[strongSwan] Questions regarding AH protocol usage

Mohit Mehta mohit.mehta at vyatta.com
Sun Apr 11 18:51:29 CEST 2010


----- "Andreas Steffen" <andreas.steffen at strongswan.org> wrote:

> Mohit Mehta wrote:
> > Hi Andreas,
> > 
> > Thanks again for your prompt reply - much appreciated. Please see
> my
> > comments/response below.
> > 
> >> AH without ESP is not possible with the IKEv1 pluto daemon. With
> >> auth=ah, the optional ESP authentication checksum is replaced by
> an
> >> additional AH header.
> >> 
> > 
> > Does this mean that 'AH authentication replaces authentication in
> > ESP' or does it mean that 'in addition to ESP authentication, AH
> > authentication also happens'? Can you please clarify this please
> > since I'm not sure how to interpret 'replaced by an additional AH
> > header' in your reply :-)
> > 
> AH authentication replaces authentication in ESP.
>

Thanks for the clarification.




More information about the Users mailing list