Here is an example of IPSec ESP tunnel mode, which is normally used between intermediate devices. This mode allows administrators to hide internal information about their networks since it encrypts the entire IP packet before sending it across the public network. Typically, each intermediate device's IP address will be used for the new IP header. In this way, every system that wishes to communicate from Network A to Network B will use the same IP addresses while their data is traversing the public network. The SPI located inside of the ESP header informs the end system how to decrypt the packet. |