Internet Protocol Security (IPSec) Encryption

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Internet Protocol security (IPSec)

The long-term direction for secure networking, IPSec is a suite of cryptography-based protection services and security protocols. Because it requires no changes to applications or protocols, you can easily deploy IPSec for existing networks.

IPSec provides computer-level authentication, as well as data encryption, for VPN connections that use the L2TP protocol. IPSec is negotiated between your computer and an L2TP-based VPN server before an L2TP connection is established. This negotiation secures both passwords and data.

L2TP uses standard PPP-based authentication protocols, such as EAP, MS-CHAP, MS-CHAP v2, CHAP, SPAP, and PAP with IPSec.

Encryption is determined by the IPSec Security Association, or SA. A security association is a combination of a destination address, a security protocol, and a unique identification value, called a Security Parameters Index (SPI). The available encryptions include:

• Data Encryption Standard (DES), which uses a 56-bit key.

• Triple DES (3DES), which uses three 56-bit keys and is designed for high-security environments.

For more information about IPSec, see Internet Protocol Security (IPSec).

For more information about configuring connections, see Configure a connection to a remote network.