Re: mode tunnel or transport ?

iqbalkhan · ‎06-28-2006

Hi

I have Ho and multple branch. Ho and br have cisco 2600 route . now i create vpn point to multpoint.

when i start configure,

i configure mode tunnel but one cisco guide mention point to multipoint configuration mode transport.

so i worried what i use ? mode tunnel or transport ?

thanks

Biplob

=====================

crypto isakmp policy 1

authentication pre−share

crypto isakmp key xxxx address 0.0.0.0 0.0.0.0

!

crypto ipsec transform−set trans2 esp−des esp−md5−hmac

mode transport

!

crypto map vpnmap1 local−address Ethernet0

crypto map vpnmap1 10 IPsec−isakmp

set peer 172.17.0.1

set security−association level per−host

set transform−set trans2

match address 101

!

interface Tunnel0

bandwidth 1000

ip address 10.0.0.3 255.255.255.0

ip mtu 1400

ip nhrp authentication test

ip nhrp map 10.0.0.1 172.17.0.1

ip nhrp network−id 100000

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

delay 1000

tunnel source Ethernet0

tunnel destination 172.17.0.1

tunnel key xxx

!

interface Ethernet0

ip address dhcp hostname

Richard Burts · ‎06-29-2006

Biplob

I have done it both ways and it works with mode tunnel or mode transport when you do IPSec with GRE tunnels. I understand that it is particularly appropriate to do more transport when doing IPSec with GRE tunnels. This saves a little overhead and reduces the need for 1 additional IP header when doing mode transport for IPSec with GRE tunnel.

HTH

Rick

HTH

Rick

iqbalkhan · ‎07-02-2006

Hi

Thanks

Biplob