Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
41424344454647484950
HP-UX IPSec Overview
IPsec Protocol Suite
Chapter 1 45
live, are assigned a zero value before IPsec calculates the authentication
value, so the actual values of the mutable fields are not authenticated.
Figure 1-8 shows AH in transport mode.
Figure 1-8 AH in Transport Mode
Tunnel Mode In tunnel mode, IPsec encloses, or encapsulates, the
original IP datagram, including the original IP header, within a second
IP datagram. All of the original IP datagram, including all fields of the
original header, is authenticated. Figure 1-9 shows AH in tunnel mode.
Figure 1-9 AH in Tunnel Mode
IPv6 AH Transport Mode In IPv6 AH transport mode, IPsec inserts
the AH after the following headers and extensions:
the basic IPv6 header
hop-by-hop options
any destination options needed to interpret the AH header
routing extensions
fragment extensions
The items listed below follow the AH:
any destination options needed only for the “final” destination and
not needed to interpret the AH header
the IP data or payload (e.g., TCP or UDP packet)