Scribd Logo
Upload

Welcome to Scribd!

  • Connection Types:: Concept of IPSEC - Protocols

    Uploaded by

    Anton Fortov
    12 views8 pages
    IPSec can operate in two connection types - peer-to-peer and gateway-to-gateway. It supports two protocols - AH and ESP - that can be used in transport or tunnel mode. Transport mode secures traffic between hosts while tunnel mode secures traffic between networks by placing the original IP packet within an IPsec-protected packet. IPSec encrypts and/or authenticates packets but does not create any new interfaces.

    Original Description:

    MTCSE

    Original Title

    slides06-ipsec

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    IPSec can operate in two connection types - peer-to-peer and gateway-to-gateway. It supports two protocols - AH and ESP - that can be used in transport or tunnel mode. Transport mode secures traffic between hosts while tunnel mode secures traffic between networks by placing the original IP packet within an IPsec-protected packet. IPSec encrypts and/or authenticates packets but does not create any new interfaces.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    12 views8 pages

    Connection Types:: Concept of IPSEC - Protocols

    Uploaded by

    Anton Fortov
    IPSec can operate in two connection types - peer-to-peer and gateway-to-gateway. It supports two protocols - AH and ESP - that can be used in transport or tunnel mode. Transport mode secures traffic between hosts while tunnel mode secures traffic between networks by placing the original IP packet within an IPsec-protected packet. IPSec encrypts and/or authenticates packets but does not create any new interfaces.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    Concept of IPSEC – protocols

    Connection types:
    Peer-to-Peer Gateway-to-Gateway
    transoprt mode Tunnel mode
    AH (prot.51) + +
    ESP (prot.50) + +
    New IP header - +
    New Interface - -

    Note: IPSec DOES NOT create any INTERFACE !

    239
    Concept of IPSEC – modes

    AH(51) transport:

    ESP(50) transport:

    AH(51) tunnel:

    ESP(50) tunnel:

    240
    Concepts of Ipsec - INCAPSULATION
    MTU
    .

    MTU – Header1 - Header2 -…- HeaderN = DATA SIZE


    Ethernet MTU 1500

    DATA (MSS) 1460

    L2 L3 L4
    Ethernet IP TCP Payload
    Frame with Header header Any data to transmit for upper-level protocols
    MACs FC

    TUNNEL MTU 1476

    DATA (MSS) 1436

    L2 L3 L4 L3 L4
    Ethernet IP AH IP TCP
    Frame with Header Header Header Header Payload
    MACs new FC

    241
    The Ipsec modes

    INTERNET
    (WiFi)

    IPSec
    WAN 1.1.1.2/24 WAN 2.2.2.2/26

    R1 R2

    LAN1: LAN2:
    10.1.1.0/24 10.2.2.0/24

    242
    The IPSec position in traffic flow

    243
    Traffic flow diagram with IPSec

    Encrypt No
    IPSec IPSec OUTPUT
    Encryption policy INTERFACE

    244
    The Ipsec modes

    1. Transport mode R1 <-> R2

    WAN IP

    2. Tunnel mode LAN1 <-> LAN2

    WAN IP
    LAN IP

    245
    The Ipsec simple transport setup

    1. Setup “Peer”

    2. Setup “Identity” – “Pre shared key”

    3. Setup “Policy” for icmp traffic only

    246

    You might also like