Tip If you have trouble, make sure you are using the correct IP address and that you enabled the tunnel  interface with the  no shutdown

3-10
Cisco IOS VPN Configuration Guide
OL-8336-01
Chapter 3 Site-to-Site and Extranet VPN Business Scenarios
Step 2—Configuring Network Address Translation
mode protects against traffic analysis; with tunnel mode, an attacker can only determine the tunnel 
endpoints and not the true source and destination of the packets passing through the tunnel, even if they 
are the same as the tunnel endpoints.
Note
IPSec tunnel mode configuration instructions are described in detail in the 
“Configuring IPSec and IPSec 
Tunnel Mode” section on page 3-22
.
In IPSec transport mode, only the IP payload is encrypted, and the original IP headers are left intact. 
(See 
Figure 3-6
.) This mode has the advantage of adding only a few bytes to each packet. It also allows 
devices on the public network to see the final source and destination of the packet. With this capability, 
you can enable special processing in the intermediate network based on the information in the IP header. 
However, the Layer 4 header will be encrypted, limiting the examination of the packet. Unfortunately, 
by passing the IP header in the clear, transport mode allows an attacker to perform some traffic analysis. 
(See the 
“Defining Transform Sets and Configuring IPSec Tunnel Mode” section on page 3-23
for an 
IPSec transport mode configuration example.)

Download 2,05 Mb.

Do'stlaringiz bilan baham: