IPSec traffic and tutorial - VPN tutorial
IPSec which works at the network layer is a framework consisting of protocols and algorithms for protecting data through an un-trusted network such as the internet. IPSec provides data security in various ways such as encrypting and authenticating data, protection against masquerading and manipulation. IPSec is a complex framework consisting of many settings, which is why it provides a powerful and flexible set of security features that can be used.
IPSec is a collection of different protocols or algorithms. IPSec traffic can be configured using over 30 different settings. IPSec is used to secure traffic from site to site or site to a mobile user. As the world is constantly changing and growing with technology, IPSec suits this as it’s a framework, which allows you add new and better algorithms coming out.
When two IPSec gateways want to make a VPN connection between them, they negotiate on various settings and parameters and must make an agreement on the parameters used. For example what type of authentication and encryption will be used within the VPN tunnel. This is generally called VPN negotiation.
IPSec does not use RSA for data encryption. It uses DES, 3DES, or AES. IPSec uses RSA for IKE internet key exchange for during peer authentication phase, to ensure the other side is authentic and who they say they are.
4 key functions or services of IPSec are as follows;
1 Confidentiality – Encrypting data, and scrambling.
2 Data Integrity – data has not been changed.
3 Data Authentication – authenticating receiver. Sender receiver is who they say they are.
4 Anti-replay – each packet is unique, has not been duplicated or intercepted.
5 phases of IPSec
1 define interesting traffic
2 IKE phase 1 – key exchange phase
3 IKE phase 2 – IPSec policy and transform sets are processed
4 Transfer data – After the tunnels are established you transfer the data.
5 Tear down the tunnel
IPSec uses two different protocols to encapsulate the data over a VPN tunnel:
Encapsulation Security Payload (ESP): IP Protocol 50
Authentication Header (AH): IP Protocol 51
ESP is more secure as it provides data encryption. AH just provides authentication.
Wikipedia's guide to IPSec