Examples

For source A and dest B, write datagram formats in all the segments for the following cases:

[a] ---- firewall F1 --------------------------------------- firewall f2 ---- [b]

a) AH tranport between A and B, ESP Tunnel between F1 and F2
1) Original datagram: [A, B] [payload]
2) A -F1: [A, B] [AH] [Payload]
3) F1-F2: [F1, F2] [ESP Header] [A, B] [AH] [Payload] [ESP Trailer]
|------------- e ------------|

4) F2-B: Same as 2
5) At B: Same as 1

b) AH transport from A to F1, ESP tunnel from F1 to F1, AH tunnel from F2 to B

1) Original datagram [A, B] [payload]
2) A-F1 : [A, B] [AH] [Payload]
|----------- a --------------| (authenticated)
3) F1-F2, AH transport ends. [F1, f2] [ESPH] [A, B] [payload] [ESPT]
|---------e ----------|
|---------------------a-----------------------|
4) F2- B: eESP tunnel ends. [F2, B] [AH] [A,B] [payload]
5) at B: same as 1.

Where would you use only authentication and not encryption? Where would encryption be more important?
- Inside a network. Within, for example, a company, the information may not be confidential but it's important to know it's legitimately from the person who sent it.
- If a packet has to leave the network, encryption would be more important.

Index