04-02-2008 02:21 AM - edited 02-21-2020 03:38 PM
Why do we have Single Hop between Ipsec Peers?
What is the concept behind this?
Physically the data is transmitted through various routers or hop reaching the destination peer
But while tracing we can see only 1 hop
Why it so?
Regards,
Kesavamurthy Palani
Solved! Go to Solution.
04-02-2008 05:12 AM
04-02-2008 03:39 AM
Because it is a tunnel so your traceroute packet is encapsulated within another packet ie.
Host1 -> VPN1 -> R1 -> R2 -> R3 -> VPN2 -> Host2
Host1 traceroutes to Host2.
When the packet reaches VPN1 the original traceroute packet is encapsulated within another packet with a source of VPN1 and a destination of VPN2. The packet is now an IPSEC packet. The original traceroute packet is there but it is not visible for all the R router in the above topology.
Hope this makes sense
Jon
04-02-2008 05:10 AM
Thanks !! Jon
I got it!
Other Question :
--------------------
Still the packets leaving VPN1 after IPsec encapsulation will pass through R1->R2-->R3
here.
So basically if we use tunnel - virtually the data is transmitting with single hop but IPsec Packets will go Physically to all routers-with fragmentation and Reassembly due to MTU of the medium along the path,
But trace doesn't show this - as it is encapsulated inside the IPsec Packet
Am i right?
Regards,
Kesavamurthy Palani
04-02-2008 05:12 AM
Yes, you've got it.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide