43. Chapter - IPSec Basics
Prev Part 6. IPSec VPN Next

43. Chapter - IPSec Basics

Table of Contents

43.1. IPSec
43.2. Public-Key Cryptography
43.3. Certificates
43.4. IKE IDs
43.5. Internet Key Exchange (IKE)
43.6. Connection Establishment in IKEv1
43.6.1. Phase 1
43.6.2. Mode Config
43.6.3. Phase 2
43.6.4. After the Initial Establishment
43.7. Connection Establishment in IKEv2
43.7.1. IKE_SA
43.7.2. CHILD_SA
43.7.3. After the Initial Establishment
43.8. Algorithms
43.8.1. Perfect Forward Secrecy (PFS)
43.9. Protection Against Attacks with Quantum Computers
43.9.1. Post-Quantum Pre-Shared Key (PPK)
43.10. Comparison of IKEv1 to IKEv2
43.11. Recommendations

43.1. IPSec

IPSec is a family of standards designed to securely connect local networks over the Internet. IPSec creates virtual private networks (VPN) for this purpose.

That is why it is compatible with all TCP/IP-based network programs that can handle different networks.

IPSec can connect local networks or individual clients with private network addresses to the Internet by establishing a so-called tunnel. The sender encrypts the IP packets and encapsulates them in new packets. At the recipient's end, the packets are decapsulated, decrypted, verified, and forwarded.

However, before an encrypted connection can be established, both parties must be certain that the other party is who they claim to be (authentication). Two methods are commonly used for this purpose. One is called a pre-shared key (PSK) or shared secret. In this case, both parties know a common password. The other method uses what is known as public-key cryptography.

Prev Up Next
Part 6. IPSec VPN Home 43.2. Public-Key Cryptography