IPSEC transport mode and GET VPN

yuhuiyao · ‎11-03-2009

All,

I am about to implement GET VPN while read the following from Cisco's website:

IPsec transport mode suffers from fragmentation and reassembly limitations and must not be used in

deployments where encrypted or clear packets might require fragmentation.

I just do not understand why transport mode will suffer fragmentation and reassembly while it had less overhead than tunnel mode.

sdoremus33 · ‎11-04-2009

One thing to understand about Tran sport mode vs Tunnel mode (ipsec) is thst Transport is used between acyual source and destination of the ip protocol

Tunnel mode actually not only authenticates but also encrypts at the higher layers of the pckt

Pix

VPN

IP layers

Tunnel actual source and destination is encrypted at the upper layers and therefor when the packet gets to the IP Layer, it really doesnt know about or care about the iCV signature already withinh the upper PIX layer.

Also from a security standpoint because of the fact that tunnel mode encrpyts and authenticated the ip infoemation whereas transport only authenticates packets

yuhuiyao · ‎11-05-2009

I would strongly suggest you spend some time on the differece on esp, ah and transport mode, tunnel mode. You seemed to be confused with that.