Got it

Huawei Enterprise Support Community

Community Forums Routing & Switching

Understanding Processing ...

Understanding Processing of Outgoing Packets by ESP in IPSec VPN

Created: Jun 24, 2019 06:18:46Latest reply: Jan 17, 2022 12:41:33 1484 19 11 0 1

View the author ^1#

When IPSec VPN is deployed on security devices and encapsulation security payload (ESP) is used as the security protocol, how does a device sent out data packets after the IPSec SA negotiation is successful?

1. Transport Mode

Step 1: The protocol field in the original IP header is copied to the NextHeader field in the ESP trailer.

The protocol field in the original IP header is set to 50, indicating that the upper-layer protocol is ESP.

Values are written into Seq and IV fields.

Because block cipher is used here, pad characters are used to fill up remaining available character spaces in the content to be encrypted, and the Padding Length field is set accordingly.

Step 2: The content following the ESP header is encrypted.

Step 3: Hash calculation is performed on the content following the original IP header, and the hash result is written into the ESP authentication field.

Step 4: CRC in the IP header is recalculated.

2. Tunnel Mode

The ESP header is added before the original IP packet. If the original packet is an IPv4 packet, the Next Header field in the ESP header is set to 4 (indicating the IP header), and the corresponding field is set. Then a new IP header is added before the ESP header. The protocol number in the IP header is set to 50 (indicating ESP).

x
convention：
Emotion(0)

Like (11) Dislike (0) Favorite(1) Report

 Previous: Configuring Multiple interfaces on Huawei switches at the same time by using port-group

Next: 192.168.1.254

(0) (0)

^2#

lan2019

Created Jan 26, 2021 12:09:36

Great

View more

x
convention：

(0) (0)

^3#

user_4000619 Created Jan 26, 2021 23:32:04

thanks

View more

x
convention：

(0) (0)

^4#

wissal

MVE Created Aug 3, 2021 19:08:39

Detailed explanation

View more

x
convention：

(0) (0)

^5#

andersoncf1

MVE Author Created Aug 3, 2021 21:45:19

Well done. Thanks for sharing

View more

x
convention：

smileymind Created Aug 29, 2021 10:19:33 (0) (0)

(0) (0)

^6#

Unicef

MVE Created Aug 4, 2021 08:25:53

COOL

View more

x
convention：

chenhui Created Aug 4, 2021 08:32:04 (0) (0)
Thanks.

(0) (0)

^7#

phuta

Created Aug 5, 2021 10:05:06

Great

View more

x
convention：

(0) (0)

^8#

Kevin_Thomas

Created Aug 25, 2021 10:41:48

Good post. Keep up the good work!

View more

x
convention：

(0) (0)

^9#

hemin88

Moderator Author Created Aug 29, 2021 06:13:13

What an informative post, thanks for clarifying in such a good way.

View more

x
convention：

(0) (0)

^10#

IndianKid

Moderator Author Created Aug 29, 2021 06:37:27

Informative post, thanks for sharing this knowledge with the community members

View more

x
convention：

Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:

Politically sensitive content
Content concerning pornography, gambling, and drug abuse
Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy

Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.

Please bind your phone number to obtain invitation bonus.