|
Posted by on May 10, 2005, 10:55 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hello,
1) I am reading book on VPN in which there is a chapter on
IPSec.
The author stated for ESP protocol that "ESP encrypts payload of an IP
packet
using symmetric key algorithm"
Does that mean packet is encrypted then take its ciphertext
add ESP,
New IP header and send that packet to network?
2) What exactly confidentialty means? Does that mean prevent
adversary
from reading packet in plaintext? As IPSec ESP provides encryption to
packet so
in that way confidentialty is acheived in IPSEC ESP protocol?
3) Is there any already calculations made in terms of using
IPSec rather normal IP protocol without IPSec with resepect to network
throughput, fragmentation,PMTU? I want to know how much burden
increases on Network using IPSec protocol?
|
|
Posted by Walter Roberson on May 10, 2005, 6:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options
: 1) I am reading book on VPN in which there is a chapter on
:IPSec.
: The author stated for ESP protocol that "ESP encrypts payload of an IP
:packet
:using symmetric key algorithm"
: Does that mean packet is encrypted then take its ciphertext
:add ESP,
:New IP header and send that packet to network?
In transport mode, only the inner layer (e.g., TCP or UDP) are encrypted,
and the original IP header is used with an additional field inserted in it.
In tunnel mode, the entire IP packet is encrypted and an entire
new IP header is wrapped around that.
http://www.javvin.com/protocolESP.html
:2) What exactly confidentialty means? Does that mean prevent
:adversary
:from reading packet in plaintext?
Pretty much, yes. Or at least from reading the packet payload,
since in transport mode the original IP header is visible.
:As IPSec ESP provides encryption to packet so
:in that way confidentialty is acheived in IPSEC ESP protocol?
Yup.
:3) Is there any already calculations made in terms of using
:IPSec rather normal IP protocol without IPSec with resepect to network
:throughput, fragmentation,PMTU? I want to know how much burden
:increases on Network using IPSec protocol?
http://www.tssg.org/papers/20030220_IPS_2003/09_01_VPN_OVERHEAD.PDF
and a later update at
http://w3.tmit.bme.hu/ips2004/papers/ips2004_002.pdf
See also Cisco's IPSec design paper,
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns142/c649/ccmigration_09186a00801e12ca.pdf
and a 3rd-party WiFi related case study:
http://www.enterprisenetworksandservers.com/monthly/art.php/794
--
"Mathematics? I speak it like a native." -- Spike Milligan
|
| Similar Threads | Posted | | Can IPSec connect 2 VPN Clients or is ALWAYS an IPSec server needed ? | July 25, 2005, 7:40 pm |
| IPsec on IPv6 (ipsec-tools on Linux) - does it work? | July 27, 2007, 12:35 pm |
| OTP over SSL questions | June 17, 2006, 8:07 am |
| x.509 questions | June 7, 2007, 9:50 pm |
| security questions | July 4, 2004, 9:25 am |
| Some virus questions | May 2, 2005, 6:57 am |
| security questions | September 13, 2007, 10:10 am |
| Starting a Consultant Firm - Questions | August 4, 2006, 3:53 pm |
| Security Questions- A graduate student needs help | February 27, 2007, 3:39 am |
| Resurrecting a Win98SE machine; security questions. | June 20, 2004, 2:18 am |
|
XML site map