IPsec provides security services in the IP layer, which enables the system to select a security protocol on demand, determine the algorithm used by the service and place the required key to the corresponding position. IPsec is used to protect one or more hosts and hosts, security gateways and security networks, and the path of security gateways and hosts.
The security service sets of IPSec include access control, unconnected integrity, data source authentication, refusal to resend pack (partial sequence integrity form), confidentiality and limited transport stream confidentiality. Because these services are available in the IP layer, any high-level protocol can use them, such as TCP, UDP, ICMP, BGP, and more.
These goals are done by using two major transmission security protocols, head authentication (AH), and package safety load (ESP), and key management programs and protocols. The desired IPsec protocol set and its use is determined by the user, application, and / or site, organization's needs of security and system.
For more information, please visit the following page: 中文 版: http://www.networkDictionary.com/chinese/Protocols/ipsec.php
English: http://www.networkDictionary.com/protocols/ipsec.php
