IPSec
Internet Protocol Security, or IPSec is a framework that helps us to protect IP traffic on the network layer. IPv4 itself doesn’t have any security features at all so IPSec is used to protect traffic with the following features:
- Confidentiality: by encrypting our data, nobody except the sender and receiver will be able to read our data.
- Integrity: we want to make sure that nobody changes the data in our packets. By calculating a hash value, the sender and receiver will be able to check if changes have been made to the packet.
- Authentication: the sender and receiver will authenticate each other to make sure that we are really talking with the device we intend to.
- Anti-replay: even if a packet is encrypted and authenticated, an attacker could try to capture these packets and send them again. By using sequence numbers, IPSec will not transmit any duplicate packets.
IPv6 has IPSec incorporated into its operation, which means that communication between two IPv6 endpoints can be either authenticated, encrypted, or both via extension headers.
Links
https://networklessons.com/cisco/ccie-routing-switching-written/ipsec-internet-protocol-security
Links to this page:
- home
- ASA - VTI VPN and MSS
- ASA - object group protocol vs service
- ASA CTM ipsec poll ctl DU_IOCTL_RESUME_POLL ioctl failed error
- ASA Site-to-Site IKEv1 IPSec VPN recv errors
- ASA crypto map and tunnel group preshared keys
- ASA troubleshooting IPSec
- ASA tunnel-group
- CCNP SCOR exam topics
- Cisco IOS Order of Operation
- Cisco SD-WAN IPSec encapsulation on tunnel interface of vBond
- DMVPN - IPsec encryption order of operations
- DMVPN State of a tunnel
- DMVPN
- Decrypt IPSec ESP traffic with Wireshark
- Ethernet over IP (EoIP)
- FlexVPN Hub and Spoke backup routes
- FlexVPN spoke to spoke communication fails with IPSec tunnel
- GRE MTU settings
- GRE and IPSec
- IETF
- IPSec - Authentication Header (AH)
- IPSec - ESP vs AH
- IPSec - Encapsulating Security Payload (ESP)
- IPSec - Key Exchange Data
- IPSec - NAT, AH, and ESP
- IPSec - crypto map multiple peers
- IPSec - crypto-map vs transform-set
- IPSec - why does IKE need two phases
- IPSec ESP Wireshark decrypt payload
- IPSec NAT Transparency
- IPSec how it works with NAT-T
- IPSec profile operation with more than one crypto isakmp policy
- IPsec - does it support multicast
- L2TPv3 over IPSec
- MPLS - Virtual Private Network (VPN)
- NHRP - Authentication
- OSPF - OSPFv3 authentication
- OSPFv2 and OSPFv3 comparison
- Security - Cisco AnyConnect Secure Mobility Client
- Security - Cisco VPN Client
- Security - Cisco VPN client software
- Security - Diffie-Hellman groups
- Security - IPsec nonce
- Security IKE policy hash command
- Security keyrings
- VPN - IKEv2 peer address of 0.0.0.0 0.0.0.0
- VPN - NAT Exemption
- VPN - crypto keepalive
- VPN - default gateway for site to site VPN
- VPN DVTI tunnel source
- VPN
- WAN - how to choose a WAN technology