This is a continuation of the IP sec architecture and I will discuss the two modes of IPsec VPN. The first is the tunnel mode. In the tunnel mode, the features are the entire IP packet is encrypted and new IP packet is formed and it is used in site to site VPN. As per the picture depicts here is the ESP payload which includes the IP header and the data is encrypted. ESP header is added for authentication and a new IP header is added. And that's how the IP packet is formed in the tunnel mode.

The second mode is the transport mode, where no new IP packet is formed. An IPsec header is inserted It and this is used in the remote access VPN. So basically the ESP payload has an ESP header. And it's using the same IP header. So if you see in the tunnel mode, the IP header, and the data is in the same next to each other. Whereas in the tunnel mode, an ESP header is inserted between the IP header and the data.

So that's the difference between the two modes. And it's very important to remember this. The full architecture of the IPsec header is given here. So IPsec security policy is the main feature and under the IPsec security policy, an icy camp a ickes applied I think camp ik He will then do the negotiation and peering and create the tunnel and protect the data. But it will need a hand and the hand will be provided by the authentication header and the ESP which is the encapsulation payload. I hope this summarized, summarize the IPsec architecture.

And we can then move on to our labs that will basically support what we have learned here in the few slides that we have done in IPsec security, and it's going to be fun. Stay tuned. Thank you very much.