Glossary

IPsec: Tunnel Mode and Transport Mode

Related Terms

Share:

If you are looking to secure HTTPS-based applications, Pomerium is a better choice for speed, security, and ease-of-use.

IPsec (Internet Protocol Security) is a protocol that provides security for IP-based communication. IPsec can operate in two modes: Tunnel Mode and Transport Mode.

Tunnel Mode:

  • In Tunnel Mode, the entire original IP packet is encapsulated in a new IP packet. The new packet is then encrypted and sent over the network.

  • This mode is used when two entire networks need to be connected over a public network, such as the Internet.

  • In Tunnel Mode, the entire IP packet, including the original source and destination addresses, is encrypted, providing end-to-end security.

Transport Mode:

  • In Transport Mode, only the payload of the IP packet is encrypted, not the entire packet.

  • This mode is used when a single host needs to communicate with another single host over a public network.

  • In Transport Mode, only the data being transmitted is encrypted, not the header information such as the source and destination addresses.

When comparing Tunnel Mode and Transport Mode, one key difference is the level of encryption provided. Tunnel Mode provides end-to-end security by encrypting the entire IP packet, while Transport Mode only encrypts the payload of the packet.

Another difference is the use case: Tunnel Mode is used for connecting entire networks, while Transport Mode is used for host-to-host communication.

The choice between Tunnel Mode and Transport Mode depends on the specific requirements of the network and the level of security desired.

Revolutionize
Your Security

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Pomerium logo
© 2025 Pomerium. All rights reserved