Ipsec Concepts - Alcatel-Lucent OmniAccess 700 Cli Configuration Manual

IP C
SEC ONCEPTS
The following section comprehends a conceptual overview of IPsec:
•
"IPsec Modes of Operation"
•
"IPsec Protocols"
•
"Encryption Algorithms"
•
"Internet Key Exchange"
•
"Security Association (SA)"
IP M O
SEC ODES OF PERATION
IPsec provides two different modes to exchange protected data across the
different kinds of VPNs:
T
RANSPORT
This mode is applicable for only host-to-host security. For example, this mode can
be used to create a secure association between two personal workstations each
of which has a public address. The protection here is extended to the payload of
IP data.
T M
UNNEL ODE
This mode is used to provide data security between two networks. It provides
protection for the entire IP packet and is sent by adding an outer IP header which
corresponds to the two tunnel endpoints. The unprotected packets generated by
the hosts travel through the protected "tunnel" created by gateways on both the
ends. The outer IP header corresponds to these gateways. Since the tunnel mode
hides the original IP header, it facilitates security of the networks with private IP
address space.
Figure 27: Tunnel Mode
Note: The OA-700 supports only Tunnel Mode.
CLI Configuration Guide
Beta
M
ODE
Alcatel-Lucent
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
IPsec VPN Overview
743
Beta