IPsec VPN Overview
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
809
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
IPSEC CONCEPTS
The following section comprehends a conceptual overview of IPsec:
• “IPsec Modes of Operation”
• “IPsec Protocols”
• “Encryption Algorithms”
• “Internet Key Exchange”
• “Security Association (SA)”
IP
SEC MODES OF OPERATION
IPsec provides two different modes to exchange protected data across the
different kinds of VPNs:
T
RANSPORT MODE
This mode is applicable for only host-to-host security. For example, this mode can
be used to create a secure association between two personal workstations each
of which has a public address. The protection here is extended to the payload of
IP data.
T
UNNEL MODE
This mode is used to provide data security between two networks. It provides
protection for the entire IP packet and is sent by adding an outer IP header which
corresponds to the two tunnel endpoints. The unprotected packets generated by
the hosts travel through the protected “tunnel” created by gateways on both the
ends. The outer IP header corresponds to these gateways. Since the tunnel mode
hides the original IP header, it facilitates security of the networks with private IP
address space.
Figure 28: Tunnel Mode
Note: OmniAccess 5740 USG supports only Tunnel Mode.
To Next Page
Loading...
