encapsulation

Use this command to configure the encapsulation mode for this IKE map.

Syntax

encapsulation {tunnel | transport}

no encapsulation {tunnel | transport}

Parameters

tunnel	Sets the IKE map encapsulation mode to tunnel.
transport	Sets the IKE map encapsulation mode to transport.

Defaults

None.

Mode

IKE map configuration.

Usage

Transport mode is used for host-to-host communications. In transport mode, only the transferred data of the IP packet is encrypted or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be translated, because to do so would invalidate the hash value.

Tunnel mode is used to create virtual private networks. In tunnel mode, the entire IP packet is encrypted or authenticated. It is then encapsulated into a new IP packet with a new IP header.

Use the “no” option for this command to delete the specified IKE map encapsulation configuration.

Example

This example shows how to set the IKE map encapsulation mode to transport for this SA:

System(su-config)->crypto ike-map winRadius
System(su-crypto-map)->encapsulation transport
System(su-crypto-map)->

Published May 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback