In this chapter, we look at the architecture that comprises and unifies the various IPsec protocols. We’ll see that IPsec exactly meets our definition for a VPN: It’s encryption and authentication applied to a tunnel in order to create the illusion of a private leased-line network. The overall architecture of IPsec is described in RFC 2401 [Kent and Atkinson 1998c], but separate RFCs describe its protocols and its encryption and authentication algorithms. Many of these RFCs are discussed in subsequent chapters.

RFC 2401 doesn’t talk very much about VPNs, preferring instead to discuss such objects as “secured connections.” When it does use the term VPN, the RFC applies it to the case of a secured ...