04-13-2009 06:23 AM
Anyone know why tunnel protection works with transport mode only??? If I change it to tunnel mode, it stops working immediately.
Thanks,
Solved! Go to Solution.
04-13-2009 07:15 AM
That is because Tunnel mode creates a new IP header which gets modified when is NATed, when the remote peer receives this new header which is NATed the Security numbers do not match to what it had generated. Using trasport mode keeps the original header and only encapsulates the payload.
04-13-2009 07:04 AM
Tunnel protection works with both modes, however transport mode is used when NAT is present along the path, which might be your case.
04-13-2009 07:07 AM
Thanks for your reply. You are correct I have nat firewalls in the path. Do you know why I have to use transport mode in case of nat?
Thanks,
04-13-2009 07:15 AM
That is because Tunnel mode creates a new IP header which gets modified when is NATed, when the remote peer receives this new header which is NATed the Security numbers do not match to what it had generated. Using trasport mode keeps the original header and only encapsulates the payload.
04-13-2009 08:40 AM
tried transport mode with tunnel protection on gre interfaces, plus no crypto ipsec nat-transparency udp-encaps, not working with nat is present, any idea?
04-13-2009 08:42 AM
What is the actual error you get? do you complete the tunnel? are you not passing traffic? can you post your configs and debugs?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: