RFC 4891:Using IPsec to Secure IPv6-in-IPv4 Tunnel...
RFC-Ref

6 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Transport Mode

Click on the red underlined text to get to the source

2. Threats and the Use of IPsec
... IPsec in Transport Mode ...
... In transport mode, the IPsec Encapsulating Security Payload (ESP) or ...
... This prevents threat (1) but not threat (2). IPsec in transport mode does not verify the contents of the payload itself where the IPv6 addresses ...
... IPv6 addresses are carried. That is, two nodes using IPsec transport mode to secure the tunnel can spoof the inner payload ...
... RFC3704]. In most implementations, a transport mode SA is applied to a normal IPv6-in-IPv4 ...
... the tunnel interface. (Transport mode is often also used in other kinds of tunnels such as Generic Routing Encapsulation ...
... As described in Section 5, using tunnel mode is more difficult than applying transport mode to a tunnel interface, and as a result this ...
... tunnel interface, and as a result this document recommends transport mode. Note that even though transport rather than tunnel mode ...


5. IPsec Configuration Details
... VLINK]. Because applying transport mode to protect a tunnel is a much simpler solution and also easily protects link-local ...
... Transport mode has typically been applied to L2TP, GRE, and other ...
... RFC3193], and [RFC4023] provide examples of applying transport mode to protect tunnel traffic that spans only a ...


6. Recommendations
... transport or tunnel mode. We observe that applying transport mode to a tunnel interface is the ...
... acceptable solution. Therefore, our primary recommendation is to use transport mode applied to a tunnel interface ...


10. References
... Touch, J., Eggert, L., and Y. Wang, "Use of IPsec Transport Mode for Dynamic Routing", RFC 3884, September 2004. ...


11. Appendix A. Using Tunnel Mode
... tunnel interface) can be made to work, but it has reduced applicability, and the use of a transport mode tunnel is recommended instead. However, we will describe how the SSPD tunnel mode ...
... multicast, etc. will work through this tunnel. This mode is similar to transport mode. The SPDs must be interface ...
... IPsec processing when option (2) is chosen, whereas the operator has to enable it explicitly when transport mode or option (1) is chosen. In summary, there does not appear to be a standard solution in this ...
... limited set of features (e.g., no multicast) compared with a transport mode tunnel. ...
... fragment handling [RFC4301] may also be more difficult compared with transport mode and, depending on implementation, may need to be reflected in SPDs. ...

6 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org