IPsec Tunnels modes with VPN
Eric Vyncke
evyncke at CISCO.COM
Tue Jun 13 14:55:02 EDT 2000
It depends on the usage of IPSec:
- tunnel mode: mainly for site to site VPN where an IPSec enabled
device (router, firewall, ...) encrypts the traffic in behalf of
other devices. The original IP addresses and payload need to be
encapsulated hence the name of tunnel (like GRE tunnel, ...)
- transport mode: mainly for host to host
- iteratie: never heard about this one !
Basically, transport mode is a little more efficient in header usage
than using tunnel mode when the IPSec tunnel is from host to host.
But, IPSec could have been simplified if only tunnel mode was defined
Hope this helps
-eric
At 10:25 13/06/2000 +0200, Miranda Heesbeen wrote:
>Hello everyone,
>
>Does somebody know why IPsec has different tunnel modes with VPN (tunnel,
>transport and iteratie mode)?
>What sort of functions (abilities) does these give the VPN? Or has it
>nothing to do with eachother?
>Thanks.
>
>Greetings,
>
>Miranda Heesbeen
>
>VPN is sponsored by SecurityFocus.COM
Eric Vyncke
Consulting Engineer Cisco Systems EMEA
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: evyncke at cisco.com Mobile: +32-75-312.458
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list