The TCP/IP Guide  9  TCP/IP Lower-Layer (Interface, Internet and Transport) Protocols (OSI Layers 2, 3 and 4)       9  TCP/IP Internet Layer (OSI Network Layer) Protocols            9  Internet Protocol (IP/IPv4, IPng/IPv6) and IP-Related Protocols (IP NAT, IPSec, Mobile IP)                 9  IP Security (IPSec) Protocols

IPSec Overview, History and Standards 1 2 3 IPSec Architectures and Implementation Methods

IPSec Core Protocols

To support the activities above, a number of different components comprise the total package known as “IPSec”, as shown in Figure 116. The two main pieces are a pair of technologies sometimes called the core protocols of IPSec. These are the ones that actually do the work of encoding information to ensure security. They are:

• IPSec Authentication Header (AH): This protocol provides authentication services for IPSec. What this means is that it allows the recipient of a message to verify that the supposed originator of a message was in fact the one that sent it. It also allows the recipient to verify that none of the data in the datagram has been changed by any intermediate devices en route. It also provides protection against so-called “replay” attacks, where a message is captured by an unauthorized user and re-sent.
  
  
• Encapsulating Security Payload (ESP): The Authentication Header ensures integrity of the data in datagram, but not its privacy. When the information in a datagram is “for your eyes only”, it can be further protected using the ESP protocol, which encrypts the payload of the IP datagram.
  

  Figure 116: Overview of IPSec Protocols and Components

  
  

IPSec Overview, History and Standards 1 2 3 IPSec Architectures and Implementation Methods