NIST logo

Publication Citation: Guide to IPsec VPNs: Recommendations of the National Institute of Standards and Technology

NIST Authors in Bold

Author(s): Sheila E. Frankel; Karen Kent; Ryan Lewkowski; Angela Orebaugh; Ronald Ritchey; Steven Sharma;
Title: Guide to IPsec VPNs: Recommendations of the National Institute of Standards and Technology
Published: December 01, 2005
Abstract: IPsec is a framework of open standards for ensuring private communications over public networks. It has become the most common network layer security control, typically used to create a virtual private network (VPN). A VPN is a virtual network ,built on top of existing physical networks, that can provide a secure communications mechanism for data and control information transmitted between networks. VPNs are used most often to protect communications carried over public networks such as the Internet. A VPN can provide several types of data protection, including confidentiality, integrity, data origin authentication, replay protection and access control. Although VPNs can reduce the risks of networking, they cannot totally eliminate them. This document discusses the need for network layer security and introduces the concept of virtual private networking (VPN). It covers the fundamentals of IPsec, focusing on its primary components: the Encapsulating Security Payload (ESP), the Authentication Header (AH), and the Internet Key Exchange (IKE). It describes issues to be considered during IPsec planning and implementation. It also discusses several alternatives to IPsec and describes when each method may be appropriate. Several case studies are presented, that show how IPsec could be used in various scenarios. It ends with a brief discussion of future directions for IPsec. The document contains an IPsec-related bibliography and lists of print and online resources and tools that may be useful for IPsec planning and implementation.
Citation: NIST SP - 800-77
Keywords: IPsec;network security;virtual private network;VPN
Research Areas: Computer Security, Networking
PDF version: PDF Document Click here to retrieve PDF version of paper (3MB)