IPset Network Segmentation Virtual Tunnel Interface (VTI) Encapsulating Security Payload (ESP) Network Address Translation (NAT) Source/Destination Check Subnet TLS Cipher Suite VPC 3DES Advanced Encryption Standard Autonomous System Border Gateway Protocol CIDR Clientpack Destination NAT Diffie-Helman Encryption Internet Key Exchange (IKE) IP Forwarding Maximum Transmission Unit (MTU) Network Sniffer OpenVPN Overlay Network Perfect Forward Secrecy (PFS) Security Association (SA) SHA SNMP Transmission Control Protocol (TCP) Transport Layer Security (TLS) User Datagram Protocol (UDP) VNS3 Peer VNS3 Routing Agent Wireguard Workforce Service Edge x509 Certificate Ipsec

Ipsec

IPsec is a set of protocols defined by the IETF, to provide IP security at the network layer. An IPsec based VPN is made up of two parts:

• Internet Key Exchange protocol (IKE), underlying port UDP 500
• IPsec protocol (ESP), underlying Protocol 50 or if using “nat-traversal” UDP 4500

Basically there is an initial brief interaction where one or each of the devices attempt to discover each other, via the Internet, they then trade Phase 1 (IKE) parameters and attempt to get a Phase 1 (sometimes called IKE or ISAKMP) connection which creates the keys used to encrypt Phase2. They then trade Phase 2 parameters and attempt to create an encrypted Phase 2 (sometimes called IPSec SA or ESP) tunnel connection.

The devices then transport data back and forth, as well as maintain the connection, with some additional administrative traffic.