IPSec uses two types of algorithms: authentication algorithms and encryption algorithms.
IPSec authentication algorithms use a shared key to verify the identity of the sending IPSec device. The IPSec protocol suite defines two authentication algorithms: MD5 and SHA-1. The Services Router uses an HMAC variant of MD5 and SHA-1 algorithms that provide an additional level of hashing.
In an IPSec-enabled network, the Services Router that sends an IP packet computes a MD5 or SHA-1 digital signature, and adds this digital signature to the packet. The Services Router that receives the packet computes the digital signature and compares it with the signature stored in the packet's header. If the digital signatures match, the packet is authenticated.
Encryption encodes data into a secure format so that it cannot be deciphered by unauthorized users. Like authentication algorithms, encryption algorithms use a shared key to verify the authenticity of the IPSec devices. The Services Router uses the following encryption algorithms: