12-19-2016 02:07 AM - edited 02-21-2020 09:06 PM
Hi All:
I understand that we should use Tunnel Mode for IPSec tunnel between 2 routers, in its tunnel interface.
Reference: http://www.ciscopress.com/articles/article.asp?p=25477
I am wondering what happen if it is set to Transport mode. Is traffic still get encrypted?
I have 2 routers set this way and the IPSec tunnel is working.
Example Config:
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key abcdkey address 110.111.112.113
crypto ipsec transform-set SiteA_SiteB esp-3des esp-md5-hmac
mode transport
crypto ipsec profile SiteA_SiteB
set transform-set SiteA_SiteB
interface Tunnel1001
description Tunnel1 to Site A to Site B
ip address 192.168.1.1 255.255.255.252
ip tcp adjust-mss 1400
tunnel source FastEthernet0/1
tunnel destination 110.111.112.113
tunnel protection ipsec profile SiteA_SiteB
Solved! Go to Solution.
12-19-2016 03:44 AM
Hi we use transport mode and were a secure company I can assure you its encrypted as if we sniff our vpn routers setup using this mode we don't see anything in wireshark in terms of packets been seen
http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html
12-19-2016 03:10 AM
Hi
you should use transport mode when using GRE with IPsec between 2 routers , traffic is still encrypted with transport mode
The payload is encapsulated by the IPSec headers and trailers. ... IPSec transport mode is usually used when another tunneling protocol (like GRE) is used to first encapsulate the IP data packet, then IPSec is used to protect the GRE tunnel packets. IPSec protects the GRE tunnel traffic in transport mode
12-19-2016 03:40 AM
Hi,
<The payload is encapsulated by the IPSec headers and trailers. ... IPSec transport mode is usually used when another tunneling protocol (like GRE) is used to first encapsulate the IP data packet, then IPSec is used to protect the GRE tunnel packets. IPSec protects the GRE tunnel traffic in transport mode>
This sound great. Do you have any reference on this concept?
12-19-2016 03:44 AM
Hi we use transport mode and were a secure company I can assure you its encrypted as if we sniff our vpn routers setup using this mode we don't see anything in wireshark in terms of packets been seen
http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html
12-19-2016 05:24 AM
Awesome,
Thanks you very much.
12-19-2016 03:13 AM
Nothing bad will happen if you switch to transport-mode. The router will still use Tunnel-mode as transport mode will not work in this situation. The router is "intelligent" enough to realize that. Still, it would be a misconfiguration IMHO.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide