Please Whitelist This Site?

I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)

If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.

If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.

Thanks for your understanding!

Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide


NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.

The Book is Here... and Now On Sale!

Read offline with no ads or diagram watermarks!
The TCP/IP Guide

Custom Search







Table Of Contents  The TCP/IP Guide
 9  TCP/IP Lower-Layer (Interface, Internet and Transport) Protocols (OSI Layers 2, 3 and 4)
      9  TCP/IP Internet Layer (OSI Network Layer) Protocols
           9  Internet Protocol (IP/IPv4, IPng/IPv6) and IP-Related Protocols (IP NAT, IPSec, Mobile IP)
                9  IP Security (IPSec) Protocols

Previous Topic/Section
IPSec Overview, History and Standards
Previous Page
Pages in Current Topic/Section
1
23
Next Page
IPSec Architectures and Implementation Methods
Next Topic/Section

IPSec General Operation, Components and Protocols
(Page 1 of 3)

I have a confession to make: I considered not writing about IPSec in this Guide. When you find yourself writing a tome as large as this one, you lose stamina sometimes and there's this urge to avoid writing about confusing subjects. J IPSec isn't the only difficult topic in this Guide but it is definitely a subject that baffles many because it's hard to get your hands around. Most discussions of it jump straight to describing the mechanisms and protocols without providing a general description of what it does and how the pieces fit together. Well, I recognized that IPSec is important and I don't shy away from a challenge. Thus, here's my attempt to provide a framework for understanding IPSec's various bits and pieces.

So, what exactly does IPSec do and how does it do it? In general terms, it provides security services at the IP layer for other TCP/IP protocols and applications to use. What this means is that IPSec provides the tools that devices on a TCP/IP network need in order to communicate securely. When two devices (either end user hosts or intermediate devices such as routers or firewalls) want to engage in secure communications, they set up a secure path between themselves that may traverse across many insecure intermediate systems. To accomplish this, they must perform (at least) the following tasks:

  1. They must agree on a set of security protocols to use, so that each one sends data in a format the other can understand.

  2. They must decide on a specific encryption algorithm to use in encoding data.

  3. They must exchange keys that are used to “unlock” data that has been cryptographically encoded.

  4. Once this background work is completed, each device must use the protocols, methods and keys previously agreed upon to encode data and send it across the network.

Previous Topic/Section
IPSec Overview, History and Standards
Previous Page
Pages in Current Topic/Section
1
23
Next Page
IPSec Architectures and Implementation Methods
Next Topic/Section

If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005

© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.