AH protocol usage
Andreas Steffen
andreas.steffen at strongswan.org
Sun Apr 11 11:26:07 CEST 2010
Mohit Mehta wrote:
> Hi Andreas,
>
> Thanks again for your prompt reply - much appreciated. Please see my
> comments/response below.
>
>> AH without ESP is not possible with the IKEv1 pluto daemon. With
>> auth=ah, the optional ESP authentication checksum is replaced by an
>> additional AH header.
>>
>
> Does this mean that 'AH authentication replaces authentication in
> ESP' or does it mean that 'in addition to ESP authentication, AH
> authentication also happens'? Can you please clarify this please
> since I'm not sure how to interpret 'replaced by an additional AH
> header' in your reply :-)
>
AH authentication replaces authentication in ESP.
Regards
Andreas
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list