Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

vpn encryption

I have just been reading up on this, which part is the encryption, is it the ip-sec part or the 3DES ? im unsure of what does what ? please help


Re: vpn encryption

Hi carl ,

The following info may clear your dought.

IPSec is a security addition to the IP protocol, that enables security and privacy to TCP/IP communication. With IPSec enabled communication, no one, except the receiver, can read what is sent over the network (like the Internet).Normally IPSec consists of two parts: The key management (IKE/ISAKMP) and the encryption part (ESP). IPSec is the most widely used protocol for VPN's (Virtual Private Networks). To ensure privacy, data is encrypted with an encryption algorithm. An encryption algorithm is a way of changing data so that only the ones who knows how it was changed can reconstruct it. To describe the process of changing and reconstructing data, the analogy to a lock and key has been made. You can lock data with a key, and only that key can unlock it. Triple DES (3DES) encryption algorithm is unbreakable today, and the widest used algorithm for strong encryption. If you want to find the right key for an encrypted text, you could try all possible keys, but prepare to be patient ! Triple DES has an effective number of keys that is approximately 2^112 (2*2*2*2 ... 112 times) that is 112 bits.

New Member

Re: vpn encryption

thanks for that, so, what does the ike/isakmp do ? , what does the esp do ? and what does the 3des do ?


Re: vpn encryption

IPSec provides security to IP flows through the use of authentication and encryption. Authentication verifies that data is not altered during transmission and ensures that users are communicating with the individual or organization that they believe they are communicating with.

Encryption makes data confidential by making it unreadable to everyone except the sender and intended recipient. IPSec comprises two encapsulating protocols:

Encapsulating Security Payload (ESP) provides confidentiality and authentication functions to every data packet.

Authentication Header (AH) provides authentication to every data packet.

Internet Key Exchange (IKE) is a means of dynamically creating IP Security (IPSec) connections. IPSec uses encryption and authentication to create virtual private networks over an insecure network. IPSEC provides Internet Key Exchange to automatically exchange randomly generated keys which are transmitted using asymmetric encryption technology, according to negotiated algorithm details

A mode of the DES encryption algorithm that encrypts data three times. Three 64-bit keys are used, instead of one, for an overall key length of 192 bits (the first encryption is encrypted with second key, and the resulting cipher text is again encrypted with a third key).

CreatePlease to create content