CertiGuide to Security+  9  Chapter 2:  Communication Security (Domain 2.0; 20%)       9  2.1  Remote Access

2.1.6  SSH 1 IPSec Packet Types

IPSec, or IP Security, is a set of standard protocols developed by the IETF (Internet Engineering Task Force) that supports the secure exchange of packets at the IP (network) layer. It is the most popular layer 3 tunneling approach for VPN’s. Unlike PPP, it supports only IP – which today is not the drawback it might have been several years ago when fewer organizations’ backbones were IP-based. IPSec is known for being flexible in configuration, with many options for packet authentication and encryption.

IPSec uses public key encryption technology. That is, the sending and receiving devices share a public key with the server who has a secret “private” key. (Public key encryption is discussed in more detail in section 4 of this book.)

IPSec establishes a Security Association (SA) for each side of a connection between a client and server. The SA includes the parameters needed to communicate over this connection, such as the type of encryption algorithm negotiated as compatible with both sides, a session key and an authentication algorithm (such as SHA1 or MD5). Session keys are negotiated at the startup of the initial connection via Internet Security Associations and Key Management Protocol (ISAKMP), which provides for key exchange and authentication, and uses digital certificates to allow its authentication to scale to the Internet.¹⁵⁷

The ISAKMP/IKE protocol uses UDP port 500 to pass its traffic. When a NAT is involved, it may use port 4500 instead. In addition to this initial SA, a separate SA is created for each protocol (AH or ESP, described below) and connection direction, as needed¹⁵⁸.

2.1.6  SSH 1 IPSec Packet Types