NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.

The Book is Here... and Now On Sale!

Get The TCP/IP Guide for your own computer.
The TCP/IP Guide

Google
Web TCP/IP Guide






Table Of Contents  The TCP/IP Guide
 9  TCP/IP Lower-Layer (Interface, Internet and Transport) Protocols (OSI Layers 2, 3 and 4)
      9  TCP/IP Internet Layer (OSI Network Layer) Protocols
           9  Internet Protocol (IP/IPv4, IPng/IPv6) and IP-Related Protocols (IP NAT, IPSec, Mobile IP)

Previous Topic/Section
IP NAT Compatibility Issues and Special Handling Requirements
Previous Page
Pages in Current Topic/Section
1
Next Page
 IPSec Overview, History and Standards
Next Topic/Section

IP Security (IPSec) Protocols

One of the weaknesses of the original Internet Protocol is that it lacks any sort of general purpose mechanism for ensuring the authenticity and privacy of data as it is passed over the internetwork. Since IP datagrams must usually be routed between two devices over unknown networks, any information in them is subject to being intercepted and even possibly changed. With the increased use of the Internet for critical applications, security enhancements were needed for IP. To this end, a set of protocols called IP Security or IPSec was developed.

In this section I provide a brief description of IPSec concepts and protocols. I begin with an overview of IPSec, including a discussion of the history of the technology and defining standards. I describe the main components and protocols of the IPSec suite, and its different architectures and methods for implementation. I then move to actually discussing how IPSec works, beginning with a description of the two IPSec modes (transport and tunnel) and how they differ. I describe security associations and related constructs such as the Security Parameter Index (SPI). The last three topics cover the three main IPSec protocols: IPSec Authentication Header (AH), IPSec Encapsulating Security Payload (ESP) and the IPSec Internet Key Exchange (IKE).

Note: IPSec was initially developed with IPv6 in mind, but has been engineered to provide security for both IPv4 and IPv6 networks, and operation in both versions is similar. There are some differences in the datagram formats used for AH and ESP depending on whether IPSec is used in IPv4 and IPv6, since the two versions have different datagram formats and addressing. I highlight these differences where appropriate.


Note: There are many subjects in this Guide that are so involved that many large books have been written about them. Security on IP networks and IPSec is definitely in this category. Due to the already large size of this Guide and the complexity of IPSec, I can only provide here a very limited description of how it works. For more comprehensive information you will need to supplement with a reference specific to this technology.


Quick navigation to subsections and regular topics in this section



Previous Topic/Section
IP NAT Compatibility Issues and Special Handling Requirements
Previous Page
Pages in Current Topic/Section
1
Next Page
 IPSec Overview, History and Standards
Next Topic/Section

If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005

© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.