Home

Transportmodus

Transportmodus is a term primarily used in the context of IPsec (Internet Protocol Security) and Internet security documentation in German. It denotes one of the two main modes of IPsec operation, the other being Tunnelmodus. The choice of mode determines how much of the original IP packet is protected and how it is encapsulated.

In Transportmodus, IPsec protects only the payload of the IP packet, while the original IP header remains

In contrast, Tunnelmodus encapsulates the entire original IP packet inside a new IP packet. The new outer

Summary: Transportmodus provides end-to-end protection of the payload with the original IP header visible, suitable for

in
plaintext
and
unchanged.
The
IPsec
header
and
trailers
(for
example
the
ESP
or
AH
headers)
are
inserted
between
the
IP
header
and
the
payload.
This
mode
is
typically
used
for
end-to-end
communication
directly
between
two
hosts,
where
the
peers
themselves
can
establish
the
security
associations.
IP
header
is
used
for
routing,
and
the
original
packet,
including
its
header,
is
encrypted
and
authenticated.
This
mode
is
commonly
used
for
network-to-network
connections
or
VPNs
between
gateways,
such
as
site-to-site
VPNs
or
remote-access
VPNs,
where
traffic
from
a
whole
network
is
secured
as
it
traverses
an
untrusted
network.
host-to-host
communications.
Tunnelmodus
provides
broader
protection
by
encapsulating
and
securing
the
entire
original
packet,
suitable
for
gateway-based
VPNs.
The
terms
are
standard
in
German
IT
security
literature
to
contrast
how
IPsec-secured
traffic
is
encapsulated
and
protected.