- DCN Tutorial
- Data Comm & Networks Home
- DCN - Overview
- DCN - Computer Network Types
- DCN - Network LAN Technologies
- DCN - Computer Network Topologies
- DCN - Computer Network Models
- DCN - Computer Network Security
- Physical Layer
- DCN - Physical Layer Introduction
- DCN - Digital Transmission
- DCN - Analog Transmission
- DCN - Transmission media
- DCN - Wireless Transmission
- DCN - Multiplexing
- DCN - Network Switching
- Data Link Layer
- DCN - Data Link Layer Introduction
- DCN - Error detection and Correction
- DCN - Data Link Control & Protocols
- Network Layer
- DCN - Network Layer Introduction
- DCN - Network Addressing
- DCN - Routing
- DCN - Internetworking
- DCN - Network Layer Protocols
- Transport Layer
- DCN - Transport Layer Introduction
- DCN - Transmission Control Protocol
- DCN - User Datagram Protocol
- Application Layer
- DCN - Application Layer Introduction
- DCN - Client-Server Model
- DCN - Application Protocols
- DCN - Network Services
- DCN Useful Resources
- DCN - Quick Guide
- DCN - Useful Resources
What is IPsec in computer networks?
IP Security (IPSec) is a collection of protocols which is designed by Internet Engineering Task Force (IETF) to provide security for a packet at the network level. It helps to create confidential and authenticated and packets for the IP layer as shown in below diagram −
IPSec protocol aim is to provide security services for IP packets like encrypting sensitive data/packets, authentication, and protection against replay and data confidentiality. It can be configured to operate in two different modes −
- Tunnel Mode
- Transport mode.
The original packet is generated as follows −
| IP Header | UDP Header | Data |
Let us discuss each mode in detail.
Tunnel mode
IPSec tunnel mode is the default mode. IPSec Tunnel mode is most widely used to create site-to-site IPSec VPN.
Let see the packet format of IPSec tunnel mode with ESP header −
|🡨-----Original Packet----------🡨|
| NewIP Header | ESP Header | IP Header | TCP/UDP Header | Data | ESP Trailer | EXP Auth.trailer |
|🡨-------Encrypted---------------------------🡨|
|-----------------------Authenticated----------------------🡨|
From the above format we can conclude the following −
The encrypted part of the packet contains the following −
| IP Header | UDP Header | Data | ESP Trailer |
The authenticated part of the packet contains the following −
| ESP Header | IP Header | UDP Header | Data | ESP Trailer |
Transport Mode
IPSec Transport mode is used for end-to-end communications. In this only, the Data Payload of the IP datagram is secured by IPSec.
| IP Header | ESP Header | TCP/UDP Header | Data | ESP Trailer | EXP Auth.trailer |
|🡨-------Encrypted--------------🡨|
|-----------------------Authenticated---------🡨|
From the above format we conclude the following −
The encrypted part of the packet contains the following −
| UDP Header | Data | ESP Trailer |
The authenticated part of the packet contains the following −
| ESP Header | UDP Header | Data | ESP Trailer |
- Related Articles
- What is NAT in computer networks?
- What is Tunnelling in Computer Networks?
- What is bit stuffing in computer networks?
- What is byte stuffing in computer networks?
- What is Hybrid Topology in Computer Networks?
- What is baseband transmission in computer networks?
- What is Traffic Throttling in computer networks?
- What is Pure ALOHA in computer networks?
- What is slotted ALOHA in computer networks?
- What is Ethernet evolution in computer networks?
- What is load shedding in computer networks?
- What is Attenuation Distortion in computer networks?
- What is Delay distortion in computer networks?
- What is Sybil Attack in Computer Networks?
- What is Blocking Networks and Non-Blocking Networks in Computer Architecture?
