Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide to IPsec VPNs: Recommendations of the National Institute of Standards and Technology

Published

Author(s)

Sheila E. Frankel, Karen Kent, Ryan Lewkowski, Angela Orebaugh, Ronald Ritchey, Steven Sharma

Abstract

IPsec is a framework of open standards for ensuring private communications over public networks. It has become the most common network layer security control, typically used to create a virtual private network (VPN). A VPN is a virtual network ,built on top of existing physical networks, that can provide a secure communications mechanism for data and control information transmitted between networks. VPNs are used most often to protect communications carried over public networks such as the Internet. A VPN can provide several types of data protection, including confidentiality, integrity, data origin authentication, replay protection and access control. Although VPNs can reduce the risks of networking, they cannot totally eliminate them. This document discusses the need for network layer security and introduces the concept of virtual private networking (VPN). It covers the fundamentals of IPsec, focusing on its primary components: the Encapsulating Security Payload (ESP), the Authentication Header (AH), and the Internet Key Exchange (IKE). It describes issues to be considered during IPsec planning and implementation. It also discusses several alternatives to IPsec and describes when each method may be appropriate. Several case studies are presented, that show how IPsec could be used in various scenarios. It ends with a brief discussion of future directions for IPsec. The document contains an IPsec-related bibliography and lists of print and online resources and tools that may be useful for IPsec planning and implementation.
Citation
Special Publication (NIST SP) - 800-77
Report Number
800-77

Keywords

IPsec, network security, virtual private network, VPN

Citation

Frankel, S. , Kent, K. , Lewkowski, R. , Orebaugh, A. , Ritchey, R. and Sharma, S. (2005), Guide to IPsec VPNs: Recommendations of the National Institute of Standards and Technology, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150393 (Accessed December 9, 2022)
Created December 1, 2005, Updated February 19, 2017