IPSec is a protocol suite to authenticate and encrypt the packets being exchanged between two points
VPN is a private connection over a public network - Layer 2 or Layer 3
IPSec is a standard by IETF to create a VPN tunnel at Layer 3 (Network Layer)
IPSec provides
Integrity: It indicates that the received message is same message that was sent [MD5, SHA]
Authentication: refers to verifying identity of a network entity like user/device [PSK, RSA]
Confidentiality: It is used to hide information [DES, 3DES, AES, SEAL]
Key Management: To agree on key used for authentication and other purpose [Manual or automatic]
To achieve the goal of creating a secure tunnel, two peers needs to negotiate all the required parameters
IPSec uses following protocols:
Authentication Header (AH): It provides authentication and integrity
Encapsulation Security Protocol (ESP): It provides authentication, integrity and confidentiality
Internet Key Exchange (IKE): Key management protocol, used to negotiate Security Association (SA)
SA are security polices for commination between peers
IKE performs its jobs using ISAKMP framework using two phases
Phase-1 is used to negotiate ISAKMP policy by exchange 5 parameters referred to as HAGLE
In this phase, Peers authenticate each other and calculate a shared secret key
Phase-1 gives a secure tunnel to be used in second IKE phase
#IPsec
#IKE
#VPN
#InternetKeyExchange
