This chapter discusses the implementation issues of IPSec. These include interaction of the various components of IPSec, interfaces that each of these components provide, and a walk through the packet processing for both inbound and outbound packets.

As implementations are specific to a particular platform, the discussions in this chapter are mostly platform-independent so that they can be used as guidelines in implementing IPSec on a specific platform. In places where discussing implementation on a specific OS helps in explanations, the choice is a BSD (Berkeley Software Distribution) variant OS.

We discuss the following components: IPSec base protocols, SADB, SPD, manual keying, ISAKMP/IKE, SA management, and policy ...