Skip to main content

More about Network tunneling and IPSec

IPSec is a set of IP extensions developed by the IETF to provide security services compatible with the existing IP standard (IPv.4) and also the upcoming one (IPv.6).

IPSec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet.

The sending and receiving devices share a public key. The key exchange happens through a protocol known as Internet Security Association and Key Management Protocol, which allows the receiver to obtain a public key and authenticate the sender using digital certificates.

Unlike SSL (see previous), IPSec is implemented at the network level and is transparent to the application running above the transport layer. By transporting traffic through an encrypted tunnel over a public network, IPSec enables the construction of a virtual private network (VPN) using a shared infrastructure.

A VPN gives users a secure point-to-point link through the Internet or other public or private networks without the expense of lease lines. It is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over an insecure network.