IPsec modes: Understanding transport vs. tunnel modes for VPN security

When building a virtual private network (VPN), the Internet Protocol security (IPsec) protocol is an essential ingredient for properly protecting VPN traffic. IPsec's primary objective is to provide security services for IP packets, and these services include data encryption, authentication and protection against replay from hackers.

Discovering IPsec modes

IPsec can actually operate in two different modes: IPsec tunnel mode and IPsec transport mode. Deciding which IPsec mode to use depends dramatically on your network topology and the purpose of your VPN.

To help explain these modes and their applications, we will provide a few examples in the following articles:

• Part 1: IPsec tunnel mode
• Part 2: IPsec transport mode
• Part 3: Implementing IPsec to protect your VPN data
• Part 4: GRE IPsec tunnel and transport mode overhead

About the author: Chris Partsenidis is the founder and senior editor of www.Firewall.cx -- one of the few websites Cisco Systems recommends in its world class Cisco Academy program. Firewall.cx is also the only official Cisco Press reviewer in the world. He has a degree in electrical technology and holds the following certifications: CNA for Netware 3, 4 and 5; Cisco's CCNA; Microsoft's MCP; DCE (D-link Certified Engineer); LCP (Linux Certified Professional); Network+; A+; Symantec STS; SSE; SSE+ and Hellas-Sat Certified Engineer.