Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
521522523524525526527528529530
7-10
Virtual Private Networks
IPsec Concepts
Figure 7-1. Tunnel Mode
In tunnel mode, an AH header authenticates both the payload (including the
original IP header) and the delivery IP header. An ESP header authenticates
only the payload (including the original IP header) but can also encrypt the
payload.
Transport Mode
In transport mode, a packet is encapsulated with an IPsec header before the
IP header is added, which reduces overhead. However, because the header
must be applied before the traffic is ever transmitted, both ends of the tunnel
must be the ultimate originators of the traffic.
You can use transport mode to secure traffic for sessions that terminate on
the module itself. For example, transport mode is used for the IPsec traffic in
L2TP over IPsec connections as well as GRE over IPsec connections because,
as the gateway to the L2TP or GRE tunnel, the module is the originator of the
L2TP or GRE packet that is encapsulated by IPsec.
Figure 7-2. Transport Mode