×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

mode tunnel or transport ?

Unanswered Question
Jun 28th, 2006
User Badges:

Hi


I have Ho and multple branch. Ho and br have cisco 2600 route . now i create vpn point to multpoint.

when i start configure,

i configure mode tunnel but one cisco guide mention point to multipoint configuration mode transport.


so i worried what i use ? mode tunnel or transport ?


thanks

Biplob


=====================

crypto isakmp policy 1

authentication pre−share

crypto isakmp key xxxx address 0.0.0.0 0.0.0.0

!

crypto ipsec transform−set trans2 esp−des esp−md5−hmac

mode transport

!

crypto map vpnmap1 local−address Ethernet0

crypto map vpnmap1 10 IPsec−isakmp

set peer 172.17.0.1

set security−association level per−host

set transform−set trans2

match address 101

!

interface Tunnel0

bandwidth 1000

ip address 10.0.0.3 255.255.255.0

ip mtu 1400

ip nhrp authentication test

ip nhrp map 10.0.0.1 172.17.0.1

ip nhrp network−id 100000

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

delay 1000

tunnel source Ethernet0

tunnel destination 172.17.0.1

tunnel key xxx

!

interface Ethernet0

ip address dhcp hostname

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 06/29/2006 - 08:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Biplob


I have done it both ways and it works with mode tunnel or mode transport when you do IPSec with GRE tunnels. I understand that it is particularly appropriate to do more transport when doing IPSec with GRE tunnels. This saves a little overhead and reduces the need for 1 additional IP header when doing mode transport for IPSec with GRE tunnel.


HTH


Rick

Actions

This Discussion