Internet Protocol Security (IPsec)

[Contents] [Prev] [Next] [Index] [Report an Error]

IP Security (IPsec) is a suite of related protocols for cryptographically securing communications at the IP Packet Layer. IPsec consists of two modes and two main protocols:

Transport and tunnel modes
The Authentication Header (AH) protocol for authentication and the Encapsulating Security Payload (ESP) protocol for encryption (and authentication)

IPsec also provides methods for the manual and automatic negotiation of security associations (SAs) and key distribution, all the attributes for which are gathered in a Domain of Interpretation (DOI). See RFC 2407 and RFC 2408. See Figure 63.

Figure 63: IPsec Architecture

Image g030610.gif

Note: The IPsec domain of interpretation (DOI) is a document containing definitions for all the security parameters required for the successful negotiation of a VPN tunnel—essentially, all the attributes required for SA and IKE negotiations.

This section includes:

[Contents] [Prev] [Next] [Index] [Report an Error]