What is IPSEC VPN?

IPSEC or Internet Protocol Security is an protocol which is designed to provide security features on the IP layer. The way it does this is by adding header information between the layer 3 and 4 to digitally sign contents of each packet. IPSEC works by using 2 mechanism to provide the security via the Authentication Header (AH) and Encapsulating Security Payload (ESP).

Application of IPSEC VPN

TUNNEL MODE

This is the default mode of IPSec. The entire payload is encapsulated via IPSec and sent across the tunnel. The payload is encrypted entirely and adds its own IP header and sent to the peer on the other side. In tunnel mode, the AH OR ESP is inserted between the IPHeader and Data. In essence, everything in transit is protected via the use of these mechanisms.

TRANSPORT MODE

In this mode, IPSec is leveraged as the key transport mechanism. A copy of the original IP header is used while the payload is encrypted via ESP or the signed to use the AH. In both cases, all the IP Header are exposed while the content (TCP/UDP to Data) are hidden.

IPSEC Support in FourFaith Products

IPSEC is supported in the use as a tunneling mechanism between devices. For example, between FourFaith Gateways or FourFaith to a Cisco devices. This is not to be confused a VPN application where a private network is deployed to the VPN Clients.

Field devices.JPG

Screenshots of Setup

IPSEC Server

IPSEC Server

IPSEC Client

IPSEC Client