[c-nsp] IPSEC Transport mode

David Prall dcp at dcptech.com
Wed Jun 18 07:27:16 EDT 2008 

In transport mode the original header is used, a new header isn't installed.
This works very well when using GRE tunnels, since both the GRE and IPsec
are initiated by the same device. You won't be able to do transport mode on
the ASA, at least I don't think so. You will need routers at each end.

http://www.cisco.com/en/US/docs/net_mgmt/vpn_solutions_center/2.2/ip_securit
y/provisioning/guide/IPsecPG1.html

--
http://dcp.dcptech.com
  

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeremy Stretch
> Sent: Wednesday, June 18, 2008 5:32 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] IPSEC Transport mode
> 
> Ziv,
> 
> I have a setup very similar to what you describe, a transport mode 
> tunnel between two 3725s connected via satellite. We have 
> accelerators 
> in place but I'm not familiar with them. It's a fairly 
> standard setup; 
> what do you need to know?
> 
> stretch
> http://packetlife.net
> 
> Ziv Leyes wrote:
> > Hi,
> > I'm making a VPN Site to Site tunnel in a lab test between 
> a Cisco 1840 router and ASA5510, each one connected behind a 
> satellite link, because of the high latency in such setup 
> (1300ms RTT) we're trying to implement acceleration and the 
> appliance we're trying to implement needs the VPN to encrypt 
> in transport mode in order to be able to accelerate the 
> traffic, the appliance knows to "ignore" the ESP protocol and 
> accelerate/compress the data, it can't do nothing on an IPSec 
> in tunnel mode.
> > I searched the web and the only thing I've found was a 
> proposed setup with GRE or L2TP tunnel and then encrypting 
> the data that goes through the tunnel.
> > Does somebody know what I'm talking about? I'll appreciate 
> some ideas.
> > Thanks,
> >
> > Ziv
> >
> >
> >
> >
> >
> >  
> >  
> > 
> **************************************************************
> **********************
> > This footnote confirms that this email message has been scanned by
> > PineApp Mail-SeCure for the presence of malicious code, 
> vandals & computer viruses.
> > 
> **************************************************************
> **********************
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >   
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list