-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It's actually little more complicated than that. Tunnel vs. Transport has
to do with how the packet is constructed. Tunnel get's an additional IP
header (so you have an inside and outside header). ESP provides for
encryption but AH does not.
I recommend reading: Internet Security Protocols by Uelyss Black if you
really want to understand IPSEC. It's not light reading, and I think some
sections are out of order (like I would have put Ch. 9 before Ch. 8.. but
maybe that's just me).
Carric Dooley
Senior Consultant
COM2:Interactive Media
"But this one goes to eleven."
- -- Nigel Tufnel
On Thu, 22 Mar 2001, Volker Tanger wrote:
> Greetings!
>
> mouss schrieb:
>
> > At 14:48 22/03/01 +0800, [EMAIL PROTECTED] wrote:
> > >I am a new starter in firewall/VPN. I am confused with two terms - Tunnel
> > >Mode and Transport Mode.
> > >Does anyone can tell me the difference btw them and some examples for
> > >their application
> >
> > Typically, Tunnel mode is used by gateways, while transport mode is used by
> > hosts. Again typically, your FW/VPN will use tunnel mode for packets that it
> > relays on behalf of other clients, and use transport mode for those generated by
> > the FW/VPN itself.
>
> In "Tunnel Mode" the whole IP packet is being encrypted and becomes the data part
> of a new IP packet with new header information (from/to src/dst). With this noone
> can read from or to where the real packet is being sent or its contents.
>
> In "Transport Mode" only the data portion of the IP packets get encrypted, the
> header stays the same. Here anyone sees which two computers are communicating - and
> probably with which protocol (from the port number).
>
> Bye
> Volker
>
>
> --
>
> Volker Tanger <[EMAIL PROTECTED]>
> Wrangelstr. 100, 10997 Berlin, Germany
> DiSCON GmbH - Internet Solutions
> http://www.discon.de/
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Made with pgp4pine 1.75-6
iQA/AwUBOros/lUqWOkDpMZ2EQLt+ACeJDl6D0HFi8gRlQj6vtkWuPTLs64AmgMc
m8Ctg0RQ571ycb+oLuIefHlq
=PwKr
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
