DMVPN transport mode is advised to remove the creation of an extra IP header that just adds to the header with no benefit.
Are you sure about GetVPN and transport mode. My understanding is regardless of what you configure it will run tunnel mode. Here is a note from the GetVPN technote: GET VPN uses ESP in tunnel mode, <http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps 7180/white_paper_c11-471053.html#wp9000029> 1 which protects the entire data packet, as well as the IP header received by the VPN gateway. Tunnel mode processing adds a new IP header to the packet after ESP encapsulation. GET VPN uses a method of tunnel mode called "tunnel mode with address preservation" that copies the original source and destination from the inner IP header to the outer IP header (as shown in Figure 5). Note: IPsec also defines a transport mode for ESP that does not add a new IP header to the packet. Transport mode may be safely used in some IPsec applications, but fragmentation and reliability issues render it unsuitable for use with GET VPN. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Vybhav Ramachandran Sent: Tuesday, December 14, 2010 11:47 AM To: Kamran Shakil; OSL Security Subject: Re: [OSL | CCIE_Security] want confirmation plz.....dmvpn and getvpn... Hello Kamram, DMVPN can be configured using both Tunnel mode and Transport mode. However, using transport is advised because it supports Nat traversal. GETVPN also supports both transport and tunnel modes. However in Tunnel mode, GETVPN has a special feature called "IP header preservation" which basically Copies the inner IP header to the outer IP header. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
