Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC transport mode and GET VPN

All,

I am about to implement GET VPN while read the following from Cisco's website:

IPsec transport mode suffers from fragmentation and reassembly limitations and must not be used in

deployments where encrypted or clear packets might require fragmentation.

I just do not understand why transport mode will suffer fragmentation and reassembly while it had less overhead than tunnel mode.

2 REPLIES
New Member

Re: IPSEC transport mode and GET VPN

One thing to understand about Tran sport mode vs Tunnel mode (ipsec) is thst Transport is used between acyual source and destination of the ip protocol

Tunnel mode actually not only authenticates but also encrypts at the higher layers of the pckt

Pix

VPN

IP layers

Tunnel actual source and destination is encrypted at the upper layers and therefor when the packet gets to the IP Layer, it really doesnt know about or care about the iCV signature already withinh the upper PIX layer.

Also from a security standpoint because of the fact that tunnel mode encrpyts and authenticated the ip infoemation whereas transport only authenticates packets

New Member

Re: IPSEC transport mode and GET VPN

I would strongly suggest you spend some time on the differece on esp, ah and transport mode, tunnel mode. You seemed to be confused with that.

543
Views
0
Helpful
2
Replies
CreatePlease login to create content