IPSec data packets, when encryption is used are the headers encrypted as well??

[PeeluckyDuckee]

If the header is encrypted, then how will the routers know where to direct it to on the network?

Sorry for so many questions, but just a few more things...

WHen you say that a data packet that's been applied by ipsec, and that the receiving party is checking it for data integrity, does it mean that its performing a hash algorithm against the packet?

Also, the book talks about the Oakley service. What that does is it generates a key and makes sure that the key was not previously in use or will not be re-generated in the future? Is this key a part of the SA when the SA is established??

Sorry if I kinda don't make sense but I'm having a bit of trouble understand the section on IPSEC.

Thx.
Plucky

 

[xyyz]

I don't think the frame or packet header are encrypted.. only the payload is encrypted. All that matters is that noone reads the data... the method in which it gets to it's source doesn't matter.

Remember encryption is dealt with by the presentation layer (layer 6), which routers don't deal with, they only deal with the networking layer (layer 3).

 

[spidey07]

This goes back to the choice of ESP (encrypting security payload?) for encrpytion. This method actually does encrypt the headers (layer 3 and up) and is the general accepted practice.

See here for a good explanation:
IPsec network security

another good one

hate to keep posting cisco links, but their web page really is LOADED with information and whitepapers. another good one:

nortel networks

 

[PeeluckyDuckee]

Thx for the help fellas. I'll definitely check into the links.

Plucky