17. Protocols vs services ESP(encryption and authentication) ESP(encryption only) AH yes yes no Limited traffic flow confidentiality yes yes no confidentiality yes yes yes Rejection of replay attacks yes yes Data origin authentication yes yes Connectionless integrity yes yes yes Access control
18.
19.
20. Security services Encrypts inner IP packet. Authenticates inner IP packet. Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header ESP with authentication Encrypts inner IP packet Encrypts IP payload and any IPv6 extesion header ESP Authenticates entire inner IP packet plus selected portions of outer IP header Authenticates IP payload and selected portions of IP header and IPv6 extension headers AH Tunnel Mode SA Transport Mode SA Protocols