IP Security
- Layer 3 and 4 protocol
- Standards-based
- Framework
- Provides confidentiality & integrity
- Once you authenticate everything is gonna be encrypted
- What gives you integrity?
- Tunneling like GRE
- IP only
- Unlike GRE which supports everything
- Commonly used in Virtual Private Networks
Types of VPN
/CAP/Network+/Visual%20Aids/Pasted%20image%2020250115124605.png)
- We do not know where our users are going to connect from
- An alternative to IPsec is called TLS/SSL which uses port TCP 443 sharing port with HTTPS.
- It is easier to use TLS/SSL
- Site-to-site uses IPsec always.
How two routers build a VPN session?
- From Tampa to Orlando
- From side A to side B
- A sends traffic into its router
- Hey router if you see an envelope source from here to that other IP
- How do you encrypt it? maybe you use: AES or SHA256.
- Router A is going to call router B using port UDP 500
- This is called a management session and establishes encryption between the two routers
- In phase 2 this is where we set up our communications with IPsec data essays.
- If one of the other sides is misconfigure, if they both do not have a matching the tunnel is not formed, they have to exactly math specifications.
/CAP/Network+/Visual%20Aids/Pasted%20image%2020250115125318.png)