Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Terminology

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Tunnel Mode and Transport mode - IPsec VPN Tutorial

 

 

When using Encapsulating Security Payload (ESP), you can specify one of two modes in which ESP operates in, which are tunnel mode or transport mode.

Tunnel mode encrypts the whole packet and is used for the establishment of site-to-site VPN tunnels, when securing communication between VPN gateway devices. Tunnel mode provides security for the entire original IP packet, protecting the headers and payload.

The other mode ESP can be configured to operate in is Transport mode, which is not as secure as tunnel mode as it only encrypts the data portion of the packet and not the whole packet like tunnel mode does.

Transport mode is commonly used between two different workstations running VPN software. Transport mode protects the payload of the packet and the higher layer protocols. Transport mode leaves the original IP addresses open in clear text. Using transport mode, the final destination never tends to be a gateway or a router like tunnel mode, but generally the host itself. Transport mode provides security to the higher layer protocols only.

Further Reading

Wikipedia's guide to IPSec