Transport Mode And Tunnel Mode; Ipsec Header Options; Figure 39 Transport Mode And Tunnel Mode Comparison - Brocade Communications Systems SN3000B Administrator's Manual
Brocade web tools administrator's guide - supporting fabric os v7.0.0 (53-1002152-01, march 2012)
Hide thumbs
Also See for SN3000B:
- Command reference manual (1132 pages) ,
- Reference (966 pages) ,
- Administrator's manual (128 pages)
Table of Contents
Advertisement
TABLE 17
RFC number
RFC 4309
RFC 4306
RF C4307
RFC 3971
RFC 3972
RFC 3041
Transport mode and tunnel mode
Transport mode adds an authentication header (AH) before the IP header. Only a single pair of
addresses is used (those in the IP header). When transport mode is used, both endpoints
implement IPsec.
Tunnel mode encapsulates an IP datagram in a new datagram, with a new IP header specifying the
addresses of the tunnel end points. IPsec is implemented between tunnel endpoints. IPsec is
transparent to the actual endpoints within the IP header in the original packet.
Figure 39
datagram.
FIGURE 39
IPsec header options
IPsec adds headers to an IP datagram to enable authentication and privacy. There are two options:
•
•
Web Tools Adminstrator's Guide
53-1002152-01
Relevant RFCs (Continued)
Title
Using Advanced Encryption Standard (AES)
CCM Mode with IPsec Encapsulating Security
Payload (ESP)
Internet Key Exchange Version 2 (IKEv2)
Protocol
Cryptographic Algorithms for Internet Key
Exchange Version 2 (IKEv2)
Secure Neighbor Discovery
Cryptographically Generated Addresses
Privacy Extensions for Stateless Address Auto
configuration in IPv6
provides a basic visual comparison of how transport mode and tunnel mode modify an IP
Transport mode and tunnel mode comparison
Authentication Header (AH)
Encapsulating Security Payload (ESP)
16
IPsec concepts
201
Advertisement
Table of Contents
