No, transport mode is not supported. Check out
http://www.checkpoint.com/products/vpn1/vpnwp.html (about 3/4 of the way
down the page) for some diagrams and a description of the difference. In
short, transport encrypts the data and leaves the IP header intact, whereas
tunnel encrypts everything including the original IP header and re-creates
the packet with a new IP header. Tunnel is the most preferable from a
security standpoint. If you need transport mode, the best solution may be
to terminate your VPN somewhere other than the firewall
(parallel/inside/outside depending on your network design).
HTH
Dan Hitchcock
Security Analyst
Breakwater Security Associates
206.770.0700 x147
[EMAIL PROTECTED]
-----Original Message-----
From: Martin WF Hui [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 14, 2001 7:08 AM
To: [EMAIL PROTECTED]
Subject: [FW1] IPSec in Transport mode or in Tunnel Mode
Hi,
Please tell me whether Checkpoint FW 4.1 can support IPSec in Transport
Mode. What is the benefits on using Transport mode rather than Tunnel mode.
Please also teach me how to build a Transport Mode IPSec Tunnel.
Thanks a lot.
Martin
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
