ZyXEL Communications P-2602HWLNI Benutzerhandbuch
P-2602HWLNI User’s Guide
269
C
H A P T E R
17
Introduction to IPSec
This chapter introduces the basics of IPSec VPNs.
17.1 VPN Overview
A VPN (Virtual Private Network) provides secure communications between sites without the
expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption,
authentication, access control and auditing technologies/services used to transport traffic over
the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption,
authentication, access control and auditing technologies/services used to transport traffic over
the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
17.1.1 IPSec
Internet Protocol Security (IPSec) is a standards-based VPN that offers flexible solutions for
secure data communications across a public network like the Internet. IPSec is built around a
number of standardized cryptographic techniques to provide confidentiality, data integrity and
authentication at the IP layer.
secure data communications across a public network like the Internet. IPSec is built around a
number of standardized cryptographic techniques to provide confidentiality, data integrity and
authentication at the IP layer.
17.1.2 Security Association
A Security Association (SA) is a contract between two parties indicating what security
parameters, such as keys and algorithms they will use.
parameters, such as keys and algorithms they will use.
17.1.3 Other Terminology
17.1.3.1 Encryption
Encryption is a mathematical operation that transforms data from "plaintext" (readable) to
"ciphertext" (scrambled text) using a "key". The key and clear text are processed by the
encryption operation, which leads to the data scrambling that makes encryption secure.
Decryption is the opposite of encryption: it is a mathematical operation that transforms
“ciphertext” to plaintext. Decryption also requires a key.
"ciphertext" (scrambled text) using a "key". The key and clear text are processed by the
encryption operation, which leads to the data scrambling that makes encryption secure.
Decryption is the opposite of encryption: it is a mathematical operation that transforms
“ciphertext” to plaintext. Decryption also requires a key.