AH or ESP
Christopher Morrow
morrowc.lists at gmail.com
Fri May 22 17:16:04 UTC 2009
On Fri, May 22, 2009 at 1:04 PM, Glen Kent <glen.kent at gmail.com> wrote:
> Hi,
>
> It is well known in the community that AH is NAT unfriendly while ESP cannot
> be filtered, and most firewalls would not let such packets pass. I am NOT
'the content of the esp packet can't be filtered in transit' I think
you mean... right?
> interested in encrypting the data, but i do want origination authentication
> (Integrity Protection). Do folks in such cases use AH or ESP-NULL, given
> that both have some issues?
>
> Thanks,
> Glen
>
More information about the NANOG
mailing list