22 May
2009
22 May
'09
5:16 p.m.
On Fri, May 22, 2009 at 1:04 PM, Glen Kent <glen.kent@gmail.com> wrote:
Hi,
It is well known in the community that AH is NAT unfriendly while ESP cannot be filtered, and most firewalls would not let such packets pass. I am NOT
'the content of the esp packet can't be filtered in transit' I think you mean... right?
interested in encrypting the data, but i do want origination authentication (Integrity Protection). Do folks in such cases use AH or ESP-NULL, given that both have some issues?
Thanks, Glen