IPsec (IP Security) - a set of protocols for protecting data transmitted over the IP cross-network protocol. It allows authentication, integrity verification and/or encryption of IP packets.

IPsec also includes protocols for secure key exchange on the Internet. It is mainly used to establish VPN connections.

IPsec can function in two modes: transport and tunnel mode.

In transport mode only the data of an IP packet is encrypted (or signed), the original header is preserved. Transport mode is usually used to establish a connection between hosts. It can also be used between gateways to protect tunnels organized in some other way.

Tunnel mode encrypts the entire original IP packet: data, header, routing information, and then inserts it into the data field of the new packet, that is, encapsulation occurs. Tunnel mode can be used to connect remote computers to a virtual private network or to organize secure data transfer through open communication channels (e.g. Internet) between gateways to connect different parts of a virtual private network.

IPsec modes are not mutually exclusive. On the same host, some SAs may use transport mode and others may use tunnel mode.

The IPsec protocol is mainly used to establish VPN tunnels. In this case, the ESP and AH protocols work in tunneling mode. In addition, by configuring security policies in a certain way, the protocol can be used to create a firewall. The point of a firewall is that it controls and filters the packets that pass through it according to a set of rules. A set of rules is set and the screen looks at all packets that pass through it. If the transmitted packets are subject to these rules, the firewall handles them accordingly. For example, it can reject certain packets, thereby terminating unsafe connections. By configuring the security policy accordingly, you can, for example, deny web traffic. To do so, all you have to do is prevent packets that contain HTTP and HTTPS messages from being sent. IPsec can also be used to protect servers by dropping all packets except those required for the server to function properly. For example, for a Web server, all traffic can be blocked except for connections through TCP port 80, or TCP port 443 in cases where HTTPS is used.

IPsec is used here to ensure secure user access to the server. When using the ESP protocol, all access to the server and its responses are encrypted. However, open messages are transmitted behind the VPN gateway (in the encryption domain).

Encryption of traffic between the file server and computers on the local network using IPsec in transport mode.
Connection of two offices using IPsec in tunnel mode.

Updated March 28, 2021