[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Q: What is advantage of tunnel mode between host to host scenrio?
>>>>> "rupesh" == rupesh <rupesh.jain@cdac.ernet.in> writes:
rupesh> Hi Please elobrate the points you are making
rupesh> 1. Fewer mechanisms to implement.
rupesh> Pl. explain what do you mean by fewer mechnaisms.
rupesh> Instead , i think there is need to do more processing at both
rupesh> ends ( like adding extra headers).
What I meant is: if you're building a security gateway, you need
tunnel mode. You can use tunnel mode for communication that
terminates at that gateway. Transport mode would also work. But it
is easier to implement only tunnel mode and use it for everything,
rather than implement transport mode as well as tunnel mode.
rupesh> 2. It hides the fact that you're doing host to host
rupesh> communication
>> rather than communication for someone else.
rupesh> How it hides the fact that the communication is host to host
rupesh> because the inner and outer IP header may be same. Only in
rupesh> case of host having multiple NICs then this point is vaild.
You cannot see the inner header (it is encrypted). So if you see
tunnel mode communication, all you know is that the security gateway
is sending secured traffic. You cannot tell whether that traffic
comes from the security gateway (the tunnel endpoint) or from
somewhere else (a node behind the security gateway).
paul
Follow-Ups:
References: