[strongSwan] Questions regarding AH protocol usage
mohit.mehta at vyatta.com
Sun Apr 11 18:51:29 CEST 2010
----- "Andreas Steffen" <andreas.steffen at strongswan.org> wrote:
> Mohit Mehta wrote:
> > Hi Andreas,
> > Thanks again for your prompt reply - much appreciated. Please see
> > comments/response below.
> >> AH without ESP is not possible with the IKEv1 pluto daemon. With
> >> auth=ah, the optional ESP authentication checksum is replaced by
> >> additional AH header.
> > Does this mean that 'AH authentication replaces authentication in
> > ESP' or does it mean that 'in addition to ESP authentication, AH
> > authentication also happens'? Can you please clarify this please
> > since I'm not sure how to interpret 'replaced by an additional AH
> > header' in your reply :-)
> AH authentication replaces authentication in ESP.
Thanks for the clarification.
More information about the Users