IPsec Tunnels modes with VPN

Eric Vyncke evyncke at CISCO.COM
Tue Jun 13 14:55:02 EDT 2000


It depends on the usage of IPSec:
- tunnel mode: mainly for site to site VPN where an IPSec enabled
   device (router, firewall, ...) encrypts the traffic in behalf of
   other devices. The original IP addresses and payload need to be
   encapsulated hence the name of tunnel (like GRE tunnel, ...)
- transport mode: mainly for host to host
- iteratie: never heard about this one !

Basically, transport mode is a little more efficient in header usage
than using tunnel mode when the IPSec tunnel is from host to host.
But, IPSec could have been simplified if only tunnel mode was defined

Hope this helps

-eric

At 10:25 13/06/2000 +0200, Miranda Heesbeen wrote:
>Hello everyone,
>
>Does somebody know why IPsec has different tunnel modes with VPN (tunnel,
>transport and iteratie mode)?
>What sort of functions (abilities) does these give the VPN? Or has it
>nothing to do with eachother?
>Thanks.
>
>Greetings,
>
>Miranda Heesbeen
>
>VPN is sponsored by SecurityFocus.COM

Eric Vyncke
Consulting Engineer                Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke at cisco.com          Mobile: +32-75-312.458

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list