Solved

vpn tunnel mode versus transport mode

Posted on 2014-03-15
6
433 Views
Last Modified: 2014-04-03
I am looking at a IPSec site-to-site VPN connection routers configuration and I see that one router has the transform set mode tunnel and the other side has transform set mode transport. Will this be a problem? The tunnel is up and running. But I am not sure if there are any errors in the background. Thanks
0
Comment
Question by:leblanc
  • 3
  • 2
6 Comments
 
LVL 11

Accepted Solution

by:
naderz earned 333 total points
ID: 39931905
For a site-to-site tunnel you should be using the tunnel mode. I would make sure they match on both ends.
0
 
LVL 1

Author Comment

by:leblanc
ID: 39932088
what if they don't match. What command can I use to see what mode they are using on both end. Thanks
0
 
LVL 17

Assisted Solution

by:lruiz52
lruiz52 earned 167 total points
ID: 39932095
Agree with naderz, both sides should be the same,

On router to router vpn you should use tunnel mode on both sides, check the link below for a good explanation of both modes and when to use;


http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 11

Assisted Solution

by:naderz
naderz earned 333 total points
ID: 39933017
I am not sure what devices you are using. Here is the command for a Cisco device

show crypto ipsec sa

Here is another link that also explains the different modes and their intent:

http://www.ciscopress.com/articles/article.asp?p=25477
0
 
LVL 1

Author Comment

by:leblanc
ID: 39933171
We are all Cisco gear
0
 
LVL 11

Expert Comment

by:naderz
ID: 39935985
Try the command above and the links provided for more information.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now