<div>
<div class="content wysiwyg-content">
I'm a little confused. <br />
<br />
1.) ESP does encryption to ensure confidentiality but it also does data origin authentication but doesn't authentication header (AH) in IPSEC already do authentication? <br />
<br />
The only way this makes sense is that AH authentication ensures that the entire data packet including the header is basically from who it says it's from. And ESP Authentication is used to ensure that the payload in the data is exactly the data that was originally sent. <br />
<br />
2.) When using ESP is the authenticaton part, optional (user option) or is it mandatory(default, non changable)?<br />
<br />

</div>
</div>


I'm a little confused. 

1.) ESP does encryption to ensure confidentiality but it also does data origin authentication but doesn't authentication header (AH) in IPSEC already do authentication? 

The only way this makes sense is that AH authentication ensures that the entire data packet including the header is basically from who it says it's from. And ESP Authentication is used to ensure that the payload in the data is exactly the data that was originally sent. 

2.) When using ESP is the authenticaton part, optional (user option) or is it mandatory(default, non changable)?



Confused about AH and ESP in IPsec

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.