Protocol used in IPSec packet encapsulation and decapsulation on the USG2000 and USG5000 series

5

IPSec uses Authentication Header (AH) and Encapsulating Security Payload (ESP) to implement the encryption and decryption of IP packets.

Other related questions:
GRE packet decapsulation process on the USG6000
1. Upon receiving an IP packet over the physical port connected to the Internet, the firewall checks the destination address of the packet. If the destination address is the firewall address and the protocol number in the IP packet header is 47 (indicating an encapsulated GRE packet), the firewall removes the IP packet header and enables the GRE protocol processing part to process the packet. 2. After checking and recognizing keywords, the GRE protocol processing part removes the GRE packet header and enables the IP processing part to process the packet. 3. The IP processing part forwards the packet to the IP network.

GRE packet encapsulation process on the USG6000
1. Upon receiving an IP packet over an interface connected to the IP network, the firewall enables the IP processing part to process the IP packet. 2. The IP processing part checks the destination address in the packet header to determine the forwarding mode. If the packet needs to pass through the GRE tunnel to arrive at the destination, the IP processing part sends the packet to the corresponding tunnel interface. 3. Upon receiving the packet, the tunnel interface encapsulates the packet with a GRE packet header and then returns the packet to the IP processing part. 4. The IP processing part encapsulates the GRE packet with a new IP packet header (the source address is the tunnel source interface IP address and the destination address is the tunnel destination interface IP address), and forwards the encapsulated IP packet over the physical port connected to the Internet based on the destination address and routing table.

Detection packet protocol types for the USG2000 and USG5000 series
The supported detection packet protocol types include TCP, ICMP, HTTP, DNS, and RADIUS. If service types provided by the server are beyond these five types, you are advised to use ICMP packets to check the server reachability.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top