View on GitHub

networking

Harsh Kapadia's Computer Networking knowledge

IPSec

(Back to Home)

Features

NOTE: Resources for ciphers (AES, RSA, DES, etc), hashes (MD5, SHA1, SHA256, etc) and key exchange methods (Diffie-Hellman) can be found in the resources section at the end.

IKE

IKEv1

Negotiation modes

The origin machine proposes a connection to the target machine and that proposal can occur in two modes.

Negotiation

IKEv2

Negotiation

NOTE: There is only one phase in IKEv2.

Security protocols

NOTE:

  • The contents of the ‘Payload’ depends on the IPSec operation mode.
  • AH and ESP can be used together as well, but it is quite uncommon to do so.

AH

ESP

Operation modes

Transport mode

IPSec Transport mode :point_down:


Encapsulation with AH in Transport mode :point_down:

NOTE: There is only one IP header, ie, the original IP header.

Encapsulation with ESP in Transport mode :point_down:

NOTE: There is only one IP header, ie, the original IP header.

Tunnel mode

IPSec Tunnel mode :point_down:


Encapsulation with AH in Tunnel mode :point_down:


Encapsulation with ESP in Tunnel mode :point_down:


Overview of IPSec operation modes :point_down:

Advantages

Disadvantages

Resources