I basically understand how tunnel mode and transport mode works, but I don't know when I should use one instead of another.
Among the two parties who want to communicate, if one computer B doesn't understand IPsec, I think they have to use tunnel mode, which puts original IP and payload into ESP and delivers the packet to a device near B who knows IPsec, and that device decrypts the packet and sends the decrypted packet to computer B.
But what if the two computer both know IPsec, can I use transport mode? Various articles mention that if two computer are in a intranet, use transport; if they are in different networks, use tunnel. Why? If two computers are in different networks and transport mode is used, what problem will happen?
(Try not to mention AH and so-called security gateway, I don't know what they are.)
Aucun commentaire:
Enregistrer un commentaire