Psec can be used in tunnel mode or transport mode, but most VPNs use IPsec in tunnel mode. IPsec in tunnel mode...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
works just like I've described with respect to encapsulation and traversing intervening networks. But IPsec ALSO uses security measures to protect the inner IP packet from eavesdropping, replay, insertion, or modification. For example, IPsec ESP in tunnel mode encrypts the entire inner packet (including the inner packet's IP header) so that nobody in between can see the ultimate source or destination, type of application, or data payload. IPsec ESP and AH in tunnel mode use a hashed message authentication code to detect any change to the inner IP packet. Your "normal tunnels" probably do not have this type of cryptographic protection, which means that someone could inject modified packets or intercept your data in transit. If you are sending confidential information and need to be sure that no one (including your ISP) can tamper with that information, you should use IPsec tunnels.
Bandwidth management is independent of tunneling method. Products without bandwidth management features don't allocate any specific bandwidth to each tunnel -- all tunnels share the aggregate bandwidth of the data link, first-come first-serve. On the other hand, if your firewall or router provides bandwidth management, it may do so in a wide variety of ways. It might let you prioritize tunnels so that one tunnel gets "first dibs" on available bandwidth (i.e., packets for that tunnel get processed first). Or it might let you assign a maximum throughput to each tunnel, or possibly burstable throughputs. For example, if your link supports 100 Mbps, you might configure a 10 Mbps limit for each of your 6 tunnels. Depending on the product, the tunnels might share any unused capacity on a FCFS or priority basis, or spare capacity might go unused if 10 Mbps is treated as an absolute upper bound. Because bandwidth management features vary widely and are product specific, you'll need to consult your firewall or router's documentation to learn about bandwidth controls (if any) applied to your tunnels.
Dig Deeper on Network Design
Related Q&A from Lisa Phifer
Understanding the functions of a wireless access point vs. wireless router will help you deploy the right device for the right circumstance.continue reading
Learn the difference between a site-to-site VPN and a remote-access VPN, as well as the protocols used for each one.continue reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.