FAQs
| Q1: | What is the difference between tunnel and transport mode for IPSec? |
| A1: | Tunnel mode is used when the private IP addresses are used behind the tunnel endpoints. This is because tunnel mode rewrites the IP header with new information. One point to remember is that tunnel mode is not required when you are using GRE tunnels. GRE provides its own tunneling mechanism so that you can use transport mode IPSec in these situation. When you use transport mode, the VPN endpoints must originate and terminate the VPN traffic. |
| Q2: | What is perfect forward secrecy (PFS)? |
| A2: | If PFS is specified in the IPSec policy, a new Diffie-Hellman exchange is performed with each quick mode, providing key material that has greater entropy (key material life) and thereby ... |
Get CCIE Practical Studies: Security (CCIE Self-Study) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
