In Tunnel Mode of IPsec, what is encapsulated?

In Tunnel Mode of IPsec, both the packet contents and the IP header are encapsulated. This mode is specifically designed to protect the entire original packet, which includes the IP header and the actual data payload. When a packet is transmitted in Tunnel Mode, a new IP header is added to the outer packet, while the original packet (including its own header) is encapsulated within.

This process is essential for ensuring that the entire original message remains confidential and intact as it travels through potentially insecure networks. By encapsulating everything, Tunnel Mode provides a secure way to transmit packets from one point to another, typically used in Virtual Private Networks (VPNs) where privacy and security are crucial requirements.

Thus, understanding that the encapsulation includes both the contents of the packet and the original IP header helps clarify the effectiveness of the IPsec Tunnel Mode in securing communications over untrusted networks.