Site-to-Site IPSec VPN Tunnels are used for the secured transmission of data & files between two sites. The Encrypted VPN tunnel is created over the Internet, on the public network and the connection is encrypted by advanced encryption algorithms to provide the best possible security of the data transmitted between the two sites using IPSec Site to Site VPN Tunnel.
- VPN’s replace dedicated point to point links with an emulated point to point links that share a common infrastructure.
- Customers use VPN’s Primarily to reduce their operational costs.
- Example. X.25, Frame-relay, ATM, GRE, DMPVN, IPSec, MPLS,L2TPv3, PPTP
What is IPSec Site to Site VPN?
IPSec is a set of protocols which was developed by the Internet Engineering Task Force.
IPSec allows the communication between the two different hosts like a router to router, which we want them to communicate over to the existing network in a more secure manner by doing some authentication and by doing some encryption kind of things.
So in a simple way, the IPsec site to site VPN is going to create a secured channel or the second communication process between the two hosts or two devices over any other network any public network. IPSec can be implemented individually with some IPSec VPN or we can implement these IPSec protocols over GRE or DMVPN kind of Implementation.
It’s going to support from very small to very large size networks. IPSec feature is available in the Cisco version and also it includes in the different firewalls and ASF firewalls as well.
- Internet Protocol Security (IPSec) is a set of protocols developed by the Internet Engineering Task Force (IETF).
- Allows two or more hosts to communicate with each other in a secure manner by authenticating and encrypting each IP packets of a communication session.
IPSec Security Features
The main reason for implementing IPSec here is to provide some more security for your information when it goes over a private or public network it can be an internet or any other network.
Some of the Main features of IPSec are as follows,
- IPSec is the only standard layer 3 technology that provides the following feature.
Confidentiality ensures that no one read / viewed that information. So when the information is going, the IPSec VPN supports some of the encryption algorithms which will completely encrypt your information into an unreadable format. So that even if someone captures this information probably they will not be able to figure out the exact text/data.
- So and then on the remote end so is they’ll be using some keys and based on that keys, they will extract the clear text again now this is going to ensure that your data is not visible to any third parties.
- Data Integrity
Data integrity is a method where particular data let’s say your information is carrying over the network. probably you need to ensure that your data should not be modified by anyone. so that’s what we call as integrity so it is going to run some algorithm on the site we call it as a hashing algorithm and then it is going to send that code the information code over the network and it’s going to run the same algorithm on the other side and if the algorithm code matches on both the sides it means that no one has modified the information. so let’s say something changed by anyone automatically the algorithm code will not match automatically okay it’s something like you know day to day examples we can say that let’s say I have a bank account in a DC bank and I’m transferring some amount to my another Bank X Y Z I’m doing some online transfer and I want to ensure that no one modifies this information to his destination so something was hashing algorithms will allow you to do .it ensures that no one has modified anything in that particular packet so that’s what we call as data integrity.
Authentication is a method of verifying the peer by using some passwords like probably let’s say I want to build a VPN connection between these two different locations and I want to ensure that the remote device is the exact device so what we’ll do is we’ll go with some authentication process. we’ll configure some password on both those sites and if the password matches it’s going to verify and if the password matches then only the connection will be established. Authentication will ensure that the remote peer is the correct peer which we are going to connect and it’s going to authenticate the data origin as well. so authentication is more similar to the normal authentication which we do or we can have some different authentication methods as well. so the IPSec is going to provide you the data origin authentication and the remote peer authentication.
- Replay Detection
Replay detection is a method to ensure that when you’re sending information it is received only once because there is one kind of attack called replays attacks where the attacker can resend the same information for authentication probably that is something can be avoided here it’s a security service where the receiver will reject the hold or duplicate package in order to overcome the replay attacks.
These are the four different kinds of features that IPSec provides which makes your information as secure as you will lease line or a dedicated line connection so even though we are connecting over a public network or any other network still we are sending the information as secure as it is in your private network. so that’s one of the things what IPSec is going to provide us.