Exactly Piotr, that's what I even observed with wireshark capture. The ESP packet is being authenticated by AH The AH header has next header value of ESP.
With regards Kings On Sat, Jun 11, 2011 at 10:27 PM, Piotr Matusiak <[email protected]> wrote: > Hi Kings, > > According to my limited knowledge, if both AH and ESP are configured in > IPSec transform set, the result IPSec packet will be IP protocol 51 as the > AH will encapsulate ESP. You do not need to configure ESP in the ACL in this > case. > In addition to that both protocols use separate SPI number, so there are > two Inbound SA and two Outbound SA created (although there is on packet on > the wire). > > > Regards, > Piotr > > > > 2011/6/11 Kingsley Charles <[email protected]> > >> I think, the following is the order for this combination: >> >> ESP Encryption + ESP Authentication ---- > ESP authenticates ESP >> encrypted data >> >> >> With regards >> Kings >> >> >> On Sat, Jun 11, 2011 at 7:15 PM, Vybhav Ramachandran >> <[email protected]>wrote: >> >>> Thanks a lot for all the information Kingsley! :) >>> >>> Cheers, >>> TacACK >>> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
