Internet Protocol Security
Internet Protocol Security |
|
The only difference between AH tunnel mode and ESP tunnel mode is how the packet is handled. As shown in Figure 8.11, AH signs the entire packet for integrity, including the new Tunnel Header (ESP does not sign the tunnel header), and encryption is not provided by AH.
Figure 8.11 AH Tunnel Mode
ESP and AH can be combined to provide tunneling which includes both integrity for the entire packet, and confidentiality for the original IP packet, which contains the data being sent.
