No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
encapsulation-mode

encapsulation-mode

Function

The encapsulation-mode command configures the encapsulation mode that IPSec uses to encapsulate packets.

The undo encapsulation-mode command restores the default encapsulation mode that IPSec uses to encapsulate packets.

By default, IPSec uses the tunnel mode to encapsulate packets.

Format

encapsulation-mode { transport | tunnel }

undo encapsulation-mode

Parameters

Parameter

Description

Value

transport

Indicates that IPSec uses the transport mode to encapsulate packets.

-

tunnel

Indicates that IPSec uses the tunnel mode to encapsulate packets.

-

Views

IPSec proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

IPSec encapsulates IP packets by adding an AH or ESP header and ESP tail to original IP packets for authentication and encryption. The following two IPSec encapsulation modes are available:
  • Transport mode

    Inserts an IPSec header (AH or ESP) between the IP header and the header of the upper-layer protocol. In this mode, the protocol type field in the IP header is changed to AH or ESP, and the checksum in the IP header is recalculated.

    The transport mode applies to communication between two hosts.

  • Tunnel mode

    Encapsulates an IPSec header (AH or ESP) in the original IP header and adds a new IP header. In this mode, the original IP packet is transmitted as the payload of the packet and is protected by IPSec.

    The tunnel mode applies to communication between two security gateways or between a host and a security gateway.

Precautions

The IPSec proposals referenced by an IPSec policy on both ends of an IPSec tunnel must use the same encapsulation mode.

Example

# Configure IPSec proposal newprop1 to use the transport mode to encapsulate packets.

<Huawei> system-view
[Huawei] ipsec proposal newprop1
[Huawei-ipsec-proposal-newprop1] encapsulation-mode transport
Related Topics
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 49035

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next