A.2.3 tunnel mode ah, A.2.4 tunnel mode esp – PLANET MH-1000 User Manual

Multi-Homing Security Gateway User’s Manual

addresses of the hosts must be public IP addresses.

Dat

IP

TC

AH/E

IP

Transport Mode

- This mode is used to provide data security between two networks. It provides protection for the entire IP

packet and is sent by adding an outer IP header corresponding to the two tunnel end-points. Since tunnel

mode hides the original IP header, it provides security of the networks with private IP address space.

IP

Dat

TC

AH/E

A.2.3 Tunnel Mode AH

AH is typically applied to a data packet in the following manner:

Original Packet

IP Header

TCP

Data

Org IP Header

TCP

Data

Packet with IPSec Authentication Header

AH

New IP Header

Authenticated

A.2.4 Tunnel Mode ESP

- 93 -