Configuring Virtual Private Networking (VPN) Configure Internet Protocol security (IPsec)
Digi TransPort® Routers User Guide
471
About Internet Protocol Security (IPSec)
An inherent problem with the TCP protocol for carrying data over the vast majority of LANs and the
Internet is that it provides virtually no security features. This lack of security, and publicity about
hackers and viruses, prevent many people from even considering using the Internet for any sensitive
business application. IPSec provides a remedy for these weaknesses adding a comprehensive security
layer to protect data carried over IP links.
IPSec (Internet Protocol Security) is a framework for a series of IETF standards designed to
authenticate users and data, and to secure data by encrypting it during transit.
Benefits of IPSec
IPSec is provides confidentiality, integrity, and authentication in the transport of data across
inherently insecure channels.
When properly configured, IPSec provides a highly secure virtual channel across cheap, globally
available networks such as the Internet, or creates a “network within a network” for applications
such as passing confidential information between two users across a private network.
Protocols defined within IPSec
The protocols defined within IPSec include:
n IKE: Internet Key Exchange protocol
n ISAKMP: Internet Security Association and Key Management Protocol
n AH: Authentication Header protocol
n ESP: Encapsulating Security Payload protocol
n HMAC: Hash Message Authentication Code
n MD5: Message Digest 5
n SHA-1: Security Hash Algorithm
Cryptographic (encryption) techniques include:
n DES: Data Encryption Standard
n 3DES: Triple DES
n AES: Advanced Encryption Standard (also known as Rijndael)
Two key protocols within the framework are AH and ESP. AH authenticates users, and ESP applies
cryptographic protection. The combination of these techniques is designed to ensure the integrity and
confidentiality of the data transmission. Put simply, IPSec is about ensuring that:
n Only authorized users can access a service.
n No one else can see what data passes between one point and another.
IPsec operation modes
There are two modes of operation for IPSec, transport mode and tunnel mode.
n In transport mode, only the payload (such as the data content), of the message is encrypted.
n In tunnel mode, the payload and the header and routing information are all encrypted thereby
by providing a higher degree of protection.
To Next Page
Loading...
