Home

IPSec

IPsec, or Internet Protocol Security, is a suite of protocols designed to secure Internet Protocol communications by authenticating and optionally encrypting each IP packet in a data stream. It operates at the network layer and can be used to build virtual private networks (VPNs). IPsec supports two modes: transport mode preserves the IP header and only protects the payload, while tunnel mode encapsulates the entire IP packet for gateway-to-gateway or network-to-network communication, allowing secure site-to-site VPNs or remote access.

The core components are the Authentication Header (AH), which provides data integrity and origin authentication but

IPsec relies on several standards: ESP (RFC 4303), AH (RFC 4302), and the overall IPsec architecture (RFC

Common use cases include site-to-site VPNs connecting networks across the Internet and remote access VPNs for

no
confidentiality,
and
the
Encapsulating
Security
Payload
(ESP),
which
provides
confidentiality,
integrity,
and
optional
authentication.
Security
Associations
(SA)
are
unidirectional
relationships
that
hold
the
cryptographic
parameters
and
keys
for
protected
traffic,
with
a
given
SA
pair
per
direction.
Keys
and
algorithms
are
negotiated
through
the
Internet
Key
Exchange
(IKE),
with
IKEv2
being
the
current
standard.
4301).
IKEv1
(RFC
4306)
and
IKEv2
(RFC
7296)
define
how
peers
authenticate
and
establish
SAs.
NAT
traversal
(NAT-T)
extensions
enable
IPsec
traffic
over
devices
performing
Network
Address
Translation.
individual
users.
Proper
configuration
of
encryption
and
integrity
algorithms,
SA
lifetimes,
and
authentication
methods
is
essential.
IPsec
implementations
are
widely
available
in
operating
systems
and
network
devices,
and
interoperability
is
a
key
feature
of
the
IPsec
standard.