Use undo encapsulation-mode to restore the default.
Syntax
port | tunnel }
undo encapsulation-mode
Default
IP packets are encapsulated in tunnel mode.
Views
set view
Predefine
ork-admin
Paramete
ion.
es the tunnel mode for IP packet encapsulation.
Usage gu
ints of the data. The
s. The tunnel mode is typically used for protecting
orm set referenced by the IPsec profile must use the transport mode for packet
capsulation.
Examples
form set tran1 to use the transport mode for IP packet encapsulation.
[Sysname-ipsec-transform-set-tran1] encapsulation-mode transport
encapsulation-mode { trans
IPsec transform
d user roles
netw
rs
transport: Uses the transport mode for IP packet encapsulat
tunnel: Us
idelines
IPsec supports the following encapsulation modes:
• Transport mode—The security protocols protect the upper layer data of an IP packet. Only the
transport layer data is used to calculate the security protocol headers. The calculated security
protocol headers and the encrypted data (only for ESP encapsulation) are placed after the original
IP header. You can use the transport mode when end-to-end security protection is required, that is,
the secured transmission start and end points are the actual start and end po
transport mode is typically used for protecting host-to-host communications.
• Tunnel mode—The security protocols protect the entire IP packet. The entire IP packet is used to
calculate the security protocol headers. The calculated security protocol headers and the encrypted
data (only for ESP encapsulation) are encapsulated in a new IP packet. In this mode, the
encapsulated packet has two IP headers. The inner IP header is the original IP header. The outer IP
header is added by the network device that provides the IPsec service. You must use the tunnel
mode when the secured transmission start and end points are not the actual start and end points of
the data packets, for example, when two gateways provide IPsec but the data start and end points
are two hosts behind the gateway
gateway-to-gateway communications.
The IPsec transform sets at both ends of the IPsec tunnel must have the same encapsulation mode.
The IPsec transf
en
# Configure the IPsec trans
<Sysname> system-view
[Sysname] ipsec transform-set tran1
332
To Next Page
Loading...
Need help?
General
