|
|
IPsec works in a number of modes: The above two formats are used to create a "tunnel" much like a VPN. The IP packets have already been created. A router (or a virtual adapter) on a host encapsulates the data before sending it out on to the Internet. For example, you may have a branch office with IP address of 10.10.x.x, and a local office wit IP addresses of 10.20.x.x. Addresses of 10.x.x.x are not routable on the Internet, but you want the two offices to communicate via the Internet. Therefore, you create two routers with normal Internet addresses, then have them automatically encapsulate outgoing packets as shown above, then strip off the incoming packets back to their original form. The above two items show hosts that communicate via IPsec directly without intervening encapsulation.
- AH (1)
Authentication Header
- ESP (1)
Encapsulating Security Payload
| |
|
