Authentication + Encryption

• Transport-Tunnel Bundle

  • First apply authentication, then encryption
  • Authenticated data is protected and easier to store and retrieve
  • Use a bundle consisting of an inner AH transport SA and an outer ESP tunnel SA
  • Advantage: entire authenticated inner packet is encrypted and a new outer IP header is added