IPsec/IKE Programmer's Reference
IPsec is a set of extensions to the IP protocol family. It provides services allowing for authentication, integrity, and confidentiality. Unlike SSL, which provides security services over TCP/IP, IPsec provides security services at the network layer so that it is transparent to the IP applications. IPsec is optional to the IPv4 stack and is recommended for the IPv6 stack (prior to RFC 6434, IPsec was mandatory for IPv6).
IPsec uses two protocols to provide traffic security - Authentication Header (AH) and Encapsulating Security Payload (ESP). A Security Association (SA) affords these security services to the traffic carried by it. AH and ESP may run in either of the two modes, transport mode or tunnel mode.
Internet Key Exchange (IKE) negotiates properties of SA between peers.
The Treck IPsec and IKE features can be found at each of the following sections.
- IPsec/IKE Protocol Overview
- Security Policy Database (SPD) and Security Association Database (SAD)
- Priority-based IPsec Processing
- IKE Policies
- Advanced IPsec/IKE Policy Features
- Independent IPsec/IKE Tasks
- Asynchronous Cryptographic Support
- Enhanced Logging for IPsec/IKE
- Strong End System Model Implications
- IPsec Compile Time Settings
- IKE Compile Time Settings
- Function Reference
- Structure and Function Prototype Reference