NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guide to IPsec VPNs: Recommendations of the National Institute of Standards and Technology
Published
Author(s)
Sheila E. Frankel, Karen Kent, Ryan Lewkowski, Angela Orebaugh, Ronald Ritchey, Steven Sharma
Abstract
IPsec is a framework of open standards for ensuring private communications over public networks. It has become the most common network layer security control, typically used to create a virtual private network (VPN). A VPN is a virtual network ,built on top of existing physical networks, that can provide a secure communications mechanism for data and control information transmitted between networks. VPNs are used most often to protect communications carried over public networks such as the Internet. A VPN can provide several types of data protection, including confidentiality, integrity, data origin authentication, replay protection and access control. Although VPNs can reduce the risks of networking, they cannot totally eliminate them. This document discusses the need for network layer security and introduces the concept of virtual private networking (VPN). It covers the fundamentals of IPsec, focusing on its primary components: the Encapsulating Security Payload (ESP), the Authentication Header (AH), and the Internet Key Exchange (IKE). It describes issues to be considered during IPsec planning and implementation. It also discusses several alternatives to IPsec and describes when each method may be appropriate. Several case studies are presented, that show how IPsec could be used in various scenarios. It ends with a brief discussion of future directions for IPsec. The document contains an IPsec-related bibliography and lists of print and online resources and tools that may be useful for IPsec planning and implementation.
Frankel, S.
, Kent, K.
, Lewkowski, R.
, Orebaugh, A.
, Ritchey, R.
and Sharma, S.
(2005),
Guide to IPsec VPNs: Recommendations of the National Institute of Standards and Technology, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150393
(Accessed October 10, 2025)