Communication Security: Remote Access and Messaging • Chapter 3  131

                         sniff the network and gather information about end parties.Transport
                         mode is used in host-to-host VPNs.

                      ■  Tunnel Mode Unlike transport mode where only the data is encrypted,
                         in tunnel mode (Figure 3.9) both the data and the IP headers are
                         encrypted.The advantage is that neither the payload nor any information
                         about end parties can be sniffed.The disadvantage is speed, since the size
                         of the encrypted packet increases.Tunnel mode is used in host-to-gateway
                         or gateway-to-gateway VPNs.



                 Figure 3.11 Using IPSec in Transport Mode Only Encrypts the Data Payload

                                                    IP Packet

                                 IP Header                     Payload




                                             IP Packet with IPSec
                                               in transport mode
                                 IP Header                     Payload







                 Figure 3.12 Using IPSec in Tunnel Mode Encrypts Both the Data and IP
                 Headers

                                                    IP Packet


                                  IP Header                     Payload




                                              IP Packet with IPSec
                                                 in tunnel mode
                                  IP Header                     Payload









                                                                              www.syngress.com