Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1008
Views
0
Helpful
2
Replies

IPSEC transport mode and GET VPN

yuhuiyao
Level 1
Level 1

‎11-03-2009 09:55 AM - edited ‎02-21-2020 03:46 AM

All,

I am about to implement GET VPN while read the following from Cisco's website:

IPsec transport mode suffers from fragmentation and reassembly limitations and must not be used in

deployments where encrypted or clear packets might require fragmentation.

I just do not understand why transport mode will suffer fragmentation and reassembly while it had less overhead than tunnel mode.

0 Helpful
2 Replies 2

sdoremus33
Level 3
Level 3

‎11-04-2009 11:03 PM

One thing to understand about Tran sport mode vs Tunnel mode (ipsec) is thst Transport is used between acyual source and destination of the ip protocol

Tunnel mode actually not only authenticates but also encrypts at the higher layers of the pckt

Pix

VPN

IP layers

Tunnel actual source and destination is encrypted at the upper layers and therefor when the packet gets to the IP Layer, it really doesnt know about or care about the iCV signature already withinh the upper PIX layer.

Also from a security standpoint because of the fact that tunnel mode encrpyts and authenticated the ip infoemation whereas transport only authenticates packets

0 Helpful

yuhuiyao
Level 1
Level 1
In response to sdoremus33

‎11-05-2009 05:31 AM

I would strongly suggest you spend some time on the differece on esp, ah and transport mode, tunnel mode. You seemed to be confused with that.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card