VPN

  • Virtual Private Network
    • Route exchange privacy
    • Path determination for packets
    • Data Security
      • IPSec IP security
    • Collection of standized protocols that provide
      • Confidentiality
      • Integrity
      • Authentication
      • Anti-Reply

IPSec

  • SA, Security Association
  • IKE, Internet Key Exchange
    • Phase 1
      • ISAKMP session established
      • ISAKMP Internet Security Association and Key Management Protocol
      • Exchange of “Transform Sets”  (IPSec protocols you support)
    • Phase 2
      • Happens inside protection of the IKE Phase-1 tunnel
      • Creates unidirectional SA associations between tunnel endpoints
  • AH, Authentication Header
    • IP protocol #51
  • ESP, Encapsulation Security Payload
    • IP protocol #50
  • AH + ESP offer authentication and Integrity
  • ESP offers encryption
  • Tunnel mode
    • Gives a new IP header infront of the  ESP/AH header
  • Transport mode
    • Original header in maintained

 

 

Add a Comment

Your email address will not be published. Required fields are marked *