Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 5000 Router Series
2121212221232124212521262127212821292130
126encapsulation-mode 3Com Router 5000 Family and Router 6000 Family
Command Reference
encapsulation-mode
Purpose Use the encapsulation-mode command to set the encapsulation mode that the
security protocol applies to IP packets, which can be transport or tunnel.
Use the undo encapsulation-mode command to restore it to the default.
Syntax encapsulation-mode { transport | tunnel }
undo encapsulation-mode
Parameters transport
Sets that the encapsulation mode of IP packets is
transport mode.
tunnel
Sets that the encapsulation mode of IP packets is
tunnel mode.
Default By default, tunnel mode is used.
Example Set the IP packet encapsulation mode to transport in the proposal named prop2.
[3Com] ipsec proposal prop2
[3Com-ipsec-proposal- prop2] encapsulation-mode transport
View This command can be used in the following views:
IPSec Proposal view
Description There are two encapsulation modes where IPSec is used to encrypt and authenticate
IP packets: transport mode and tunnel mode. In transport mode, IPSec does not
encapsulate a new header into the IP packet. The both ends of security tunnel are of
source and destination of original packets. In tunnel mode, IPSec protects the whole
IP packet, and adds a new IP header in the front part of the IP packet. The source and
destination addresses of the new IP header are the IP addresses of both ends of the
tunnel.
Generally, the tunnel mode is used between two security gateways (routers). A packet
encrypted in a security gateway can only be decrypted in another security gateway. So
an IP packet needs to be encrypted in tunnel mode, that is, a new IP header is added;
the IP packet encapsulated in tunnel mode is sent to another security gateway before
it is decrypted.
The transport mode is suitable for communication between two hosts, or for
communication between a host and a security gateway (like the network
management communication between the gateway workstation and a router). In
transport mode, two devices responsible for encrypting and decrypting packets must
be the original sender and receiver of the packet. Most of the data traffic between