Skip to main content

Internet Protocol Security

aliases:

  • IPsec

A network protocol suite used to secure data through authentication and encryption as the data travels across the network or the Internet.

IPsec has two core protocols.

  • Application Header (AH)
  • Encapsulating Security Payload (ESP)

IPsec operates in two main modes.

Transport Mode

Used to secure communications between hosts on a private network (end-to-end). When used with ESP, only the payload data is encrypted. When used with AH, integrity is provided for the IP header.

Tunnel Mode

Used for communications between VPN gateways across an insecure network. This is also called router implementation. When used with ESP, the whole IP packet (both header and payload) is encrypted and encapsulated as a datagram with a new IP header.

AH doesn't have a use case in tunnel mode, since it doesn't provide encryption.

Header Formats (Raw Lesson Content)

The principles underlying IPSec are the same for IPv4 and IPv6, but the header formats are different. IPSec makes use of extension headers in IPv6 while in IPv4, ESP and AH are allocated new IP protocol numbers (50 and 51), and either modify the original IP header or encapsulate the original packet, depending on whether transport or tunnel mode is used.

  • [i]

    IPsec is often paired with L2TP to provide added security, and this forms a robust VPN configuration that is often used today.

Back to top