Internet Protocol Security (IPSec) Encryption
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Internet Protocol security (IPSec)
The long-term direction for secure networking, IPSec is a suite of cryptography-based protection services and security protocols. Because it requires no changes to applications or protocols, you can easily deploy IPSec for existing networks.
IPSec provides computer-level authentication, as well as data encryption, for VPN connections that use the L2TP protocol. IPSec is negotiated between your computer and an L2TP-based VPN server before an L2TP connection is established. This negotiation secures both passwords and data.
L2TP uses standard PPP-based authentication protocols, such as EAP, MS-CHAP, MS-CHAP v2, CHAP, SPAP, and PAP with IPSec.
Encryption is determined by the IPSec Security Association, or SA. A security association is a combination of a destination address, a security protocol, and a unique identification value, called a Security Parameters Index (SPI). The available encryptions include:
Data Encryption Standard (DES), which uses a 56-bit key.
Triple DES (3DES), which uses three 56-bit keys and is designed for high-security environments.
For more information about IPSec, see Internet Protocol Security (IPSec).
For more information about configuring connections, see Configure a connection to a remote network.