IPSec

Hello!

I'm wondering if there is anyone out there who is quite clued up on IPSec and related protocols?
I'm doing a report on VPNs, more specifically site-to-site. I'm comparing them with leased lines. I'm however struggling to understand where IPsec comes in. I understand that leased lines "usually" use the level 2 PPP to establish a connection. I understand that IPSec is a layer 3 suite of protocols. My problem is that i don't understand on what IPsec sits on in the OSI model? e.g. what data link technology is used. When i establish an IPSec connection in tunnel mode between 2 routers is it using the PPP? It surely can't be as IPSec encapsulates the packet so what technology is used at the data link layer?

Sorry if my explanation is confusing... it sums up what is going on in my brain haha.

Thanks a lot,

Richard

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

woody1144

Had a brain wave lol,
IPSec basically encapsulates and encrypts the IP packet before it gets sent to layer 2. PPP just encapsulates the IP packet before getting sent out. Therefore IPSec and PPP are very similar in what there do so they are not used together? They are 2 different forms of encapsulating the IP packet, they just work at different levels?

Thanks,
Richard

dtlokee

IPSec can be used over any data link including Ethernet, Serial (PPP encapsulation can be used), ATM or any of the other L2 protocols out there. Basically IPSec just adds and additional layer 3 header and encrypts and authenticates (ESP) or just authenticates (AH) the payload (Which is the L3 - L7 headers and the data)

woody1144

dtlokee wrote:

IPSec can be used over any data link including Ethernet, Serial (PPP encapsulation can be used),

Thank you for the help, makes alot more sense to me now, quite simple when you thing about it logically. When you say it can be used on serial, can it be used in tunnel mode without PPP? for example if i create a link between 2 routers using DCE/DTE cables in a lab could i not just use IPSec to create the VPN tunnel or would i need to include PPP encapsulation? or were you refering to when L2TP is used with IPSec?

Thanks a lot,

Richard

dtlokee

No you would still need a Layer 2 framing protocol like HDLC or PPP across the serial line since it's basically just the L1 connection between the devices.

woody1144

Ok thats great, thanks a lot for the help!
Richard