Datatek IPv6 Transformer User Manual User Manual

Page 62

Advertising
background image

S E C T I O N 8

W E B G U I S Y S T E M

62

header and the IP payload. Select ESP to provide confidentiality across the IP payload. When
ESP is selected, an Integrity Check Value (ICV) is always performed for heightened security. The
ICV is computed over the ESP header Security Parameter Index (SPI) and Sequence Number,
the IP payload and the ESP trailer (padding, padding length field and next header). Note that the
IP header is excluded from the ICV computation.

Mode

IPsec supports two modes, tunnel mode and transport mode. In tunnel mode, an outer IP
header comprised of the tunnel endpoints is pre-pended to the original packet before AH or ESP
processing is performed on the entire original IP packet. Therefore, in tunnel mode, IPsec
processing covers both the original IP header and the payload. In transport mode, ESP
encryption mainly covers the IP payload and AH integrity covers both the IP header and the
payload.

Local tunnel

This is the IP address of the local gateway or local tunnel endpoint that will appear in the outer IP
header. In the outbound direction, this would be the tunnel source endpoint. In the inbound
direction this would be the tunnel destination endpoint. This field is only active when the Mode
is tunnel.

Remote Gateway

This is the IP address of the remote gateway or remote tunnel endpoint that will appear in the
outer IP header. In the outbound direction, this would be the tunnel destination endpoint. In the
inbound direction this would be the tunnel source endpoint. This field is only active when the
Mode is tunnel.

Level

This specifies how the SA is to be regarded. required means an SA must exist or the packet will
be discarded. use means an SA is not mandatory but if an SA exists it will be used. unique
means apply a specific SA that uniquely corresponds to this SP. This one-to-one correspondence
is established through the unique parameter. Level is only active if this SP’s Policy is to
perform ipsec.

Unique Number

This is a number from 1 through 16,383 that is configured in the SP and the corresponding SA
that is to be used for this SP.

Description

Enter up to 80 characters to describe this SP. This field is not processed but simply recorded as a
comment for this SP.

Advertising
This manual is related to the following products:

IPv4 Transformer User Manual

Popular Brands
Popular manuals