Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
31323334353637383940
HP-UX IPSec Overview
Encapsulating Security Payload (ESP)
Chapter 1 35
the IP data or payload (e.g., TCP or UDP packet)
Figure 1-5 ESP Encryption in Transport Mode
Tunnel Mode
In tunnel mode, IPSec encloses, or encapsulates, the original IP
datagram, including the original IP header, within a second IP
datagram. All of the original IP datagram, including the original header,
is encrypted. If ESP is used in tunnel mode on gateways, the outer,
unencrypted IP header will contain the IP addresses of the gateways,
and the inner, encrypted IP header will contain the ultimate IP source
and destination addresses. This prevents eavesdroppers from detecting
or analyzing traffic between the ultimate source and destination
addresses.
IPv6 In IPv6 ESP tunnel mode, the packet layout is the same as IPv4
ESP tunnel mode, except that the original and new (outer) IP headers
may include header extensions.
Figure 1-6 ESP in Tunnel Mode