Hi, Transport mode IPSec has many legit uses. The first one which springs to mind is gateway-gateway encryption, over which you can use your favourite tunneling protocol e.g. L2TP or GRE. Especially useful if you're transporting multicast traffic over the VPN.
Also one of the most popular remote access VPN solutions (works 'out of the box' on Windows, OS.X & Cisco routers) is "L2TP over IPSec". This provides both static & dynamically addressed clients with an IPSec tunnel back to the VPN server, over which L2TP is tunneled, providing DHCP for tunnel IP addressing, and multi-protocol (IPX or IPv6 anyone ?) support. It's also ideal for ubiquitous IP level any to any encryption if you spend the effort on key management issues. /Pete On 31. mai 2010, at 18.56, Toni Mueller wrote: > > I'd say that transport mode is a design error in IPSEC and should be > avoided at all costs. It also complicates network setup quite a bit, > imho. > > > Kind regards, > --Toni++