When troubleshooting IPSec VPNs, it is very important to have a good understanding of the underlying mechanisms used to establish the IPSec tunnel and transport the traffic over it. To that end, a brief discussion of the IPSec architecture is included here.
The IPSec architecture (defined in RFC 2401) provides security services to IP traffic. These security services include integrity, data origin authentication, replay protection, data confidentiality, and limited traffic flow confidentiality.
IPSec components that provide these services include the following:
Key management mechanisms
Associated authentication and encryption algorithms
The remainder of this section describes the ...