1
66kviews
Differentiate between the transport mode and tunnel mode of IP Sec and explain how authentication and confidentiality are achieved using IP Sec.
1 Answer
written 8.0 years ago by |
Transport mode | Tunnel mode |
---|---|
Here end hosts do IPsec encapsulation of their own data; hence IPsec needs to implemented on each end-hosts | IPsec gateways provide service to other hosts in peer-to-peer tunnels; hence the end-hosts don’t need IPsec. |
Lower overhead than tunnel mode | More overhead required |
No edits on IP header | The entire packet is hashed or encrypted; IP header is applied to the packet during transit. |
Used in securing communication from one device to another. | Used to tunnel traffic from one site to another |
It is good for ESP host-to-host traffic | It is good for VPNs, gateway-to-gateway security. |
Provides protection primarily to upper layer protocols | Provides protection to entire IP packet |
AH in transport mode authenticates the IP payload and selected portions of IP header. | AH in tunnel mode authenticates the entire inner IP packet and selected portions of the outer IP header. |
ESP in transport mode encrypts and optionally authenticates the IP payload but not the IP header. | ESP in tunnel mode encrypts and optionally authenticates the entire inner IP packet, including the inner IP header. |
Authentication is provided by Authentication Header (AH)
Confidentiality is achieved using encapsulating security payload (ESP):
The header format of ESP is given as: