[114708] in North American Network Operators' Group
AH or ESP
daemon@ATHENA.MIT.EDU (Glen Kent)
Fri May 22 13:04:56 2009
Date: Fri, 22 May 2009 22:34:41 +0530
From: Glen Kent <glen.kent@gmail.com>
To: OPS Gurus <nanog@merit.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
It is well known in the community that AH is NAT unfriendly while ESP cannot
be filtered, and most firewalls would not let such packets pass. I am NOT
interested in encrypting the data, but i do want origination authentication
(Integrity Protection). Do folks in such cases use AH or ESP-NULL, given
that both have some issues?
Thanks,
Glen
