What are the basic building blocks of IPSec VPN tunnelling?

The basic building blocks of the IPsec vpn tunnelling are as follows −

  • Authentication header − it is used to verify the identity of the sender of the data and to check whether it is altered or not. It ties data in every data packet to a verifiable signature. It is used for the purpose of authentication.

  • Encapsulating security payload − the data in the data packet is scrambled by using the encryption technique to prevent the sniffing attacks. It ensures the confidentiality of the data as the data is encrypted and not being able to be understood by anyone except the one that has the key.

  • Internet Key exchange − a protocol that allows users to agree on authentication methods, encryption methods, which key to use and how long they can use the key before changing them for security purposes. These techniques ensure the integrity of the data.

  • Ipsec protocol − It is a secure network protocol that is used to authenticate and encrypt the data packet to provide a secure encrypted network that has proper authentication measures for the communication of two computers over the network. This network provides the data authentication, integrity, and confidentiality with encrypted, decrypted, and authenticated packets.

  • diffie-helman − It is a method of exchanging cryptographic keys securely over the public channel of a network. It is protocol by which the two computers can generate a shared private key with which they can easily communicate with each other or shared data over the insecure channel securely.

Generally IPsec can be used in two modes

transport mode, and network tunnelling mode

  • In the transport mode, only IP packet loading is encrypted or authorised. The route is incomplete, because the IP header is not changed and is not hidden; however, when authentication header is used, IP addresses cannot be translated, as this will always disable the hash value. Transport and operational or application layers are always protected by hash, so they cannot be changed in any way (e.g., by translating port numbers).

  • In tunnel mode, whole IP packet is encrypted and /or authenticated. It is then added to the new IP package with a new IP title or header. Tunnel mode is used to create VPNs for network-to-network communication (e.g. between routers to connect to sites), device-network communication (e.g., user access remotely) and device communication (e.g. private chat).

Updated on: 16-Sep-2021


Kickstart Your Career

Get certified by completing the course

Get Started