AH or ESP

Mailman List Mirror (Read Only)
1

Hi,

It is well known in the community that AH is NAT unfriendly while ESP cannot
be filtered, and most firewalls would not let such packets pass. I am NOT
interested in encrypting the data, but i do want origination authentication
(Integrity Protection). Do folks in such cases use AH or ESP-NULL, given
that both have some issues?

Thanks,
Glen

2

Hi,

It is well known in the community that AH is NAT unfriendly while ESP cannot
be filtered, and most firewalls would not let such packets pass. I am NOT

'the content of the esp packet can't be filtered in transit' I think
you mean... right?

3

Yes, thats what i had meant !