Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
451452453454455456457458459460
7-6
Virtual Private Networks
IPsec VPNs
Figure 7-1. Tunnel Mode
In tunnel mode, an AH header authenticates both the payload (including the
original IP header) and the delivery IP header. An ESP header authenticates
only the payload (including the original IP header) but can also encrypt the
payload.
Transport Mode. In transport mode, a packet is encapsulated with an IPsec
header before the IP header is added. Therefore, both ends of the tunnel must
be the ultimate originators of the traffic. You can use transport mode to secure
traffic for sessions that terminate on the module itself. For example, transport
mode is used for the IPsec traffic in L2TP over IPsec connections as well as
GRE over IPsec connections because, as the gateway to the L2TP or GRE
tunnel, the module is the originator of the L2TP or GRE packet that is
encapsulated by IPsec.
Figure 7-2. Transport Mode