What is IPsec in computer networks?

Computer NetworkInternetMCA

IP Security (IPSec) is a collection of protocols which is designed by Internet Engineering Task Force (IETF) to provide security for a packet at the network level. It helps to create confidential and authenticated and packets for the IP layer as shown in below diagram −

IPSec protocol aim is to provide security services for IP packets like encrypting sensitive data/packets, authentication, and protection against replay and data confidentiality. It can be configured to operate in two different modes −

  • Tunnel Mode
  • Transport mode.

The original packet is generated as follows −

IP HeaderUDP HeaderData

Let us discuss each mode in detail.

Tunnel mode

IPSec tunnel mode is the default mode. IPSec Tunnel mode is most widely used to create site-to-site IPSec VPN.

Let see the packet format of IPSec tunnel mode with ESP header −

          |🡨-----Original Packet----------🡨|

NewIP HeaderESP HeaderIP HeaderTCP/UDP HeaderDataESP TrailerEXP Auth.trailer

          |🡨-------Encrypted---------------------------🡨|

         |-----------------------Authenticated----------------------🡨|

From the above format we can conclude the following −

  • The encrypted part of the packet contains the following −

IP HeaderUDP HeaderDataESP Trailer
  • The authenticated part of the packet contains the following −

ESP HeaderIP HeaderUDP HeaderDataESP Trailer

Transport Mode

IPSec Transport mode is used for end-to-end communications. In this only, the Data Payload of the IP datagram is secured by IPSec.

IP HeaderESP HeaderTCP/UDP HeaderDataESP TrailerEXP Auth.trailer

          |🡨-------Encrypted--------------🡨|

          |-----------------------Authenticated---------🡨|

From the above format we conclude the following −

  • The encrypted part of the packet contains the following −

UDP HeaderDataESP Trailer
  • The authenticated part of the packet contains the following −

ESP HeaderUDP HeaderDataESP Trailer
raja
Updated on 13-Sep-2021 13:11:27

Advertisements