Tunnel Versus Transport Mode
When sending data between two VPN endpoints, IPSec can add additional Layer 3 security information to IPSec packets. For example, when two VPN gateways communicate, anyone in the untrusted network can see the source IP address as well as the destination IP address. She could over time perform network analysis and map out both internal structures. To mitigate this type of threat, you can configure IPSec to use tunnel mode. Tunnel mode encapsulates the original Layer 3 header and payload inside an IPSec packet. In this way, the source and destination IP addresses that traverse the Internet are always the same. The outside IP addresses in the new IP header are of both VPN gateways. Tunnel mode does add overhead to each ...
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
