IPsec VPNs offer flexible and scalable connectivity. Site-to-site connections can provide a secure, fast, and reliable remote connection. With an IPsec VPN, the information from a private network is securely transported over a public network. This forms a virtual network instead of using a dedicated Layer 2 connection, as shown in the figure. To remain private, the traffic is encrypted to keep the data confidential.
IPsec is an IETF standard that defines how a VPN can be configured in a secure manner using the Internet Protocol.
IPsec is a framework of open standards that spells out the rules for secure communications. IPsec is not bound to any specific encryption, authentication, security algorithms, or keying technology. Rather, IPsec relies on existing algorithms to implement secure communications. IPsec allows newer and better algorithms to be implemented without amending the existing IPsec standards.
IPsec works at the network layer, protecting and authenticating IP packets between participating IPsec devices, also known as peers. IPsec secures a path between a pair of gateways, a pair of hosts, or a gateway and host. As a result, IPsec can protect virtually all application traffic because the protection can be implemented from Layer 4 to Layer 7.
All implementations of IPsec have a plaintext Layer 3 header, so there are no issues with routing. IPsec functions over all Layer 2 protocols, such as Ethernet, ATM, or Frame Relay.
IPsec characteristics can be summarized as follows:
- IPsec is a framework of open standards that is algorithm-independent.
- IPsec provides data confidentiality, data integrity, and origin authentication.
- IPsec acts at the network layer, protecting and authenticating IP packets.