Chapter 9. IPSec Implementation

This chapter discusses the implementation issues of IPSec. These include interaction of the various components of IPSec, interfaces that each of these components provide, and a walk through the packet processing for both inbound and outbound packets.

As implementations are specific to a particular platform, the discussions in this chapter are mostly platform-independent so that they can be used as guidelines in implementing IPSec on a specific platform. In places where discussing implementation on a specific OS helps in explanations, the choice is a BSD (Berkeley Software Distribution) variant OS.

We discuss the following components: IPSec base protocols, SADB, SPD, manual keying, ISAKMP/IKE, SA management, and policy ...

Get IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.