VPN: encapsulating the communication between the two PC’s in an encrypted tunnel that uses strong encryption methods.
IPsec (Internet Protocol Security), is a set of protocols define by the Internet Enginering Task Force (IETF) to provide IP security at the network layer.
ist eine Protokoll-Suite, die eine gesicherte Kommunikation über unsichere IP-Netze wie das Internet ermöglicht.
IPsec arbeitet direkt auf der Vermittlungsschicht (Internet Layer)
IPSec based VPN made up of two parts:
- 1. IKE Internet Key Exchange protocol. Introduced 1998 IKEv1 and 2005 IKEv2 (RFC 5996).
IKE ist the initial negotiation phase,..
two endpoints agree on whitch methods will be used to provide security for the IP traffic
IKE is used to manage connections, by defining a set of SA (Security Associations)
one SA for each connection.
SAs are unidirectional, ... there are least two SAs for each IPsec connection (one for the incoming traffic, and the other the outgoing.)
- 2. ESP Encapsulating Security Payload - IPsec protocols
second part is the IP data being transferred, using the encryption and authentication methods agreed upon IKE negotiation.
ESP= Encapsulating Security Payload and AH=Authentication Header.
AH cOS Core only supports ESP headers, AH is not supported.
IKE negotiates how IKE should be protected
IKE negotiates how IPsec shoud be protected
IPsec moves data