Network Sales and Services Handbook (Cisco Press Networking Technology)

The Internet Engineering Task Force (IETF) has a working group called IP Security Protocol (IPSec), which is responsible for defining Internet security standards and protocols. IP-VPNs use the IPSec standards as part of their security measures.

IP packets have no inherent security and as such it can be considered easy to forge the source and destination addresses of IP packets, modify the contents of IP packets, replay old packets, and inspect the contents of IP packets in transit. There is no guarantee that IP messages received are:

• From the sender (the source address in the IP header),

• They contain the original data the sender placed in them,

• Or that the original data was not inspected and/or copied by a third party while the packet was in transit.

IPSec is a collection of cryptography-based services and protocols, providing authentication as well as encryption to an IP-VPN connection using L2TP. IPSec protects IP message traffic by providing data origin authentication, connectionless data integrity authentication, data content confidentiality, anti-replay protection, and limited traffic flow confidentiality.