Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
511512513514515516517518519520
7-9
Virtual Private Networks
IPsec Concepts
IPsec Headers
Operating on the Network Level of the Open Systems Interconnection (OSI)
model, IPsec secures IP packets by encapsulating them with an IPsec header,
which is either an AH or ESP header.
As explained in the next section, the placement of the header depends on the
mode.
IPsec Modes
The TMS zl Module supports both tunnel mode and transport mode.
Tunnel Mode
In tunnel mode, the TMS zl Module secures traffic on behalf of endpoints
within the private network.
The module receives a packet already encapsulated with an IP header. If the
packet is selected for the IPsec tunnel, the module encapsulates the IP packet
with an IPsec header, as well as a new delivery IP header that directs the
packet to the remote tunnel endpoint.
Figure 7-1. Tunnel Mode
In tunnel mode, an AH header authenticates both the payload (including the
original IP header) and the delivery IP header. An ESP header authenticates
only the payload (including the original IP header) but can also encrypt the
payload.