IPSec Transport and Tunnel Modes
IPSec supports Transport and Tunnel modes for encryption. The Transport mode encrypts only the data portion of the encapsulated packet, while the Tunnel mode encrypts both the data and the header portions of the encapsulated packet hiding more information about the underlying communications159.
A typical transport-mode packet looks like Figure 19.
The Tunnel mode is most commonly used to encapsulate existing IP traffic for communication between hosts on networks connected by IPSec-enabled routers. With routers doing the IPSec encapsulation, no changes are required to software or drivers on the hosts the IPSec encryption is effectively transparent.
A typical tunnel-mode packet looks like Figure 20.
The flexibility of IPSec provides for connecting multiple sites in secure VLAN using VPN technologies, or a road warrior to connect in transport mode where the road warrior doesnt have control over a router and the tunneling mode would fail. Because IPSec creates an SA for both sending and receiving, each SA can be a different mode.
For a concise, clear explanation of IPSec on Windows 2000 networks, check out Configuring Windows 2000 Server Security160.
160. Shinder, Thomas W., Debra Littlejohn Shinder, D. Lynn White, Configuring Windows 2000 Server Security, Syngress, January, 2000, http://www.nerdbooks.com/item.html?id=1928994024
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.