VPN

• Virtual Private Network
  • Route exchange privacy
  • Path determination for packets
  • Data Security
    • IPSec IP security
  • Collection of standized protocols that provide
    • Confidentiality
    • Integrity
    • Authentication
    • Anti-Reply

IPSec

• SA, Security Association
• IKE, Internet Key Exchange
  • Phase 1
    • ISAKMP session established
    • ISAKMP Internet Security Association and Key Management Protocol
    • Exchange of “Transform Sets”  (IPSec protocols you support)
  • Phase 2
    • Happens inside protection of the IKE Phase-1 tunnel
    • Creates unidirectional SA associations between tunnel endpoints
• AH, Authentication Header
  • IP protocol #51
• ESP, Encapsulation Security Payload
  • IP protocol #50
• AH + ESP offer authentication and Integrity
• ESP offers encryption
• Tunnel mode
  • Gives a new IP header infront of the  ESP/AH header
• Transport mode
  • Original header in maintained