Part 3: IPSEC Story- Transport & Tunnel Modes
IPSEC Story- Transport & Tunnel Modes
It is very important to understand the modes in the IPSEC tunnel. There are two different modes and these are Transport mode or a Tunnel mode. As in our earlier article we discuss on the IPSEC protocol header AH & ESP. So they can be operate in one of two modes.
Transport Mode:
This is the first mode and in this mode, IPSec transport mode works by inserting an AH or ESP header between an IP header and a transport-layer protocol header to protect the TCP, UDP, or ICMP payload. Because no additional IP header is added, IP addresses in the original packets are visible in the IP header of the post-encrypted packet
 |
| Fig 1.1- Transport Mode ( AH & ESP ) |
Tunnel Mode:
This is the second mode and in this mode, IPSec tunnel mode works by encrypting and authenticating an entire IP packet, including the IP header and payload. In this mode, an AH or ESP header is added before the raw IP header, and a new IP header is added before the AH or ESP header.
 |
| Fig 1.2- IPSEC Tunnel Mode |
Difference between Transport and Tunnel Mode
- The tunnel mode generates an additional IP header, so they required more bandwidth than the transport mode.
- The tunnel mode is more secure because original IP packets are completely authenticated and encrypted. This mode hides the IP address, protocol type, and port number in an original IP packet.
- The transport mode is mainly used for communication between two hosts or between a host and a VPN gateway. The tunnel mode is mainly used for communication between two VPN gateways or between a host and a VPN gateway.
