Previous Page | Next Page

  1. VPN Introduction
  2. IPSEC Introduction
  3. IPSEC Security Associations
  4. Authentication Header
  5. IPSEC Encapsulating Security Payloads
  6. Key Management
  7. Terms
  8. Credits

IPSEC Authentication Header (AH)

Provides data origin authentication and integrity.

Modes

Authentication Algorithms

One of the following algorithms are used to support AH. The algorithm may be a one way hash function or a symmetric encryption algorithm. Hash functions:

  • Keyed MD5 - RFC 1828
  • SHA - RFC 1852
  • HMAC MD5 - RFC 2085
  • HMAC SHA

Symmetric encryption algorithms:

  • DES

AH Format

Organized in 32 bit words the format is as follows:

  • Next header - Word 0, Bits 0-7
  • Payload length - Word 0, Bits 8-15
  • Reserved - Word 0, Bits 16-31
  • Security Parameters Index (SPI) - Word 1
  • Sequence Number Field - Word 2
  • A variable amount of authentication data.