Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
181182183184185186187188189190
4-10
Configuring a VPN on the HP TMS zl Module
IPsec VPNs
Encapsulation Security Payload (ESP)
Internet Key Exchange (IKE)
This section describes how these protocols interact to establish the secure
tunnel, or security association (SA).
IPsec Headers
Operating on the Network Level of the Open Systems Interconnection (OSI)
model, IPsec secures IP packets by encapsulating them with an IPsec header,
which is either an AH or ESP header. As explained in the next section, the
placement of the header depends on the whether tunnel mode or transport
mode is used.
IPsec Modes
The TMS zl Module supports both tunnel mode and transport mode.
Tunnel Mode
In tunnel mode, the TMS zl Module secures traffic on behalf of endpoints
within the private network.
The module receives a packet already encapsulated with an IP header. If the
packet is selected for the IPsec tunnel, the module encapsulates the IP packet
with an IPsec header and adds a new delivery IP header that directs the packet
to the remote tunnel endpoint.
Figure 4-4. Tunnel Mode