Ipsec vpns
1 / 12

IPSec VPNs - PowerPoint PPT Presentation

  • Uploaded on

IPSec VPNs. Industrial Strength Security for an Insecure World. Introduction. Companies, research institutions, and government organizations have long maintained private networks between central offices and branch offices.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'IPSec VPNs' - tania

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ipsec vpns


Industrial Strength Security for an Insecure World


  • Companies, research institutions, and government organizations have long maintained private networks between central offices and branch offices.

  • Employees/contractors want to work from home or external offices. Road warriors, all the way from salesmen to CEO’s, want to be mobile and connect to the home office for whatever purpose.

  • There are fast, cheap, and plentiful connections to the Internet to be had in locations as varied as libraries, airports, and Starbucks.

  • How do you go about securing what is basically an unsecured medium?

Enter vpns
Enter VPNs

  • VPNs (Virtual Private Networks) provide secure tunneling of communications over insecure networks.

  • Where physical private networks existed, VPNs are becoming commonplace not only among road warriors, branch offices, and central offices but also business-to-business partners exchanging data through a secure tunnel wrapped around the communications traffic.

Vpn topologies
VPN Topologies

  • Network-to-Network

  • Host-to-Network

  • Host-to-Host

Vpn tunneling technologies
VPN Tunneling Technologies

  • IPSec

    • IKE Internet Key Exchange

    • ESP Encapsulated Security Payload

    • AH Authentication Header

  • PPTP

  • L2TP

  • SSL

Ipsec modes an overview
IPSec Modes – An Overview

  • IPSec protocol consists of several parts that define two security protocols, AH and ESP.

    • ISAKMP is a framework for management of keys and other vital information such as security associations.

    • IKE provides the cryptographic algorithm negotiation and key distribution utilized by AH and ESP,

    • ESP provides data origin authentication, connectionless integrity, anti-replay service, and data confidentiality.

    • AH provides data origin authentication, connectionless integrity, and anti-replay service.

Security associations
Security Associations

  • Both AH and ESP rely on security associations (SAs) negotiating the properties of a secure connection using IKE.

  • The SA holds the information negotiated between the two VPN participants.

Isamp and ike

  • ISAKMP (IPSec Key Exchange and Management Protocol) is part of the IPSec suite that defines procedures for negotiation, establishment, modification, and deletion of SAs.

  • IKE (Internet Key Exchange) is based on the ISAKMP framework.

  • IKE consists of two different mode or phases.

    • Phase 1 is used to establish a secure channel later used to protect all negotiations in Phase 2.

    • Phase 2 is used to negotiate the IPSec SAs to set up the IPSec tunnel to protect the communications traffic.

Ipsec vpns

  • ESP provides for encapsulation of the unprotected IP packet, its encryption, and authentication.

  • Some newer IPSec implementations use stronger algorithms such AES, Blowfish, and Twofish.

Ipsec vpns

  • AH allows you to check the authenticity of the data and the header of the IP packet sent to you. It does not provide a mechanism for data encryption but does provide a hash that code that allows you to check whether the packet was tampered with along the way.

Ip compression
IP Compression

  • As you might guess, all this extra security comes at the price of extra encapsulation of the IP packet.

  • This translates into decreased throughput. IPSec seeks to overcome this problem with a built-in IP compression protocol.


  • IPSec VPNs provide strong security for business-to-business and person-to-business needs. IPSec has two protocols, AH and ESP, that give confidentiality, integrity, and authentication.

  • IPSec also has protocols and frameworks for key negotiation and data compression.

  • FreeS/WAN used to be the only IPSec game in town as far as Linux was concerned.

  • With the advent of the 2.6 kernel series, there is now integrated support for IPSec in the kernel in addition to the survivor of FreeS/WAN, OpenSWAN.