Voyager Reference Guide
587
In transport mode the original IP header remains the outer header. The
security header is placed between the IP header and the IP payload. This mode
offers some light bandwidth savings, at the expense of exposing the original
IP header to third party elements in the packet path. It is generally used by
hosts—communication end-points. It can be used by routers if they are acting
as communication end-points.
In tunnel mode, the original IP datagram is placed inside a new datagram, and
AH and/or ESP are inserted between the IP header of the new packet and the
original IP datagram. The new header points to the tunnel endpoint, and the
original header points to the final destination of the datagram. Tunnel mode
offers the advantage of complete protection of the encapsulated datagram and
the possibility to use private/public address space. Tunnel mode is meant to be
used by routers—gateways. Hosts can operate in tunnel mode too.
With IPsec transport mode:
!
If AH is used, selected portions of the original IP header and the data
payload are authenticated.
!
If ESP is used, no protection is offered to the IP header, but data payload
is authenticated and can be encrypted.
IP header
AH
Payload
IP header
AH
Authenticated
Payload
00126
Summary of Contents for Network Voyager
Page 1: ...Voyager Reference Guide Part No N450820002 Rev A Published December 2003 ...
Page 4: ...4 Voyager Reference Guide ...
Page 30: ...2 How to Use Voyager 30 Voyager Reference Guide ...
Page 32: ...3 Command Line Utility Files 32 Voyager Reference Guide ...
Page 220: ...5 Configuring Interfaces 220 Voyager Reference Guide ...
Page 446: ...7 Configuring Traffic Management 448 Voyager Reference Guide ...
Page 618: ...10 Configuring Security and Access 620 Voyager Reference Guide ...
Page 668: ...14 Configuring IPv6 670 Voyager Reference Guide ...
Page 672: ...15 IPSO Process Management 674 Voyager Reference Guide ...
Page 700: ...Index 702 Voyager Reference Guide ...