IPsec is a suite of protocols used to secure IP communications by authenticating and encrypting each IP packet in a session. Commonly used for VPN tunnels.
Two main phases
Phase 1 (IKE Phase 1)
- Establishes a secure, authenticated channel between two peers
- Negotiates encryption/auth algorithms
- Creates the ISAKMP SA (Security Association)
- Modes: Main Mode or Aggressive Mode
Phase 2 (IKE Phase 2 / Quick Mode)
- Uses the Phase 1 channel to negotiate the actual IPsec SA
- Defines what traffic is protected (interesting traffic)
- Creates the IPsec SA used for data encryption
Key terms
| Term | Meaning |
|---|---|
| SA (Security Association) | An agreement between peers on encryption/auth methods |
| IKE | Internet Key Exchange — manages SA negotiation |
| ESP | Encapsulating Security Payload — encrypts the payload |
| AH | Authentication Header — provides integrity only |
| Tunnel mode | Encrypts the entire original IP packet (most common) |
| Transport mode | Only encrypts the payload, not the header |
Related Notes
- Forti - Bounce Ipsec tunnels
- Forti - clear sessions for ipsec tunnels
- Forti - FAC - User experiencing dropouts - Socket connection error for users