Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

tunnel protection works with transport mode only???

Anyone know why tunnel protection works with transport mode only??? If I change it to tunnel mode, it stops working immediately.

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions

Re: tunnel protection works with transport mode only???

That is because Tunnel mode creates a new IP header which gets modified when is NATed, when the remote peer receives this new header which is NATed the Security numbers do not match to what it had generated. Using trasport mode keeps the original header and only encapsulates the payload.

5 REPLIES

Re: tunnel protection works with transport mode only???

Tunnel protection works with both modes, however transport mode is used when NAT is present along the path, which might be your case.

New Member

Re: tunnel protection works with transport mode only???

Thanks for your reply. You are correct I have nat firewalls in the path. Do you know why I have to use transport mode in case of nat?

Thanks,

Re: tunnel protection works with transport mode only???

That is because Tunnel mode creates a new IP header which gets modified when is NATed, when the remote peer receives this new header which is NATed the Security numbers do not match to what it had generated. Using trasport mode keeps the original header and only encapsulates the payload.

New Member

Re: tunnel protection works with transport mode only???

tried transport mode with tunnel protection on gre interfaces, plus no crypto ipsec nat-transparency udp-encaps, not working with nat is present, any idea?

Re: tunnel protection works with transport mode only???

What is the actual error you get? do you complete the tunnel? are you not passing traffic? can you post your configs and debugs?

189
Views
5
Helpful
5
Replies