Client-side VPNs (AnyConnect, RDP) use transport mode because they set up end-to-end or end-to-site encryption. They do not rely on any other security infrastructure to create and maintain the tunnel. Tunnel mode is most often done between VPN gateways (routers) that maintain the tunnel without needing to install or configure the clients.
Forouzan: MCQ in Security in the Internet: IPSec, SSL/TLS Dec 03, 2019 Public KB - KB8569 - How does Network Connect / Pulse Aug 02, 2015 Transport and Tunnel Modes in IPsec - Oracle The ipsecconf command includes keywords to set tunnels in tunnel mode or transport mode. For details on per-socket policy, see the ipsec(7P) man page. For an example of per-socket policy, see How to Use IPsec to Protect a Web Server From Nonweb Traffic. For more information about tunnels, see the ipsecconf(1M) man page. For an example of tunnel Build Your Skills: Learn why NAT can cause VPN connection
Nov 10, 2011
Transport mode: IPSec encrypts and authenticates only the actual payload of the packet, and the header information stays intact. Tunnel mode (supported by Oracle): IPSec encrypts and authenticates the entire packet. After encryption, the packet is then encapsulated to form a new IP packet that has different header information. Tunnel and Transport Mode - Networking Tutorial
SSL VPN and IPsec VPN: How they work - Calyptix
The TCP/IP Guide - IPSec Modes: Transport and Tunnel Key Concept: IPSec has two basic modes of operation.In transport mode, IPSec AH and/or ESP headers are added as the original IP datagram is created; this mode is associated with integrated IPSec architectures.In tunnel mode, the original IP datagram is created normally, then the entire datagram is encapsulated into a new IP datagram containing the AH/ESP IPSec headers.