IPsec mode tunnel mode vs transport mode

Hi Rene,

I understand that IPSEC has to mode tunnel mode and transport mode. And when one uses transport mode only the payload is protected but we keep the original ip header. But when we use tunnel mode it adds a new outer ip header. Where does this outer ip header come from what ips is it using? Is is the peer ips of the IPSec sa? Thank you

Hi Victor,

The outer header is what it used for routing so normally we use the public IP addresses on the routers, in other words the peer IP addresses yes.

Rene