What is IPsec in Computer Networks

IP Security (IPSec) is a collection of protocols which is designed by Internet Engineering Task Force (IETF) to provide security for a packet at the network level. It helps to create confidential and authenticated and packets for the IP layer as shown in below diagram −

IPSec protocol aim is to provide security services for IP packets like encrypting sensitive data/packets, authentication, and protection against replay and data confidentiality. It can be configured to operate in two different modes −

• Tunnel Mode
• Transport mode.

The original packet is generated as follows −

Let us discuss each mode in detail.

Tunnel mode

IPSec tunnel mode is the default mode. IPSec Tunnel mode is most widely used to create site-to-site IPSec VPN.

Let see the packet format of IPSec tunnel mode with ESP header −

          |?-----Original Packet----------?|

          |?-------Encrypted---------------------------?|

         |-----------------------Authenticated----------------------?|

From the above format we can conclude the following −

• The encrypted part of the packet contains the following −

• The authenticated part of the packet contains the following −

Transport Mode

IPSec Transport mode is used for end-to-end communications. In this only, the Data Payload of the IP datagram is secured by IPSec.

          |?-------Encrypted--------------?|

          |-----------------------Authenticated---------?|

From the above format we conclude the following −

• The encrypted part of the packet contains the following −

• The authenticated part of the packet contains the following −