You have showed us parts of the configuration but not some others. The crypto map uses access list 100 to match traffic. Can you tell us what is in this access list?
In the command reference the information about mode transport says that "This setting is only used when the traffic to be protected has the same IP addresses as the IPSec peers (this traffic can be encapsulated either in tunnel or transport mode). This setting is ignored for all other traffic (all other traffic is encapsulated in tunnel mode)"
My guess is that the traffic being sent through IPSec does not meet this condition. If you are interested here is the link:
"traffic to be protected has the same IP addresses as the IPSec peers "
My routers are peers - 192.168.1.1 & 192.168.1.2
If i ping from .1 to .2, or .2 to .1, in my mind this represented "the same IP addresses as the IPSEC peers". Other than the ping, i don't know how i can simulate peer traffic that would come up in transport mode. Do you?
Once the IPSEC link is built, and it's a tunnel link, i don't think it will ever divert away from this and create a separate transport mode link, so all traffic will ride across it.
It's not a big deal i suppose. Router to router connections don't seem to support transport mode.
I know how the packets would look like, which is the most important thing really. The headers are just in different positions.
The times that I have used transport mode (and it did work well) was when I was configuring IPSec with GRE tunnels. I used transport mode and the tunnels come up in transport mode. And since the GRE tunnel packets use the router interface as their address they do meet the criteria of the same IP addresses as the IPSEC peers.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :