Transport mode and tunnel mode, Table 17 – Dell POWEREDGE M1000E User Manual
Page 217
Web Tools Administrator’s Guide
189
53-1002756-01
IPsec concepts
15
There are several protocols and algorithms that can be applied. Choosing the protocols and
algorithms you want to use may be a matter of adapting to an implementation that is already in
place in your LAN, or you may need to do a significant amount of research and planning. The
supported protocols and algorithms are defined and described in the RFCs listed in
.
Transport mode and tunnel mode
Transport mode adds an authentication header (AH) before the IP header. Only a single pair of
addresses is used (those in the IP header). When transport mode is used, both endpoints
implement IPsec.
Tunnel mode encapsulates an IP datagram in a new datagram, with a new IP header specifying the
addresses of the tunnel end points. IPsec is implemented between tunnel endpoints. IPsec is
transparent to the actual endpoints within the IP header in the original packet.
provides a basic visual comparison of how transport mode and tunnel mode modify an IP
datagram.
TABLE 17
Relevant RFCs
RFC number
Title
RFC 4301
Security Architecture for the Internet Protocol
RFC 4302
IP Authentication Header
RFC 4303
IP Encapsulating Security Payload
RFC 4304
Extended Sequence Number (ESN) Addendum
to IPsec Domain of Interpretation (DOI) for
Internet Security Association and Key
Management Protocol (ISAKMP)
RFC 4305
Cryptographic Algorithm Implementation
Requirements for Encapsulating Security
Payload (ESP) and Authentication Header
RFC 4869
Suite B Cryptographic Suites for IPsec
RFC 4309
Using Advanced Encryption Standard (AES)
CCM Mode with IPsec Encapsulating Security
Payload (ESP)
RFC 4306
Internet Key Exchange Version 2 (IKEv2)
Protocol
RF C4307
Cryptographic Algorithms for Internet Key
Exchange Version 2 (IKEv2)
RFC 3971
Secure Neighbor Discovery
RFC 3972
Cryptographically Generated Addresses
RFC 3041
Privacy Extensions for Stateless Address Auto
configuration in IPv6