Encapsulation-Mode - HP FlexFabric 7900 Series Command Reference Manual

Field
Perfect Forward Secrecy
SA's SPI
Tunnel
local address
remote address
Flow
as defined in ACL 3001

encapsulation-mode

Use encapsulation-mode to set the encapsulation mode that the security protocol uses to encapsulate IP
packets.
Use undo encapsulation-mode to restore the default.
Syntax
encapsulation-mode { transport | tunnel }
undo encapsulation-mode
Default
IP packets are encapsulated in tunnel mode.
Views
IPsec transform set view
Predefined user roles
network-admin
Parameters
transport: Uses the transport mode for IP packet encapsulation.
tunnel: Uses the tunnel mode for IP packet encapsulation.
Usage guidelines
IPsec supports the following encapsulation modes:
• Transport mode—The security protocols protect the upper layer data of an IP packet. Only the
transport layer data is used to calculate the security protocol headers. The calculated security
protocol headers and the encrypted data (only for ESP encapsulation) are placed after the original
Description
Perfect forward secrecy (PFS) used by the IPsec policy for negotiation:
•
768-bit Diffie-Hellman group (dh-group1)
•
1024-bit Diffie-Hellman group (dh-group2)
•
1536-bit Diffie-Hellman group (dh-group5)
•
2048-bit Diffie-Hellman group (dh-group14)
•
2048-bit and 256_bit subgroup Diffie-Hellman group (dh-group24)
SPIs of the inbound and outbound SAs.
Local and remote addresses of the IPsec tunnel.
Local end IP address of the IPsec tunnel.
Remote end IP address of the IPsec tunnel.
Information about the data flow protected by the IPsec tunnel, including
source IP address, destination IP address, source port, destination port and
protocol.
Range of data flow protected by the IPsec tunnel that is established
manually. This information shows that the IPsec tunnel protects all data
flows defined by ACL 3001.
120