IPsec
IP Security, or IPsec for short, is a framework of standards that provides the following key security features at the network layer between two peer devices:
- Data confidentiality
- Data integrity
- Data authentication
- Anti-replay detection
- Peer authentication
The Internet Engineering Task Force (IETF) defines the standards for IPsec in various RFCs. Because it provides network layer protection between devices or networks, and because it is an open standard, it is commonly used in today's networks that use IPv4 and IPv6.
This chapter will explore many of the standards that IPsec uses to provide a secure transport for communication. I'll first cover the standards used, and then discuss how these standards are implemented by IPsec in the "ISAKMP/IKE Phase 1" and "ISAKMP/IKE Phase 2" sections. As you will see in the chapter, vendors (such as Cisco), have a tendency to enhance the standards to overcome problems that IPsec can experience in data networks. Cisco, for example, has added many features to enhance both LAN-to-LAN (L2L) and remote access sessions. I'll discuss many of these features at the end of this chapter.