cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

694
Views
0
Helpful
5
Replies
Beginner

Router to Router IPSec Tunnel using Transport Mode

Hi All: 

I understand that we should use Tunnel Mode for IPSec tunnel between 2 routers, in its tunnel interface.

Reference: http://www.ciscopress.com/articles/article.asp?p=25477

I am wondering what happen if it is set to Transport mode. Is traffic still get encrypted? 

I have 2 routers set this way and the IPSec tunnel is working. 

Example Config:

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2


crypto isakmp key abcdkey address 110.111.112.113

crypto ipsec transform-set SiteA_SiteB esp-3des esp-md5-hmac
mode transport

crypto ipsec profile SiteA_SiteB
set transform-set SiteA_SiteB


interface Tunnel1001
description Tunnel1 to Site A to Site B
ip address 192.168.1.1 255.255.255.252
ip tcp adjust-mss 1400
tunnel source FastEthernet0/1
tunnel destination 110.111.112.113
tunnel protection ipsec profile SiteA_SiteB

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

Hi we use transport mode and

Hi we use transport mode and were a secure company I can assure you its encrypted as if we sniff our vpn routers setup using this mode we don't see anything in wireshark in terms of packets been seen

http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html

View solution in original post

5 REPLIES 5
VIP Mentor

Hi

Hi

you should use transport mode when using GRE with IPsec between 2 routers , traffic is still encrypted with transport mode

The payload is encapsulated by the IPSec headers and trailers. ... IPSec transport mode is usually used when another tunneling protocol (like GRE) is used to first encapsulate the IP data packet, then IPSec is used to protect the GRE tunnel packets. IPSec protects the GRE tunnel traffic in transport mode

Highlighted
Beginner

Hi, 

Hi, 

<The payload is encapsulated by the IPSec headers and trailers. ... IPSec transport mode is usually used when another tunneling protocol (like GRE) is used to first encapsulate the IP data packet, then IPSec is used to protect the GRE tunnel packets. IPSec protects the GRE tunnel traffic in transport mode>

This sound great. Do you have any reference on this concept? 

VIP Mentor

Hi we use transport mode and

Hi we use transport mode and were a secure company I can assure you its encrypted as if we sniff our vpn routers setup using this mode we don't see anything in wireshark in terms of packets been seen

http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html

View solution in original post

Beginner

Awesome,

Awesome,

Thanks you very much.

VIP Mentor

Nothing bad will happen if

Nothing bad will happen if you switch to transport-mode. The router will still use Tunnel-mode as transport mode will not work in this situation. The router is "intelligent" enough to realize that. Still, it would be a misconfiguration IMHO.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here