How does the IPsec tunnel mode work?

F Using so-called IPsec tunneling mode, you send packaged and encrypted data packets from one location to another. The originals are unreadable during the transfer. by Chris Partsenidis, Last updated: 14 June 2018 You can usually find an IPsec tunneling mode between site-to-site Virtual Private Networks (VPNs). In this mode, IPsec protects all IP packets as they are transported from one end to another. The IPsec tunnel mode makes this possible by packing and encrypting the original package (including the original IP header). A predefined encryption algorithm is responsible for this. IPsec then provides the protected packet with a new IP header and sends it to the other end of the VPN tunnel. If the receiving end (the router) accepts the packet, the process is reversed. Thus, the original package is available again and can now be delivered in the local network. Figure 1 shows an example of a site-to-site network configured with an IPsec tunnel mode: Figure 1: LAN packets are packed in an IPsec packet and pass through the blue (encrypted) tunnel. If a VPN client connects to the control center via a VPN software (for example, Cisco’s VPN client), this is a similar process. The central office terminal, usually a router or an ASA firewall, is configured to accept and accept VPN connections. This gives you access to internal resources. If you are interested in how to configure a Cisco router, see the Cisco Router Configuration page for more information. In the example IPsec works in tunnel mode and encrypts the original package. If the original package arrives at the router or ASA firewall, it will be decrypted and delivered on the local network. Very important at this point is that the IPsec tunnel mode protects the entire original package. No information of the original package is visible or readable. Figure 2 shows this. For more information about the ESP headers, see IP Security Protocols article at Figure 2: An IP packet is completely protected by the IPsec tunnel mode protocol. Follow on Twitter, Google+, Xing and Facebook! Next Steps When SD-WAN, DWVPN, or IPsec Tunnels Are Better Offsets Pros and Cons of IPSec VPN and SSL VPN Establishing a Secure VPN Tunnel Q & A related to Chris Partsenidis What is the difference between an IP address and a physical one? Address? The IP address is configured by the operating system. The physical address, also called MAC address, is located in the ROM of the network card. Read more The difference between half-duplex and full-duplex half-duplex and full-duplex describes types of communication in the network. They determine whether hosts can send and receive data at the same time. Read more Why does the OSI model have exactly seven layers – nothing more, nothing less? The OSI model has seven and not four layers, as is the case with the DoD model. We explain why the ISO has set it that way. Read more Learn more about networking software


Leave a Reply

Your email address will not be published. Required fields are marked *