https://community.cisco.com/t5/network-security/ipsec-transport-mode-and-get-vpn/m-p/1248859#M969917 <P>All,</P><P></P><P>I am about to implement GET VPN while read the following from Cisco's website:</P><P></P><P>IPsec transport mode suffers from fragmentation and reassembly limitations and must not be used in</P><P>deployments where encrypted or clear packets might require fragmentation.</P><P></P><P>I just do not understand why transport mode will suffer fragmentation and reassembly while it had less overhead than tunnel mode.</P> Fri, 21 Feb 2020 11:46:39 GMT yuhuiyao 2020-02-21T11:46:39Z https://community.cisco.com/t5/network-security/ipsec-transport-mode-and-get-vpn/m-p/1248859#M969917 <P>All,</P><P></P><P>I am about to implement GET VPN while read the following from Cisco's website:</P><P></P><P>IPsec transport mode suffers from fragmentation and reassembly limitations and must not be used in</P><P>deployments where encrypted or clear packets might require fragmentation.</P><P></P><P>I just do not understand why transport mode will suffer fragmentation and reassembly while it had less overhead than tunnel mode.</P> Fri, 21 Feb 2020 11:46:39 GMT https://community.cisco.com/t5/network-security/ipsec-transport-mode-and-get-vpn/m-p/1248859#M969917 yuhuiyao 2020-02-21T11:46:39Z https://community.cisco.com/t5/network-security/ipsec-transport-mode-and-get-vpn/m-p/1248860#M969918 <HTML><HEAD></HEAD><BODY><P>One thing to understand about Tran sport mode vs Tunnel mode (ipsec) is thst Transport is used between acyual source and destination of the ip protocol <PAYLOAD> </PAYLOAD></P><P>Tunnel mode actually not only authenticates but also encrypts at the higher layers of the pckt </P><P>Pix </P><P>VPN </P><P>IP layers </P><P>Tunnel actual source and destination is encrypted at the upper layers and therefor when the packet gets to the IP Layer, it really doesnt know about or care about the iCV signature already withinh the upper PIX layer.</P><P>Also from a security standpoint because of the fact that tunnel mode encrpyts and authenticated the ip infoemation whereas transport only authenticates packets</P><P></P></BODY></HTML> Thu, 05 Nov 2009 07:03:20 GMT https://community.cisco.com/t5/network-security/ipsec-transport-mode-and-get-vpn/m-p/1248860#M969918 sdoremus33 2009-11-05T07:03:20Z https://community.cisco.com/t5/network-security/ipsec-transport-mode-and-get-vpn/m-p/1248861#M969919 <HTML><HEAD></HEAD><BODY><P>I would strongly suggest you spend some time on the differece on esp, ah and transport mode, tunnel mode. You seemed to be confused with that.</P></BODY></HTML> Thu, 05 Nov 2009 13:31:51 GMT https://community.cisco.com/t5/network-security/ipsec-transport-mode-and-get-vpn/m-p/1248861#M969919 yuhuiyao 2009-11-05T13:31:51Z