Using IPSec in Transport Mode
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Table 6.2 provides a summary of when IPSec transport mode is appropriate to use.
Table 6.2 IPSec Transport Mode Uses
| IPSec Scenario | IPSec Transport Mode Usage |
|---|---|
Require packet filtering |
Although IPSec does not provide full firewall functionality, it can be used to statically permit or block traffic based on source and destination address combinations, and based on the IP protocol and TCP and UDP ports. Some of the functions found in standard firewalls that IPSec does not provide include stateful inspection, application protocol awareness, intrusion inspection, and packet logging. Although IPSec lacks some features of firewalls, the packet blocking and filtering it provides can be effective in limiting the spread of viruses or in thwarting specific attacks known to use specific ports. It can also be used to prevent specific applications and services from being used on the network. |
Require end-to-end security |
This is the easiest way to secure traffic with IPSec, typically between servers or clients and servers. End-to-end security creates a secure channel for trustworthy communication. |
You can also combine these two IPSec methods to enhance the network-level security of your infrastructure. Both methods are detailed later in this chapter.