A protocol encapsulation mode. The entire IP data package of user is
used to calculate the AH or ESP header. AH or ESP header and ESP
encrypted user data are encapsulated in a new IP data package.
Typically, the tunnel mode is applied in the communication between
two security gateways.
A protocol encapsulation mode. Only the data of transport layer is
used to calculate the AH or ESP header. AH or ESP header and ESP
encrypted user data is placed behind the original IP header.
Typically, the transmission mode is applied for the communication
between two hosts, or communication between a host and a security
gateway.
Perfect forward secrecy
(PFS)
It refers to that the reveal of a key will not affect the security of the
information protected by other keys.
12.2 GRE
12.2.1 GRE Principle
GRE (Generic Routing Encapsulation): Generic Routing Encapsulation protocol.
GRE is the third layer Tunneling Protocol of VPN and uses the tunnel technology.
Tunnel is an interface for virtual point-to-point connection, i.e. virtual interface for
point-to-point connection.
12.2.2 Encapsulation Process
To Next Page
Loading...
