Lesson 3: What is VPN (Virtual Private Network)?
IPsec can provide network security can create VPN tunnel to
end-to-end IP traffic (IPsec transport mode) or site-to-site IPsec tunnel between
two VPN gateways (IPsec tunnel mode).
Transport Mode
Transport mode: only the data payload of IP datagrams is
secured by IPsec. IP header is the original IP header and IPsec inserts its
header between the IP header and the upper level headers.
IPsec transport mode can be used when encrypting traffic
between two hosts or between host and a VPN gateway.
If ESP is used, the data is encrypted and authenticated or
just authenticated if AH used.
Tunnel Mode
Tunnel mode: entire datagram is secured by IPsec. The
original IP packet (IP header and data payload) is encapsulated in a new IP
packet.
In IPsec the original IP datagram is encapsulated with an AH
(provide no confidentiality by encryption) or ESP (provide encryption) header
and an additional IP header. The IP addresses of the newly added outer IP header
are that of the VPN gateways. The traffic between two VPN gateways appears to
be from the two gateways (in a new IP datagram) with the original IP datagram
is encrypted (in case of ESP) inside IPsec packet.
IPsec tunnel mode most widely used to create site-to-site
IPsec VPN.
IPsec is in layer 3 and protect all the protocols in TCP/IP
protocol suit. Thus IPsec consists security protocols and technologies to
provide data confidentiality, integrity, authentication and anti-replay
capabilities.
Post a Comment