From: Larson, Chris (CLarson@usaid.gov)
Date: Wed Nov 20 2002 - 12:50:36 GMT-3
Ok. It was my understanding that at one time only AH could be used in
transport and that there was no encryption. Thank you for the
update/correction.
> -----Original Message-----
> From: Robert Neil [SMTP:RNeil@nova-data.com]
> Sent: Wednesday, November 20, 2002 10:42 AM
> To: 'Larson, Chris'; 'Hunt Lee'; 'ccielab@groupstudy.com'
> Subject: RE: Tunnel in IPSec network
>
> My understanding is that in Transport mode the ESP header is added before
> the ip header is and only the ip payload is encrypted - the ESP and IP
> headers are not encrypted.
>
> In Tunnel mode the ESP header is added after the ip header is added and
> both
> the ESP and ip headers are encrypted along with the payload. Then the
> encrypted packet is encapsulated into a new ip packet with a new header.
>
> Tunnel mode is the most common and is typically used between site-to-site
> or
> client-to-site scenarios where basically a user is accessing some sort of
> remote LAN resource. Transport mode is used when the terminating gateway
> is
> also the target resource.
>
> robert
>
> -----Original Message-----
> From: Larson, Chris [mailto:CLarson@usaid.gov]
> Sent: Wednesday, November 20, 2002 7:57 AM
> To: 'Hunt Lee'; 'ccielab@groupstudy.com'
> Subject: RE: Tunnel in IPSec network
>
>
> I am not sure about this anymore but it used to be that only AH would be
> used in a non-tunnel mode IPSEC. That being the case there is no
> encryption
> and this is only good for integrity checking/authentication. The AH or
> transport mode header is placed at the beginning of the data portion of
> the
> packet. In transport mode a packet header is added to the packet and the
> packet is encrypted.
>
> The advantages being that tunnel mode uses ESP and DES and the whole
> packet
> is encrypted and encapsulated. tunnel mode.
> AH does not used encryption and is only good for checking data integrity
> and
> authentication or identity. Tranport mode.
>
>
> > -----Original Message-----
> > From: Hunt Lee [SMTP:huntl@webcentral.com.au]
> > Sent: Wednesday, November 20, 2002 2:35 AM
> > To: 'ccielab@groupstudy.com'
> > Subject: Tunnel in IPSec network
> >
> > In an IPSec network, in order to create the Transform-Set, we can use
> > either
> > tunnel mode (default) or transport mode. my question is: when to use
> > which?
> > how do we justify which one to use? how do you you compare these 2
> methods
> > in terms of adv vs disadv? Thanks.
> >
> > Regards,
> > H.
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:07 GMT-3