1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

How IPSec Works

How IPSec Works

IPSec is a complex method of exchanging data that involves many component technologies and numerous encryption-method options. This chapter covers the major protocols and processes that make up IPSec. Configuring these protocols and processes is covered in Chapters 10 through 16. Recognizing that IPSec operation can be broken down into the following five main steps might be useful.

Step 1

Traffic deemed “interesting” initiates an IPSec session. Access lists determine which data traffic will be protected by the IPSec technology. Other traffic will travel through the public network without IPSec protection.

Step 2

Called IKE Phase One A secure channel is established between two peers. Each peer determines whether the other peer can be authenticated and whether the two peers can agree on Internet Key Exchange (IKE) security rules for exchanging data.

Step 3

Called IKE Phase Two IPSec session is established between the two peers. Stricter IPSec security rules and protocols are established between the peers.

Step 4

Data transfer Data is transferred between IPSec peers using the IPSec-defined security rules and protocols.

Step 5

IPSec tunnel termination IPSec session ends through deletion or by timing out.

The complexity of VPNs in general and IPSec in particular can get a little intimidating, but, remember, at the highest level, this is just like many other communications sessions. Some data requires special attention, a session is opened, the data is exchanged, and the session is torn down. Even a simple telephone call to someone special can be an analogy.

  • Step 1 Something important occurs that can’t wait until the next time you speak to that person.

  • Step 2 The telephone call is placed and, through the ringing and answering, you can determine you’re talking to the person you expected.

  • Step 3 Because the subject matter is private and important, you might ask if the person is alone, so they can speak freely.

  • Step 4 Once an acceptable level of privacy is assured, the information can be shared.

  • Step 5 When the information has been exchanged, both parties hang up.

These steps are revisited again in the section “IKE SAs versus IPSec SAs.”




BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Chapter 9: Cisco IOS IPSec Introduction
Virtual Private Networks
Tunneling Protocols
How IPSec Works
Cisco IOS IPSec Technologies
Cisco IOS Cryptosystem Components
Security Association (SA)
Five Steps of IPSec Revisited
IPSec Support in Cisco Systems Products
Chapter Review
Chapter 10: Cisco IOS IPSec for Preshared Keys
Chapter 11: Cisco IOS IPSec Certificate Authority Support
Chapter 12: Cisco IOS Remote Access Using Cisco Easy VPN
Chapter 13: Cisco VPN Hardware Overview
Chapter 14: Cisco VPN 3000 Remote Access Networks
Chapter 15: Configuring Cisco VPN 3002 Remote Clients
Chapter 16: Cisco VPN 3000 LAN-to-LAN Networks
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars