中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeInformation, Computer and Network SecurityBasic Security Technologies

IPsec Virtual Private Network (IPsec VPN)

Internet Protocol Security (IPSec), the most widely deployed VPN technology, is a set of authentication and encryption protocols developed by the Internet Engineering Task Force (IETF), to address data confidentiality, integrity, authentication and key management in the IP networks. The IPSec protocol typically works on the edges of a security domain, which encapsulates a packet by wrapping another packet around it. It then encrypts the entire packet. This encrypted stream of traffic forms a secure tunnel across an otherwise unsecured IP network. IPsec is the primary layer 3 VPN.

The IPsec standard provides protection for IP packets by allowing network designers to specify the traffic that needs protection, define how that traffic is to be protected, and control who can receive the traffic. The IPsec standard can be applied to protect packets between hosts, between network security gateways like routers or firewalls, or between hosts and network security gateways. Because IPsec packets are the same as other IP packets, network managers can nest network security services and provide capabilities such as performing end-to-end authentication between hosts and sending related IPsec data through a secure IPsec tunnel.

The IPsec standard also defines several new packet formats, such as Encapsulating Security Payload (ESP), for confidentiality. ESP supports any type of symmetric encryption, with the default standard method being the 56-bit Data Encryption Standard (DES). The 3DES and AES standards are also common with IPsec. IPsec security parameters are communicated between network devices in accordance with the Internet Key Exchange (IKE) protocol.

The VPNs using IPsec can provide both a CPE to CPE or site to site s ecure tunnel s. In both cases, IPSec protocols is used to encapsulate the data being transferred within an IP wrapper that will go over the Internet. This encapsulated data is received by the IPsec VPN gateway at the other end , unwrapped, decrypted, and routed to the recipient. Traffic coming from the IPsec VPN gateway is handled as if it came from any user within the LAN itself. As a result, networklayer VPNs provide users the same, continuous access to the network that they would have if they were physically connected.

A competing technology of the IPsec VPN is the SSL VPN. Actually, SSL is best used as the remote access and mobile access VPN while IPsec is the best to create VPNs among fixed sites. The following table compares the applications for IPsec and SSL VPNs:

IPsec Virtual Private Network (IPsec VPN) - 2

IPsec Virtual Private Network (IPsec VPN)

IPsec Virtual Private Network (IPsec VPN)

Related Terms: Tunneling, IPsec, SSL, TLS, PPTP, L2TP, L2F , SOCKS 5, Encryption, Encapsulation , MPLS VPN,SSL VPN

‹ Deep Inspection Technologies and FirewallsupL2TP / PPTP Virtual Private Network (VPN) ›