Psec can be used in tunnel mode or transport mode, but most VPNs use IPsec in tunnel mode. IPsec in tunnel mode...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
works just like I've described with respect to encapsulation and traversing intervening networks. But IPsec ALSO uses security measures to protect the inner IP packet from eavesdropping, replay, insertion, or modification. For example, IPsec ESP in tunnel mode encrypts the entire inner packet (including the inner packet's IP header) so that nobody in between can see the ultimate source or destination, type of application, or data payload. IPsec ESP and AH in tunnel mode use a hashed message authentication code to detect any change to the inner IP packet. Your "normal tunnels" probably do not have this type of cryptographic protection, which means that someone could inject modified packets or intercept your data in transit. If you are sending confidential information and need to be sure that no one (including your ISP) can tamper with that information, you should use IPsec tunnels.
Bandwidth management is independent of tunneling method. Products without bandwidth management features don't allocate any specific bandwidth to each tunnel -- all tunnels share the aggregate bandwidth of the data link, first-come first-serve. On the other hand, if your firewall or router provides bandwidth management, it may do so in a wide variety of ways. It might let you prioritize tunnels so that one tunnel gets "first dibs" on available bandwidth (i.e., packets for that tunnel get processed first). Or it might let you assign a maximum throughput to each tunnel, or possibly burstable throughputs. For example, if your link supports 100 Mbps, you might configure a 10 Mbps limit for each of your 6 tunnels. Depending on the product, the tunnels might share any unused capacity on a FCFS or priority basis, or spare capacity might go unused if 10 Mbps is treated as an absolute upper bound. Because bandwidth management features vary widely and are product specific, you'll need to consult your firewall or router's documentation to learn about bandwidth controls (if any) applied to your tunnels.
Dig Deeper on Network Design
Related Q&A from Lisa Phifer
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
New and improved management features have made Android devices more suitable for enterprise use, and API and EMM tools can streamline the device ...continue reading
Whether you need a basic open source mobile device management tool for your company's Apple or Android devices, or something more customized, you ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.