What data to be protected?

• Either upper layer protocols of an IP payload or the entire IP payload

• Transport Mode: to protect upper layer protocols

  • endpoints have to be the cryptographic points 

• Tunnel Mode: to protect the entire IP payload

  • may be implemented in gateways/routers

data

TCP

header

IPheader

data

TCP

header

IPSec

header

IP

header

Original

IP packet

Transport Mode

protected packet

data

TCP

header

IPSec

header

IP

header

Tunnel Mode

protected packet

IP

header

Previous slide

Next slide

Back to first slide

View graphic version