From: Larson, Chris (CLarson@usaid.gov)
Date: Wed Nov 20 2002 - 09:57:08 GMT-3
I am not sure about this anymore but it used to be that only AH would be
used in a non-tunnel mode IPSEC. That being the case there is no encryption
and this is only good for integrity checking/authentication. The AH or
transport mode header is placed at the beginning of the data portion of the
packet. In transport mode a packet header is added to the packet and the
packet is encrypted.
The advantages being that tunnel mode uses ESP and DES and the whole packet
is encrypted and encapsulated. tunnel mode.
AH does not used encryption and is only good for checking data integrity and
authentication or identity. Tranport mode.
> -----Original Message-----
> From: Hunt Lee [SMTP:huntl@webcentral.com.au]
> Sent: Wednesday, November 20, 2002 2:35 AM
> To: 'ccielab@groupstudy.com'
> Subject: Tunnel in IPSec network
>
> In an IPSec network, in order to create the Transform-Set, we can use
> either
> tunnel mode (default) or transport mode. my question is: when to use
> which?
> how do we justify which one to use? how do you you compare these 2 methods
> in terms of adv vs disadv? Thanks.
>
> Regards,
> H.
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:07 GMT-3