IPSEC transport mode and GET VPN

Unanswered Question
Nov 3rd, 2009
User Badges:


I am about to implement GET VPN while read the following from Cisco's website:

IPsec transport mode suffers from fragmentation and reassembly limitations and must not be used in

deployments where encrypted or clear packets might require fragmentation.

I just do not understand why transport mode will suffer fragmentation and reassembly while it had less overhead than tunnel mode.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sdoremus33 Wed, 11/04/2009 - 23:03
User Badges:
  • Bronze, 100 points or more

One thing to understand about Tran sport mode vs Tunnel mode (ipsec) is thst Transport is used between acyual source and destination of the ip protocol

Tunnel mode actually not only authenticates but also encrypts at the higher layers of the pckt



IP layers

Tunnel actual source and destination is encrypted at the upper layers and therefor when the packet gets to the IP Layer, it really doesnt know about or care about the iCV signature already withinh the upper PIX layer.

Also from a security standpoint because of the fact that tunnel mode encrpyts and authenticated the ip infoemation whereas transport only authenticates packets

yuhuiyao Thu, 11/05/2009 - 05:31
User Badges:

I would strongly suggest you spend some time on the differece on esp, ah and transport mode, tunnel mode. You seemed to be confused with that.


This Discussion