What Is IPSec and How Do IPSec VPNs Work?

What is IPSec? If that’s the burning question on your mind, you’ve come to the right place. IPSec is a VPN protocol used to establish secure connections. It sends data in specific ways to keep your traffic and information private — but is it right for you?

We’ll explore how it works, the pros and cons, and why people opt for IPSec over other VPN protocols. If you’re wondering how IPSec VPNs compare to SSL VPNs, we’ll answer that too.

CyberGhost VPN uses IPSec with IKEv2 for high speeds and strong security by default in our iOS app. You can also select it as your protocol on most other devices. Switching between IPSec and other protocols is simple in our easy-to-use apps.

What Is IPSec?

IPSec is a suite of protocols used to establish a secure internet connection when sending and receiving data across the web. The “IP” stands for “internet protocol,” while “Sec” refers to “security.” Internet protocols are standard whenever you go online — they’re a set of rules that determine how far your traffic travels and directs it to its destination. The security part is what makes IPSec unique.

IPSec layers your traffic in encryption and adds authentication to your data. The encryption scrambles your traffic to make it unreadable while traveling to its final destination. Authentication acts as a verification method to determine the source of traffic and ensure it’s ended up where it’s supposed to. This combination stops others from spying on your information and keeps it from accidentally ending up somewhere other than where you intended. 

What Is IPSec Used For?

Since IPSec focuses on security, it’s particularly useful for protecting sensitive data. It’s often used to conceal traffic during financial transactions or while viewing and sending important files, such as medical records or government documents. It can also be configured without encryption to quickly authenticate senders, ensuring information has arrived safely from a known source.

IPSec is also used to establish VPN connections. The IPSec protocol encrypts all data sent in the VPN tunnel from your device to its destination. It’s usually combined with the IKEv2 protocol to provide a fast, stable, and secure connection between your device and the VPN server. 

Most workplaces use IPSec VPNs to let you access their servers while you’re not in the office. The connection is set up between your device and the company’s servers using IPSec to transfer data within the VPN’s encrypted tunnel. That way you can securely access work emails, documents, and servers remotely. The encryption stops any outsiders from peeking on your data transfer, keeping your work communications private. 

How Does IPSec Work?

IPSec uses a five-step process to send, encrypt, and authenticate your data. This includes:

  1. Host connection: Your device (the host) determines that your traffic should be sent via the IPSec protocol. It encrypts and authenticates your traffic ready for transfer. 
  2. Host negotiation: Your device determines where your data is traveling to. Both hosts negotiate and agree on the encryption and authentication algorithms used to transfer your data. 
  3. Established connection: Once encryption and authentication are agreed upon, both hosts establish the connection that carries your data. The hosts also determine which decryption keys are used to unscramble and authenticate traffic once it arrives at its destination.
  4. Data transmission: Your device sends the encrypted traffic via the IPSec connection to the destination host. Once your traffic arrives, the destination host uses the agreed keys to decrypt and authenticate your data. 
  5. Data termination: The connection is terminated once data is decrypted and authenticated by the destination host. The hosts discard any private keys.

Let’s use the analogy of a mailroom to better understand how the IPSec connection works. First, you write a letter and seal it in an envelope with an address on the front. You post the letter, and the mailroom determines where you want to send it. The mailroom calls the recipient and agrees on a code to use that will let them know once the letter is received. They also agree on a private method of delivery to ensure no one else can access your letter — it’s sent inside a box with a key to open it.  

Next, the mailroom sends your letter. Once it’s received, the recipient provides the delivery code to let the mailroom know the letter has arrived safely. Then the recipient can open the box using the key and read the letter. They shred the letter to ensure no one else can read it. You probably wouldn’t ever send a letter via box and key, but it helps to visualize how IPSec works!

IPSec Protocols

Although IPSec is referred to as a protocol, it uses multiple protocols together. These include a header, payload, and trailer. Essentially they’re the encryption and authentication methods, plus additional security protocols. These ensure all data packets are sent securely to the final destination. Let’s look at these in more detail:

The Header: Authentication Header (AH) 

The authentication header is the protocol that validates you as the sender and ensures the right data has been transmitted. It also analyzes your data to check it’s not been tampered with during transfer. In our mailroom analogy, this is the code the mailroom gives the recipient to open the letter. 

The Payload: Encapsulating Security Protocol (ESP)

IPSec uses encryption to scramble your data during transfer — this is the ESP. Only the destination host has the required key to decrypt your data and make it readable. This is the private method of delivery used to send your letter — only the recipient has the key to open the box with the letter inside.

The Trailer: Security Association (SA)

The SA includes the various protocols used to negotiate encryption and authentication keys when establishing a connection between two hosts. IPSec usually relies on internet key exchange (IKE) for negotiating keys and algorithms, which is why many VPN connections offer IPSec/IKEv2 together. Going back to our analogy — the SA is the agreement between the mailroom and recipient when deciding how to send your letter and which code will be used. 

IPSec Transport Modes

IPSec uses two different transport modes — either tunnel or transport. Both offer varying levels of security.

Tunnel mode

The tunnel method is the most secure because it encrypts the entire data packet. This includes the header, payload, and trailer. It also adds a new IP header to the data packet for additional security, wrapping the original data packet inside another one. It relies on establishing a secure tunnel between two endpoints, usually when there are concerns about the endpoint security. For example, if you were sending a letter to a recipient you’d never met before and wanted to make sure it arrived safely. 

Transport mode

Transport mode only encrypts the payload, leaving the header in plain text. It doesn’t encrypt the trailer either. This is typically used where the endpoint is trusted — like sending a letter to a family member. You know you can trust them, so don’t need the additional security steps. You can send the letter in the box without a separate code.

What Is an IPSec VPN?

VPNs use IPSec protocols to establish secure connections between your device and the VPN server. They send your data through the tunnel using IPSec, which makes your traffic inaccessible to anyone outside of the VPN tunnel. Most IPSec VPNs combine this protocol with IKEv2, rather than using it on its own.

IKEv2 is known for its rapid speeds and ability to transfer data quickly. IPSec is used primarily for enhanced security and ensuring data arrives at its destination safely. So many VPNs use these protocols together to provide stable, secure connections in one. 

VPNs also use many other protocols, including OpenVPN and WireGuard. Both of these are newer than IPSec, but newer doesn’t always mean better. Each VPN protocol has its benefits and drawbacks, so VPNs tend to select specific ones based on the device you use and what you’re doing online. 

Some VPNs also give you the option to choose which protocol you want to use. OpenVPN, as an example, is perfect for bypassing firewalls, but it only works on certain devices. IPSec, on the other hand, is better suited for mobile devices because of its flexibility, security, and quick speeds. You can usually customize the protocol inside the VPN app to suit your needs.

Types of VPNs: SSL VPN vs. IPSec VPN 

SSL (Secure Socket Layer) is another security VPN protocol, but it works a little differently from IPSec. With an IPSec VPN, you can connect remotely to access another network. For example, accessing a work network while at home or a VPN server in a different country. The endpoint is widespread, giving you access to everything on a single network. 

SSL VPNs only create encrypted connections with specific apps or websites on a network. This means either one or both endpoints are pre-determined, i.e. it’s linked to a specific application or directs traffic to a specific website. This can make connections more secure since there’s only one place to direct your traffic, but it’s less flexible. 

Most consumer VPNs offer IPSec (or an equivalent) because of the security and flexibility the protocol offers. Commercial SSL VPNs are usually set up as browser extensions — so your browser is the endpoint. This means they won’t encrypt the traffic sent by apps or other online services on your device, just the traffic sent via your browser.

IPSec VPN: Pros and Cons

As with any security protocol, IPSec has its advantages and disadvantages. While it provides strong security and capabilities for remote server access, it can be slow and hard to configure. Let’s explore the pros and cons in more detail.

IPSec VPN: Pros

    • 👍🏻 Highly secure: IPSec provides high security with encryption and authentication to make your data private and prevent unwanted access.
    • 👍🏻 Flexible: IPSec is flexible and can be configured to different network environments, including site-to-site (VPN connects two local networks in an encrypted tunnel), point-to-point (VPN enables several devices to connect and collaborate in an encrypted tunnel), and remote access connections (VPN enables individuals to access a server remotely).
    • 👍🏻 Scalable: IPSec can be scaled up or down easily and quickly, which is especially useful for business organizations.
    • 👍🏻 Enables remote access: IPSec facilitates secure remote access to servers and networks, including office networks, local web servers, and servers in other regions.

IPSec VPN: Cons

    • 👎🏻 Hard to configure: Unless you use a VPN with the IPSec protocol built-in, you’ll need to configure it yourself. This can be complex, especially for tech beginners.
    • 👎🏻 Can slow down speeds: The additional authentication and encryption steps can cause a drop in internet speeds.
    • 👎🏻 Consumes CPU: IPSec consumes large amounts of CPU power to encrypt and decrypt data between hosts, affecting network reliability and performance.
    • 👎🏻 Compatibility: IPSec isn’t compatible with every device, and some VPNs only offer IPSec with certain devices.

Does CyberGhost VPN Support IPSec Connections?

Yes. CyberGhost VPN uses IPSec in combination with IKEv2. This ensures your connections remain speedy and secure, without drops in performance. You’ll see this option in all of our VPN apps, except for Android and Linux. It’s also the default protocol on iOS devices since Apple doesn’t support OpenVPN. 

If you want to try it out, you can download CyberGhost VPN to your device and switch protocol options inside the app.

Is IPSec the Right Protocol For You?

IPSec is a highly secure protocol that uses authentication and encryption to conceal your traffic and prevent interference. If you’re doing internet banking, accessing work files, or even just sending something highly sensitive via email, IPSec could give you the privacy and peace of mind you need.

Remember though — every protocol has its weaknesses. Extra security can slow down your connection, so it’s not right for everyone, especially frequent streamers and online gamers. Need help deciding? See how each VPN protocol compares so you can make the right choice. 


What is the main difference between an SSL VPN and IPSec VPN?

IPSec VPNs use an encrypted tunnel and authentication to give you remote access to a server. This means you can access everything on the network, without restrictions. SSL VPNs only create an encrypted tunnel with a specific application or website. If it’s set up with only one destination endpoint, you can access it remotely as with IPSec, but anything else remains inaccessible.

Is an IPSec VPN better than an SSL VPN?

It depends on what you need a VPN for. IPSec VPNs offer more flexibility as they can encrypt your entire connection and be used in different ways. An SSL VPN encrypts the connection for a specific website or application, like your browser. They can also be used to limit remote access to a specific destination. SSL VPNs could be more secure since there’s only a single line of traffic from one place to another. 

How secure is the IPSec VPN tunnel?

Very! IPSec VPNs wrap data packets in encryption and use authentication to ensure your traffic arrives safely at the host destination. This VPN encryption scrambles data packets, and only the host destination has the key to decrypt your data and read it. This means anyone spying on your connection can’t see the data you’re sending. 

What are the disadvantages of IPSec VPN?

IPSec VPN offers tough security, but the additional encryption and authentication steps can slow down your connection. IPSec relies on a lot of computing power which can compromise network performance. It can also be hard to configure, unless you choose a VPN with IPSec built-in. CyberGhost VPN offers IPSec paired with IKEv2 in every app, except Android and Linux. It’s the default option on iOS devices too. 

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*