Please enable JavaScript.

Coggle requires JavaScript to display documents.

18 VPN'S - Coggle Diagram

- - - - ESP tunnel mode is used between a host and a security gateway, or between two security gateways, as shown in the figure.
        For host-to-gateway applications, a home office might not have a router to perform the IPsec encapsulation and encryption. In this case, an IPsec client running on the PC performs the IPsec IP-in-IP encapsulation and encryption. For gateway-to-gateway applications, rather than load IPsec on all of the computers at the remote and corporate offices, it is easier to have the security gateways perform the IP-in-IP encryption and encapsulation. At the corporate office, the router de-encapsulates and decrypts the packet.
  - - - Quick mode also renegotiates a new IPsec SA when the IPsec SA lifetime expires. Basically, quick mode refreshes the keying material that creates the shared secret key. This is based on the keying material that is derived from the DH exchange in Phase
- - - - Confidentiality - IPsec uses encryption algorithms to prevent cybercriminals from reading the packet contents.
      - Integrity - IPsec uses hashing algorithms to ensure that packets have not been altered between source and destination.
      - Origin authentication - IPsec uses the Internet Key Exchange (IKE) protocol to authenticate source and destination. Methods of authentication include the use of pre-shared keys (passwords), digital certificates, or RSA certificates.
      - Diffie-Hellman - Secure key exchange typically using various groups of the DH algorithm.
- - - - A site-to-site VPN is created when VPN terminating devices, also called VPN gateways, are preconfigured with information to establish a secure tunnel. VPN traffic is only encrypted between these devices. Internal hosts have no knowledge that a VPN is being used.
    - - A remote-access VPN is dynamically created to establish a secure connection between a client and a VPN terminating device. For example, a remote access SSL VPN is used when you check your banking information online.