In the next try, I see transport mode being used, if the server is configured for transport mode.
So does it mean that GETVPN supports both transport and tunnel mode. Most of the Cisco docs mentions that GETVPN uses tunnel mode. Snippet from http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/white_paper_c11-471053.html *GET VPN uses ESP in tunnel mode,* which protects the entire data packet, as well as the IP header received by the VPN gateway. Tunnel mode processing adds a new IP header to the packet after ESP encapsulation. GET VPN uses a method of tunnel mode called "tunnel mode with address preservation" that copies the original source and destination from the inner IP header to the outer IP header. *Tunnel mode with address preservation differs from normal tunnel mode,*where the source and destination on the packet are taken as the source and destination VPN gateways. With regards Kings On Tue, Oct 26, 2010 at 6:35 PM, Kingsley Charles < [email protected]> wrote: > Hi all > > The GETVPN uses tunnel even, if the ipsec transform set on the KS is > configured in transport mode. Can someone let me know, what do you > understand from the following: > > > > Snippet from > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_encrypt_trns_vpn_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1150130 > > - When you configure transport mode traffic selectors, it is possible > to have transport mode SAs. SAs occur when the packet size exceeds the MTU, > and the packet cannot be forwarded. > > > - Transport mode should be used only for Group Encrypted Transport VPN > Mode (GM) to GM traffic. > > > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
