3Com 11.1 Network Router User Manual


 
58 CHAPTER 17: CONFIGURING IPSEC
DES-CBC CANNOT be exported without a legal export license. See the release
notes for your software for export restrictions.
ESP can be applied alone or with authentication headers.
Authentication Header
(AH)
AH is used to provide data integrity and data origin authentication and to provide
protection against replays using the HMAC-MD5 or HMAC-SHA1 crypto
algorithm. For outbound traffic, AH computes ICV (integrity checksum value) and
inserts an authentication header between the IP header and the higher layer
protocol header. For inbound traffic, AH verifies the ICV and removes the AH. AH
can be applied alone or with ESP.
Both HMAC-MD5 and HMAC-SHA1 are standards-based hash algorithms. In
general, HMAC-SHA1 requires more computation and is considered to be more
secure but slower.