IP Sec VPN Remote Access

Remote access enables users to connect to the systems they need when they are physically far
away.
A remote access virtual private network (VPN) enables users who are working remotely to
securely access and use applications and data that reside in the corporate data center and
headquarters, encrypting all traffic the users send and receive.
The remote access VPN does this by creating a tunnel between an organization’s network and a
remote user that is “virtually private,” even though the user may be in a public location. This is
because the traffic is encrypted, which makes it unintelligible to any eavesdropper. Remote users
can securely access and use their organization’s network in much the same way as they would if
they were physically in the office. With remote access VPN, data can be transmitted without an
organization having to worry about the communication being intercepted or tampered with.

IP Sec
IPsec is a group of protocols that are used together to set up encrypted connections between
devices. It helps keep data sent over public networks secure. IPsec is often used to set up VPNs,
and it works by encrypting IP packets, along with authenticating the source where the packets
come from.
How do users connect to an IPsec VPN?
Users can access an IPsec VPN by logging into a VPN application, or "client." This typically
requires the user to have installed the application on their device.
IPsec connections include the following steps: Key exchange, Packet headers and trailers,
Authentication, Encryption, Transmission and Decryption.
IPSec VPN Negotiations

The devices at either end of an IPSec VPN tunnel are IPSec peers. To build the VPN tunnel,
IPSec peers exchange a series of messages about encryption and authentication, and attempt to
agree on many different parameters. This process is known as VPN negotiations. One device in
the negotiation sequence is the initiator and the other device is the responder. In a remote access
VPN environment, the initiator is almost always the remote access VPN client and the responder
is typically the VPN gateway 

VPN negotiations happen in two distinct phases: Phase 1 and Phase 2.

Phase 1

The main purpose of Phase 1 is to set up a secure encrypted channel through which the two
peers can negotiate Phase 2. When Phase 1 finishes successfully, the peers quickly move on to
Phase 2 negotiations. If Phase 1 fails, the devices cannot begin Phase 2.

Phase 2

The purpose of Phase 2 negotiations is for the two peers to agree on a set of parameters that
define what traffic can go through the VPN, and how to encrypt and authenticate the traffic. This
agreement is called a Security Association.