Cisco Systems CL-28826-01

25-27

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter25 Configuring IKE and IPsec Policies

Understanding IPsec Proposals

Description A description of the policy object. A maximum of 1024 characters is

allowed.

Mode

(IKEv1 only.)

The mode in which the IPSec tunnel operates:

•Tunnel—Tunnel mode encapsulates the entire IP packet. The IPSec

header is added between the original IP header and a new IP header.

This is the default.

Use tunnel mode when the firewall is protecting traffic to and from

hosts positioned behind the firewall. Tunnel mode is the normal

way regular IPSec is implemented between two firewalls (or other

security gateways) that are connected over an untrusted network,

such as the Internet.

•Transport—Transport mode encapsulates only the upper-layer

protocols of an IP packet. The IPSec header is inserted between the

IP header and the upper-layer protocol header (such as TCP).

Transport mode requires that both the source and destination hosts

support IPSec, and can only be used when the destination peer of

the tunnel is the final destination of the IP packet. Transport mode

is generally used only when protecting a Layer 2 or Layer 3

tunneling protocol such as GRE, L2TP, and DLSW.

Table25-4 IPSec IKEv1 or IKEv2 Transform Set Dialog Box (Continued)

Element Description