logo
← Back To List

What is IPsec

Introduction

IPsec (Internet Protocol Security) is a framework that helps us to protect IP traffic on the network layer. Why? because the IP protocol itself doesn’t have any security features at all.

IPsec Cheat Sheet

IPsec is a complex framework, including many protocols. I always wanted to make a hand-draw style cheat sheet to help memorizing the key elements, and here it is, thanks to the great online tool https://excalidraw.com/

IPsec VPN

When we talk about IPsec, we usually mean IPsec VPN.

The main use cases includes:

IKE(Internet Key Exchange)

Before we can protect any IP packets,we need to build the IPsec tunnel.

To establish an IPsec tunnel, we use a protocol called IKE (Internet Key Exchange). IKE is the negotiation protocol that allows peers to agree on how to build an IPsec security association.

IKE has two phases:

Phase 1

IKE phase 1 establishes a secure tunnel that we can use for IKE phase 2.

Step 1: Negotiation

The two peers negotiate a set of algorithms includes

Step 2: DH key exchange

Two peers use the DH group they negotiated to exchange keying material and determine a shared key.

Step 3: Authentication (main mode or aggressive mode)

Two peers will use the negotiated authentication method(pre-shared key or digital certificates) to authenticate each other. Once successfully completed, a bidirectional IKE phase 1 tunnel (aka ISAKMP tunnel) is established.

Phase 2

An IKE phase 2 tunnel (aka IPsec tunnel) is actually used to protect user data.

Like in phase 1, our peers need to negotiate a set of items:

IPsec protocols

Note that IKE only builds the tunnel, but it does not authenticate or encrypt user data. For that we use other two protocols:

ESP is more popular because only ESP provide encryption.

References

https://networklessons.com/cisco/ccie-routing-switching/ipsec-internet-protocol-security

https://www.csoonline.com/article/513053/how-ipsec-works.html

← Back To List