Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Why do we have Single Hop between Ipsec Peers?

Why do we have Single Hop between Ipsec Peers?

What is the concept behind this?

Physically the data is transmitted through various routers or hop reaching the destination peer

But while tracing we can see only 1 hop

Why it so?

Regards,

Kesavamurthy Palani

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Why do we have Single Hop between Ipsec Peers?

Yes, you've got it.

Jon

3 REPLIES
Hall of Fame Super Blue

Re: Why do we have Single Hop between Ipsec Peers?

Because it is a tunnel so your traceroute packet is encapsulated within another packet ie.

Host1 -> VPN1 -> R1 -> R2 -> R3 -> VPN2 -> Host2

Host1 traceroutes to Host2.

When the packet reaches VPN1 the original traceroute packet is encapsulated within another packet with a source of VPN1 and a destination of VPN2. The packet is now an IPSEC packet. The original traceroute packet is there but it is not visible for all the R router in the above topology.

Hope this makes sense

Jon

New Member

Re: Why do we have Single Hop between Ipsec Peers?

Thanks !! Jon

I got it!

Other Question :

--------------------

Still the packets leaving VPN1 after IPsec encapsulation will pass through R1->R2-->R3

here.

So basically if we use tunnel - virtually the data is transmitting with single hop but IPsec Packets will go Physically to all routers-with fragmentation and Reassembly due to MTU of the medium along the path,

But trace doesn't show this - as it is encapsulated inside the IPsec Packet

Am i right?

Regards,

Kesavamurthy Palani

Hall of Fame Super Blue

Re: Why do we have Single Hop between Ipsec Peers?

Yes, you've got it.

Jon

151
Views
5
Helpful
3
Replies
CreatePlease login to create content