Glossary

What is IPsec and how IPsec VPNs work

IPsec (Internet Protocol Security) is a suite of protocols that secures internet communications by encrypting and authenticating IP packets.

Back to previous

IPsec explained

IPsec (Internet Protocol Security) is a suite of protocols that encrypts and authenticates internet traffic at the network layer (Layer 3). It secures communication between devices by protecting IP packets as they travel across untrusted networks such as the public internet.

IPsec is most commonly used to create VPN (Virtual Private Network) connections, including:

  • Site-to-site VPNs between offices
  • Remote access VPNs for employees
  • Cloud VPN connections between data centers and cloud platforms

By encrypting traffic and verifying the identity of communicating devices, IPsec ensures that sensitive data cannot be intercepted, modified, or replayed by attackers.

Why is IPsec important?

The standard Internet Protocol (IP) does not include built-in encryption or authentication. This means that data sent over public networks can potentially be intercepted.

IPsec solves this problem by providing:

  • Encryption – protects data from eavesdropping
  • Authentication – verifies the identity of communicating devices
  • Integrity protection – ensures data is not modified during transmission
  • Anti-replay protection – prevents attackers from reusing captured packets

Because of these capabilities, IPsec is widely used in enterprise networks, cloud environments, and VPN services.

How does IPsec work?

IPsec works by establishing a secure tunnel between two endpoints (such as routers, firewalls, or servers). Once the tunnel is created, all selected network traffic is encrypted before being transmitted.

The process typically follows these steps:

  1. Negotiation – devices agree on encryption methods and security parameters
  2. Authentication – each endpoint verifies the other using certificates or shared keys
  3. Key exchange – cryptographic keys are generated securely
  4. Encrypted communication – traffic is encapsulated and protected
  5. Rekeying – keys are refreshed periodically to maintain security

This process is managed through Security Associations (SAs) that define how traffic is protected.

What protocols are used in IPsec?

IPsec relies on several protocols that work together to secure traffic.

Encapsulating Security Payload (ESP)

ESP is the most commonly used IPsec protocol. It provides:

  • Encryption of data
  • Integrity checking
  • Authentication of packet origin
  • Anti-replay protection

Most modern IPsec deployments use ESP instead of AH.

Authentication Header (AH)

AH provides packet authentication and integrity, but it does not encrypt the payload.

Because AH does not work well with NAT (Network Address Translation), it is rarely used in modern networks.

Internet Key Exchange (IKE)

IKE manages key exchange and authentication between devices before a secure tunnel is created.

Modern deployments use IKEv2, which improves reliability and NAT compatibility.

IPsec tunnel mode vs transport mode

IPsec supports two operating modes depending on how traffic is protected.

Tunnel mode

In tunnel mode, the entire original IP packet is encrypted and encapsulated within a new packet.

This mode is commonly used for:

  • Site-to-site VPNs
  • Cloud VPN connections
  • Gateway-to-gateway communication

Transport mode

In transport mode, only the payload of the packet is encrypted, while the original IP header remains visible.

This mode is typically used for:

  • Host-to-host communication
  • Server-to-server encryption

What ports does IPsec use?

IPsec uses several protocols and ports depending on configuration:

Protocol / Port Purpose
UDP 500 IKE negotiation
UDP 4500 NAT Traversal
IP Protocol 50 ESP
IP Protocol 51 AH

When network address translation is present, IPsec often uses NAT Traversal (NAT-T), which encapsulates ESP traffic inside UDP packets.

What is an IPsec VPN?

An IPsec VPN is a virtual private network that uses IPsec protocols to encrypt traffic between endpoints over the internet.

Common IPsec VPN deployments include:

  • Site-to-site VPN – connects multiple office networks
  • Remote access VPN – allows employees to securely access corporate resources
  • Cloud VPN – connects on-prem infrastructure with cloud environments

Major cloud providers such as AWS, Microsoft Azure, and Google Cloud offer managed IPsec VPN services.

IPsec vs SSL VPN: What are the differences

IPsec VPNs and SSL/TLS VPNs both secure remote access, but they operate at different layers.

Feature IPsec VPN SSL VPN
OSI Layer Network layer (Layer 3) Application layer (Layer 7)
Traffic protection Entire IP packets Individual application sessions
Typical use Site-to-site connectivity Web or remote application access

Organizations often deploy both technologies depending on their networking needs.

Key takeaways

  • IPsec is a network-layer protocol suite that secures IP communications.
  • It is widely used to build VPN connections between networks, users, and cloud environments.
  • IPsec relies on IKE, ESP, and optionally AH to authenticate and encrypt traffic.
  • It supports tunnel mode and transport mode for different deployment scenarios.
  • IPsec remains a core technology for enterprise networking and hybrid cloud connectivity.
Cloudi-Fi white logo

Start your Journey with Cloudi-Fi

Get Cloudi-Fi
Cloudi-Fi white logo
Table of content
Text Link
Ready to start your success story?
See our platform in action, share your challenges, and find a solution you've been looking for.
Get Cloudi-Fi
Platform

Integrated with the best technologies on the market

Infrastructure agnostic and plug-and-play deployment: rapidly roll-out Cloudi-Fi across global sites with any infrastructure provider

Browse integrationsGet Cloudi-Fi

Cloud native, borderless, scalable and global!

Unlocking Universal Zero Trust Network Access on all continents

World map
90+
Countries
500M+
Users and devices
100k+
Secured sites
Blog

Latest news and articles

Browse all articles
Person holding a smartphone with holographic cloud icons labeled “VPN” and “ZTNA” floating above the screen, representing secure remote access technologies.
Articles
All
February 27, 2026

ZTNA vs VPN: Solving cloud IAM challenges in a borderless enterprise

Use cases
All
October 27, 2025

Global authentication solution for a global insurance company

Success stories
All
August 1, 2025

Implementing a dynamic, compliant guest Wi-Fi solution across a global luxury fashion group

View all
Cloudi-Fi white logo

Start your journey with Cloudi-Fi

Get Cloudi-Fi
Platform

One platform for all industries

Cloudi-Fi empowers organizations with a scalable, cloud-based solution to secure users, devices and data.
Designed to integrate seamlessly into existing infrastructures.

Enterprises

Securely connect unmanaged devices across all locations from one central cloud-based platform. Cloudi-Fi simplifies Wi-Fi access and compliance with a scalable, cloud-based solution.

Learn more ->

Finance

As digital and mobile-first experiences reshape the finance industry, secure, compliant, and seamless Internet access is essential to support both customer engagement and employee productivity.

Learn more ->

Transport

Reliable Internet connectivity is vital across all transportation sectors: land, rail, air, and maritime. The Cloudi-Fi platform enables seamless, secure connectivity and dynamic bandwidth consumption management at scale.

Learn more ->

Healthcare

Cloudi-Fi delivers secure, reliable Internet access enhancing patient experience while safeguarding hospital networks and sensitive data with advanced security and seamless connectivity.

Learn more ->