SlideShare ist ein Scribd-Unternehmen logo
1 von 28
Internet Protocol Security (IPSec) Group name: grouppage
What to expect ,[object Object],[object Object],[object Object],[object Object],[object Object]
Internet Protocol (TCP/IP) ,[object Object],[object Object],[object Object],[object Object],[object Object]
IPSec Compared To SSL ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
IP with SSL ,[object Object],[object Object],[object Object]
IPSec ,[object Object]
When to use? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IPSec basics for this presentation ,[object Object],[object Object]
[object Object],[object Object],[object Object],IPSec basics for this presentation
Security Policies ,[object Object]
[object Object],Security Associations AH
[object Object],Security Associations
[object Object],Security Associations
Sharing the shared secret
Sharing the shared secret ,[object Object]
Sharing the shared secret ,[object Object]
Sharing the shared secret ,[object Object]
Exchanging the secret ,[object Object]
Internet Key Exchange (IKE) ,[object Object],[object Object]
Internet Key Exchange (IKE) ,[object Object]
Sharing the shared secret Source:  http://technet.microsoft.com
IPSec Protocols ,[object Object]
Encapsulating Security Payload (ESP) ,[object Object],[object Object]
ESP packet in transport mode
ESP packet in tunnel mode New IP Header
Thank You! ,[object Object]
References ,[object Object],[object Object],[object Object],[object Object]

Weitere Àhnliche Inhalte

Was ist angesagt?

IP security Part 1
IP security   Part 1IP security   Part 1
IP security Part 1CAS
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Networkshubham ghimire
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec ProtocolsIPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
I psec
I psecI psec
I psecnlekh
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
IP Security Part 2
IP Security   Part 2IP Security   Part 2
IP Security Part 2CAS
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 

Was ist angesagt? (20)

IP security Part 1
IP security   Part 1IP security   Part 1
IP security Part 1
 
IP Security
IP SecurityIP Security
IP Security
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Network
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2
 
IPsec
IPsecIPsec
IPsec
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talk
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
The Security layer
The Security layerThe Security layer
The Security layer
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec ProtocolsIPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
I psec
I psecI psec
I psec
 
Ipsec
IpsecIpsec
Ipsec
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
IP Security Part 2
IP Security   Part 2IP Security   Part 2
IP Security Part 2
 
ip security
ip securityip security
ip security
 
Ipsec
IpsecIpsec
Ipsec
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
Ip security
Ip security Ip security
Ip security
 

Ähnlich wie IPSec

A technical comparison of ip sec and ssl 2005
A technical comparison of ip sec and ssl  2005A technical comparison of ip sec and ssl  2005
A technical comparison of ip sec and ssl 2005Nadeer Abu Jraerr
 
IPSec_VPN_Final_
IPSec_VPN_Final_IPSec_VPN_Final_
IPSec_VPN_Final_Pratik Bhide
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationdborsan
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec bigchill29
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moesheshMohamed Shishtawy
 
Ip sec and ssl
Ip sec and  sslIp sec and  ssl
Ip sec and sslMohd Arif
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange ProtocolPrateek Singh Bapna
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6phanleson
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)n|u - The Open Security Community
 
Working Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security PayloadWorking Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security Payloadijtsrd
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteHostedGraphite
 

Ähnlich wie IPSec (20)

A technical comparison of ip sec and ssl 2005
A technical comparison of ip sec and ssl  2005A technical comparison of ip sec and ssl  2005
A technical comparison of ip sec and ssl 2005
 
I psecurity
I psecurityI psecurity
I psecurity
 
IPSec_VPN_Final_
IPSec_VPN_Final_IPSec_VPN_Final_
IPSec_VPN_Final_
 
Unit 6
Unit 6Unit 6
Unit 6
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configuration
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec
 
I psec
I psecI psec
I psec
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Ip sec and ssl
Ip sec and  sslIp sec and  ssl
Ip sec and ssl
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
IP Security
IP SecurityIP Security
IP Security
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
 
Working Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security PayloadWorking Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security Payload
 
Ch16
Ch16Ch16
Ch16
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 

KĂŒrzlich hochgeladen

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂșjo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...gurkirankumar98700
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

KĂŒrzlich hochgeladen (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

IPSec

Hinweis der Redaktion

  1. There a few key things we need to describe to you so you can get a better idea of IPSec. Firstly, there are two main protocols in IPSec which namely Authentication Header, in short AH and Encapsulating Security Payload, in short ESP.
  2. The next two key terms for IPSec are Security Policy, in short SP and Security Association, in short SA.
  3. In layman’s term, SP governs how IPSec process different datagrams received by an IPSec device.
  4. Now, on the other hand, Security Associations are sets of security information that describes a particular kind of secure connection between one IPSec device and another.
  5. There are two important concepts of SA. Firstly, SAs are key to IPSec’s authentication and confidentiality mechanisms.
  6. Secondly, SAs are needed to negotiate in the exchanging of the “shared secret” process Now, each host that wants to communicate with each other securely thru IPSec, has to first setup their own security association. And each host over IPSec negotiates a same shared secret to decrypt and encrypt messages. To get shared secret, they must first use IKE and thus I will explain the process [click]
  7. Now that we know what Security Policies and Security Associations are, let’s us first understand how IPSec shares its shared secret before we move on to the Authentication Header and Encapsulating Security Payload protocols of the IPSec.
  8. IPSec, like many secure networking protocol sets, is based on the concept of a “ shared secret ”.
  9. Before AH or ESP can be used, any two devices must exchange the “secret” that the AH or ESP themselves will use.
  10. So how does this happen?
  11. The primary support protocol used for this “secret” exchange in IPSec is called Internet Key Exchange (IKE) . And during this exchange, s ymmetric encryption is used on the data(Which is must faster as data can be large) but asymmetric encryption is used to encrypt the key in transit, because a key is small in size and asymmetric encryption is more secure.
  12. IKE allows IPSec-capable devices to exchange security associations (SAs) and populate their security association databases (SADs).
  13. After setting up the Security Associations, these established SAs are then being used for the actual exchange of secured datagrams with the AH and ESP protocols. Right now, let me briefly explain how sharing of the secret works in IPSec. [Click]
  14. -Alice, using a data application on Computer A [click], sends an application IP packet to Bob on [Click] Computer B. -The IPSec driver [click] on Computer A checks its outbound IP filter lists and determines that the packets should be secured. -The action is to negotiate security, so the IPSec driver [click] notifies IKE to begin negotiations. The IKE service on Computer A completes [click] a policy lookup and [click] the policy determines that Computer A proposes to Computer B. Computer A then sends the first IKE SA message to B. -Computer B receives A’s IKE SA requesting for secure negotiation. B then [click] looks up it’s own policy database to determine which security settings (which is the SA) to agree to. Since Computer B has a policy match, B replies to begin [click] negotiation of IKE SA. -Computer A and Computer B now negotiate parameters such options, exchange identities, verify authentication methods [click], and generate a shared master key. They have now established an IKE SA and had so established a mutual trust for the exchange of future secured datagrams either with the AH or ESP IPSec protocol.
  15. The next core protocol of IPSec is the ESP
  16. An encryption algorithm combines the data in the datagram with a key to transform it into an encrypted form. This is then repackaged using a special format and transmitted to the destination, which decrypts it using the same algorithm. And this key as known by the source and destination had already been negotiated fore front by IKE which we had covered earlier on.
  17. ESP in transport mode does not sign the entire packet.
  18. The signed portion of the packet indicates where the packet has been signed for integrity and authentication and the encrypted portion of the packet indicates what information is protected with confidentiality. Now you realized that the ESP Authentication Data appears separately because it is used to authenticate the rest of the encrypted datagram after encryption . This means it cannot appear in the ESP Header or ESP Trailer.