Because the original packet is encapsulated the new

Info icon This preview shows pages 19–23. Sign up to view the full content.

no routers along the way are able to examine the inner IP header. Because the original packet is encapsulated, the new larger packet may have different source and destination addresses, adding to the security. Tunnel mode is used when one or both ends of an SA is a security gateway, such as a firewall or router that implements IPSec. With tunnel mode, a number of hosts on networks behind firewalls may engage in secure communications without implementing IPSec. At destination's firewalls, the outer IP header is striped off and the inner packet is delivered to destination. …………..END………….
Image of page 19

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Advanced Database Management System IT 4016 for Second Semester Sample Question
Image of page 20