- Data Structure
- Networking
- RDBMS
- Operating System
- Java
- MS Excel
- iOS
- HTML
- CSS
- Android
- Python
- C Programming
- C++
- C#
- MongoDB
- MySQL
- Javascript
- PHP
- Physics
- Chemistry
- Biology
- Mathematics
- English
- Economics
- Psychology
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
What is IPsec in computer networks?
IP Security (IPSec) is a collection of protocols which is designed by Internet Engineering Task Force (IETF) to provide security for a packet at the network level. It helps to create confidential and authenticated and packets for the IP layer as shown in below diagram −
IPSec protocol aim is to provide security services for IP packets like encrypting sensitive data/packets, authentication, and protection against replay and data confidentiality. It can be configured to operate in two different modes −
- Tunnel Mode
- Transport mode.
The original packet is generated as follows −
IP Header | UDP Header | Data |
Let us discuss each mode in detail.
Tunnel mode
IPSec tunnel mode is the default mode. IPSec Tunnel mode is most widely used to create site-to-site IPSec VPN.
Let see the packet format of IPSec tunnel mode with ESP header −
|🡨-----Original Packet----------🡨|
NewIP Header | ESP Header | IP Header | TCP/UDP Header | Data | ESP Trailer | EXP Auth.trailer |
|🡨-------Encrypted---------------------------🡨|
|-----------------------Authenticated----------------------🡨|
From the above format we can conclude the following −
The encrypted part of the packet contains the following −
IP Header | UDP Header | Data | ESP Trailer |
The authenticated part of the packet contains the following −
ESP Header | IP Header | UDP Header | Data | ESP Trailer |
Transport Mode
IPSec Transport mode is used for end-to-end communications. In this only, the Data Payload of the IP datagram is secured by IPSec.
IP Header | ESP Header | TCP/UDP Header | Data | ESP Trailer | EXP Auth.trailer |
|🡨-------Encrypted--------------🡨|
|-----------------------Authenticated---------🡨|
From the above format we conclude the following −
The encrypted part of the packet contains the following −
UDP Header | Data | ESP Trailer |
The authenticated part of the packet contains the following −
ESP Header | UDP Header | Data | ESP Trailer |