vpn tunnel mode versus transport mode

Posted on 2014-03-15
Last Modified: 2014-04-03
I am looking at a IPSec site-to-site VPN connection routers configuration and I see that one router has the transform set mode tunnel and the other side has transform set mode transport. Will this be a problem? The tunnel is up and running. But I am not sure if there are any errors in the background. Thanks
Question by:leblanc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 11

Accepted Solution

naderz earned 333 total points
ID: 39931905
For a site-to-site tunnel you should be using the tunnel mode. I would make sure they match on both ends.

Author Comment

ID: 39932088
what if they don't match. What command can I use to see what mode they are using on both end. Thanks
LVL 17

Assisted Solution

lruiz52 earned 167 total points
ID: 39932095
Agree with naderz, both sides should be the same,

On router to router vpn you should use tunnel mode on both sides, check the link below for a good explanation of both modes and when to use;
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

LVL 11

Assisted Solution

naderz earned 333 total points
ID: 39933017
I am not sure what devices you are using. Here is the command for a Cisco device

show crypto ipsec sa

Here is another link that also explains the different modes and their intent:

Author Comment

ID: 39933171
We are all Cisco gear
LVL 11

Expert Comment

ID: 39935985
Try the command above and the links provided for more information.

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question