Composition of IPsec ( Internet Protocol Security )

IPsec combines three main protocols to form a cohesive security framework:

? Internet Key Exchange (IKE) protocol

? Encapsulating Security Payload (ESP) protocol

? Authentication Header (AH) protocol

Of these three protocols, IKE and ESP are the ones that are mostly deployed together. Although AH is also an important component of the IPsec protocol suite, not that many deployments of IPsec have this protocol turned on for use. In general, much of AH's functionality is embedded in ESP. Therefore, in our discussions in the rest of the coming articles, we will focus our attention on ESP, and much of the discussion will assume that we are talking about ESP unless otherwise stated. For example, while discussing quick-mode exchanges in the following articles, we will assume that the goal is to do ESP. IKE is used to negotiate the parameters between two IPsec peers for setting up a tunnel between them. We will look in detail at the workings of IKE in the next section. ESP provides the encapsulation mechanism for IPsec traffic. We will go into a more detailed discussion of ESP later on as well. Table 13-1 describes the three main components of the IPsec protocol suite. Table 13-1. IPsec Combines Three Main Protocols to Form a Cohesive Security Framework Protocol Description IKE Provides a framework for negotiating security parameters and establishing authenticated keys. ESP Provides a framework for encrypting, authenticating, and securing data. AH Provides a framework for authenticating and securing data