Configuring ipsec vpn, Introduction, Vpn fundamentals – RuggedCom RuggedRouter RX1100 User Manual

Page 144: Ipsec modes

Advertising
background image

16. Configuring IPsec VPN

Revision 1.14.3

144

RX1000/RX1100™

16. Configuring IPsec VPN

16.1. Introduction

This chapter familiarizes the user with:

• Configuring IPsec VPN Global Options

• Creating VPN Connections

• Configuring L2TPD

• Enabling And Starting IPsec

• Obtaining VPN Status

16.1.1. VPN Fundamentals

IPsec (Internet Protocol SECurity) uses strong cryptography to provide both authentication and
encryption services. Authentication ensures that packets are from the right sender and have not been
altered in transit. Encryption prevents unauthorized reading of packet contents.

These services allow you to build secure tunnels through untrusted networks. Everything passing
through the untrusted network is encrypted by the IPsec gateway and decrypted by the gateway at
the other end. The result is a Virtual Private Network (VPN), a network which is effectively private
even though it includes machines at several different sites connected by the insecure Internet.

The IPsec protocols were developed by the Internet Engineering Task Force (IETF) and are required
as part of IP version 6.

Openswan is the open source implementation of IPsec used by ROX.

The protocols used by IPsec are the Encapsulating Security Payload (ESP) and Internet Key
Exchange (IKE) protocols.

ESP provides encryption and authentication (ensuring that a message originated from the expected
sender and has not been altered on route).

IKE negotiates connection parameters, including keys, for ESP. IKE is based on the Diffie-Hellman
key exchange protocol, which allows two parties without any initial shared secret to create one in a
manner immune to eavesdropping.

16.1.1.1. IPsec Modes

IPSec has two basic modes of operation. In transport mode, IPSec headers are added as the original
IP datagram is created. The resultant packet is composed of an IP header, IPSec headers and IP
payload (including a transport header). Transport mode is most commonly used between IPsec end-
stations, or between an end-station and a gateway.

In tunnel mode, the original IP datagram is created normally and then encapsulated into a new IP
datagram. The resultant packet is composed of an new IP header, IPSec headers, old IP header and

Advertising
Popular Brands
Popular manuals