CCIE Practical Studies: Security (CCIE Self-Study)

Tunnel and Transport Modes

IPSec can be run in either tunnel or transport mode. Each mode has its own particular uses, and care should be taken to ensure that the correct one is selected for the solution.

Tunnel mode is most commonly used between VPN Gateways (or endpoints). This makes the VPN Gateway act as a proxy for the hosts behind it.

Transport mode is used between end stations or between an end station and a gateway if the gateway is being treated as a host, such as an encrypted Telnet session from a workstation to a router. The router is the actual destination.

The following are some examples of when to use tunnel or transport mode (see Figure 19-3):

Tunnel mode is most commonly used to encrypt traffic between secure IPSec gateways, such ...

Get CCIE Practical Studies: Security (CCIE Self-Study) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCIE Practical Studies: Security (CCIE Self-Study) by Dmitry Bokotey, Andrew G. Mason, Raymond Morrow

Tunnel and Transport Modes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly