ESP Encapsulation
Figure 13-4 AH Insertion into the IPv4 Packet
Support for NAT and Port Address Translation
The Cisco Security Appliance supports ESP with NAT using a fixup protocol that allows for
application inspection of ESP. The Security Appliance also supports ESP with Port Address
Original IP Header
Original IP Header
TCP
ESP
Header
Data
TCP Data
ESP
Trailer
ESP
Authentication
Encrypted
Authenticated
IPv4 Packet Without ESP Encapsulation
IPv4 Packet with ESP Encapsulation
Original IP Header
Original IP Header
TCP
Header
Data
TCP Data