Transport Mode - Internet Protocol Security - IPSec

In this lesson, you will learn what is Transport Mode, what type of data can be protected using Transport Mode.

IPsec Transport mode protects upper-layer protocols (Ex: TCP or UDP) and Transport mode is used to secure end-to-end (device to device) communications.

Figure 1: End-to-end data transmission security using Transport Mode

 

When IPSec is enabled, the transport layer packets (TCP Segments and UDP Datagrams) reach the IPSec module. When IPSec is implemented as a part of TCP/IP protocol suit, the IPSec module is a of the network layer (OSI Layer 3). The IPSec then adds the Authentication Header (AH), Encapsulating Security Payload (ESP), or both headers, and then IP header is added.

IPSec Transport Mode

When IPSec is operating at Transport mode, IPSec header is inserted between the IP header and the Transport Layer protocol header (TCP or UDP).

Figure 2: In Transport mode, IPSec Header is inserted between IP header and TCP Header

 

In Transport Mode, if the packet needs to be secured using both Authentication Header (AH) and Encapsulating Security Payload (ESP), the packet is first protected using Encapsulating Security Payload (ESP) and then it is secured using Authentication Header. This helps to bring the data integrity to the Encapsulating Security Payload (ESP) payload also.

 

Figure 3: Transport mode - AH and ESP together

You have learned what is IPSec Transport mode and IPSec Transport mode can protect end-to-end data transmission. Click "Next" to continue.