I personally have never been successful doing transport mode. It is possible it was a code issue so I am not saying that it definitely doesn't. I can only suggest to test.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Tuesday, October 26, 2010 10:00 AM To: [email protected] Subject: Re: [OSL | CCIE_Security] GETVPN mode In the next try, I see transport mode being used, if the server is configured for transport mode. So does it mean that GETVPN supports both transport and tunnel mode. Most of the Cisco docs mentions that GETVPN uses tunnel mode. Snippet from http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7 180/white_paper_c11-471053.html GET VPN uses ESP in tunnel mode, which protects the entire data packet, as well as the IP header received by the VPN gateway. Tunnel mode processing adds a new IP header to the packet after ESP encapsulation. GET VPN uses a method of tunnel mode called "tunnel mode with address preservation" that copies the original source and destination from the inner IP header to the outer IP header. Tunnel mode with address preservation differs from normal tunnel mode, where the source and destination on the packet are taken as the source and destination VPN gateways. With regards Kings On Tue, Oct 26, 2010 at 6:35 PM, Kingsley Charles <[email protected]> wrote: Hi all The GETVPN uses tunnel even, if the ipsec transform set on the KS is configured in transport mode. Can someone let me know, what do you understand from the following: Snippet from http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/gu ide/sec_encrypt_trns_vpn_ps6441_TSD_Products_Configuration_Guide_Chapter.htm l#wp1150130 * When you configure transport mode traffic selectors, it is possible to have transport mode SAs. SAs occur when the packet size exceeds the MTU, and the packet cannot be forwarded. * Transport mode should be used only for Group Encrypted Transport VPN Mode (GM) to GM traffic. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
