Cisco Systems, Inc.
Systems and methods for extending authentication in IP packets

Abstract:

In one embodiment, a method includes negotiating, by a networking device, a security association with a peer and receiving, by the networking device, an Internet Protocol (IP) packet from the peer. The IP packet includes an outer IP header, an ESP header, a protocol header, data, an ESP trailer, and ESP authentication data. The method further includes performing, using an IP Security (IPSec) authentication algorithm, authentication checks for the outer IP header, the ESP header, the protocol header, the data, the ESP trailer, and the ESP authentication data of the IP packet.