Carrier protocol:
The protocol over which the information is traveling (Frame Relay, ATM, MPLS).
Encapsulating protocol:
The protocol that is wrapped around the original data (GRE, IPSec, L2F, PPTP, L2TP).
Passenger protocol:
The protocol over which the original data was being carried (IPX, AppleTalk, IPv4, IPv6).
Data Encryption Standard (DES) algorithm – Developed by IBM, DES uses a 56-bit key, ensuring high-performance encryption. DES is a symmetric key cryptosystem. Symmetric and asymmetric keys are explained below.
Triple DES (3DES) algorithm – A newer variant of DES that encrypts with one key, decrypts with another different key, and then encrypts one final time with another key. 3DES provides significantly more strength to the encryption process.
Advanced Encryption Standard (AES) – The National Institute of Standards and Technology (NIST) adopted AES to replace the existing DES encryption in cryptographic devices. AES provides stronger security than DES and is computationally more efficient than 3DES. AES offers three different key lengths: 128, 192, and 256-bit keys.
Rivest, Shamir, and Adleman (RSA) – An asymmetrical key cryptosystem. The keys use a bit length of 512, 768, 1024, or larger.
Peer authentication methods:
RSA signatures
PSKs
DES – Encrypts and decrypts packet data.
3DES – Provides significant encryption strength over 56-bit DES.
AES – Provides stronger encryption, depending on the key length used, and faster throughput.
MD5 – Authenticates packet data, using a 128-bit shared secret key.
SHA-1 – Authenticates packet data, using a 160-bit shared secret key.
DH – Allows two parties to establish a shared secret key used by encryption and hash algorithms, for example, DES and MD5, over an insecure communications channel.
AH provides the following:
Authentication
Integrity
ESP provides the following:
Confidentiality
Authentication
Integrity