NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Guide to IPsec VPNs: Recommendations of the National Institute of Standards and Technology

Published

Author(s)

Sheila E. Frankel, Karen Kent, Ryan Lewkowski, Angela Orebaugh, Ronald Ritchey, Steven Sharma

Abstract

IPsec is a framework of open standards for ensuring private communications over public networks. It has become the most common network layer security control, typically used to create a virtual private network (VPN). A VPN is a virtual network ,built on top of existing physical networks, that can provide a secure communications mechanism for data and control information transmitted between networks. VPNs are used most often to protect communications carried over public networks such as the Internet. A VPN can provide several types of data protection, including confidentiality, integrity, data origin authentication, replay protection and access control. Although VPNs can reduce the risks of networking, they cannot totally eliminate them. This document discusses the need for network layer security and introduces the concept of virtual private networking (VPN). It covers the fundamentals of IPsec, focusing on its primary components: the Encapsulating Security Payload (ESP), the Authentication Header (AH), and the Internet Key Exchange (IKE). It describes issues to be considered during IPsec planning and implementation. It also discusses several alternatives to IPsec and describes when each method may be appropriate. Several case studies are presented, that show how IPsec could be used in various scenarios. It ends with a brief discussion of future directions for IPsec. The document contains an IPsec-related bibliography and lists of print and online resources and tools that may be useful for IPsec planning and implementation.
Citation
Special Publication (NIST SP) - 800-77
Report Number
800-77
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

IPsec, network security, virtual private network, VPN
Cybersecurity and privacy and Networking

Citation

Frankel, S. , Kent, K. , Lewkowski, R. , Orebaugh, A. , Ritchey, R. and Sharma, S. (2005), Guide to IPsec VPNs: Recommendations of the National Institute of Standards and Technology, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150393 (Accessed October 22, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created December 1, 2005, Updated February 19, 2017
Was this page helpful?