Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

 

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

Tunnel Mode and Transport mode - IPSec through Firewall VPN Tutorial

 

 

Tunnel mode and Transport mode

When using ESP you can specify one of two modes, in which ESP operates in. Tunnel mode encrypts the whole packet. Tunnel mode is used for site to site VPN, when securing communication between security gateways, concentrators, firewalls, etc. Tunnel mode provides security for the entire original IP packet, that is the headers and the payload.

The other mode ESP can operate in is Transport mode, which is not as secure as it only encrypts the data portion and not the whole packet unlike tunel tunnel mode.

Transport mode encrypts the data portion of the packet. It works between two different workstations running some kind of VPN software. Transport mode protects payload of packet and the high layer protocols. Transport mode leaves the original IP addresses in open clear text. Using transport mode the final destination is not a gateway or router, generally the host itself. Transport mode provides security to the higher layer protocols only.

Further Reading

Wikipedia's guide to IPSec