Tunnel Mode

• The user system prepares an inner IP packet with a destination address of the target host on the internal LAN.

  • For a Telnet session, this packet would be a TCP packet with the original SYN flag set with a destination port set to 23.

• This entire IP packet is prefixed by an ESP header; then the packet and ESP trailer are encrypted and Authentication Data may be added.

Previous slide

Next slide

Back to first slide

View graphic version