IPSec ensures secure and private communications over Internet Protocol (IP) networks. It authenticates and encrypts IP packets between two end points.

what is ipsec

What is IPsec?

Internet Protocol Security, aka IPSec, is a framework of open standards. It is developed by the Internet Engineering Task Force (IETF). It provides cryptographically-based security to network traffic. It also enables data origin authentication, confidentiality, integrity and anti-replay.

Offering support for both IPv4 and IPv6, IPSec is deployed when it comes to the implementation of a VPN. The terms IPSec VPN or VPN over IPSec is the process of creating connections via IPSec protocol. It is a common method for creating a virtual, encrypted link over the unsecured Internet.

Key Features of IPSec VPN

Anti-Replay Protection

IPSec provides protection against replay attacks. It assigns a unique sequence number to each packet. If it detects a packet with a duplicate sequence number, it is replayed and dropped.

Data Origin Authentication

The Hash message authentication code (HMAC) verifies that the packets are not changed.

Perfect Forward Secrecy

PFS in an IPSec VPN service enhances the security of your VPN connection. It does so by ensuring a unique session key for each negotiation.


IPSec works below the transport layer, so it is transparent to users and applications. So, you do not need to make any changes to software when implementing it on your router or firewall.

Dynamic Re-Keying

Re-keying, at set intervals, bids farewell to manual reconfiguration of secret keys. And, you can stay protected against most interception and impersonation attacks.


Packets are encrypted by the sender before transmission. As a result, the sensitive data will only reach its intended recipient.

IPSec vs SSL Comparison

IPSec (IKEv2, L2TP) vs SSL (OpenVPN, SSTP)

The following is an in-depth comparison between SSL and IPSec protocols

Encryption 128-bit 256-bit 256-bit 256-bit 256-bit
Security PPTP implementation has several known security vulnerabilities Latest VPN protocol which implements IPSec and is highly secure IPSec over L2TP, when properly implemented, has no major known vulnerabilities Can be considered as secure as OpenVPN when used in conjunction with robust cipher and ephemeral keys It can be considered extremely secure when used in conjunction with robust cipher and ephemeral keys
Stability Unstable and may disconnect frequently Highly stable and consistent connection once established Stable Connection Stable, but more so on Windows Stable Connection
Speed Fastest VPN protocol because of basic encryption Faster than other VPN protocols due to MOBIIKE support, which makes it stable and resilient L2TL/IPSec is still fast, despite tunneling overhead, due to high encryption/decryption efficiency. Faster than PPTP and L2TP Great speed across long distances and on connections with high latency
Supported OS All Platforms (Manual) Windows OS iOS Android (Manual) Mac OS X (Manual) BlackBerry (Manual) Windows OS iOS (Manual) Android (Manual) Mac OS X (Manual) And More... Windows OS iOS (Not Supported) Android (Not Supported) MAC OS X And More... Windows OS iOS (Manual) Android Mac OS X (Manual) And More...
Conclusion Highly recommended for bypassing geo- restrictions quickly, but isn’t the best option for security Fast speed, strong security, the only VPN protocol supported by Blackberry Easy-to-setup, stable, and secure Safer and faster than PPTP and L2TP, ideal for Windows OS, can easily bypass firewalls Good speed, strong security, native support for most OS.

PureVPN offers support for all major VPN protocols and platforms.

Pros & Cons of IPSec VPN Protocol


  • Native compatibility for all major devices.
  • It offers best security since it uses a variety of ciphers such as 3DES, AES, and AES-256.
  • It is stable, especially when switching networks or reconnecting after a dropped connection.
  • Operates at network level – no need to worry about application dependence!


  • You can block it using a restrictive firewalls.
  • It is not the fastest protocol. The L2TP/IPSec encapsulates data twice, which slows down the connection.
  • Requires significant bandwidth and processing time.

How to Select the Best VPN Protocol?

Automatic Selection

Ease of use is one of our cornerstones. PureVPN apps can choose the VPN protocol best suited for your connection. All you have to do is connect and we take care of the rest for you.

Manual Selection

You have the option of using a different protocol for your VPN connection. You should take a look at our VPN comparison chart for a better understanding of what each brings to the table. Still uncertain? Try these VPN protocols in the following order:

  • OpenVPN
  • IKEv2
  • SSTP
  • L2TP
  • PPTP
  • IPSec
Get PureVPN

31-Day Money Back Guarantee

Frequently Asked Questions

IPSec VPN uses tunneling to establish a private connection for the network traffic. Unlike other protocols that function at application layer, it operates at network layer. It allows the protocol to encrypt the entire packet.

A variety of encryption algorithms are at play for this very purpose. But, we can drill them down to two main mechanisms which we have described below! IPSec uses Advanced Encryption Standard along with other technologies for data safety.
IPSec relies on the following core protocols for encoding your information:

  • IPSec Authentication Header (AH)
    The protocol ensures a digital signature on each packet to protect your data and network. It means that the content cannot be altered without discovery. And. it also allows the recipient to verify that the received packets were actually sent by the originator or not. AH also keeps you protected from replay attacks.

  • Encapsulating Security Payload (ESP)
    AH prevents a packet from getting tampered & ESP handles encryption of the packets. The payload of a packet is encrypted via an ESP header, ESP trailer, and ESP authentication block.

Both of these protocols work together to provide authentication, security, and privacy.
For Android and Windows devices, IPSec can be used with L2TP and IKEv2 protocols. When it comes to iOS and Mac devices though, you can only select to use IPSec alone.
More often than not, IPSec VPN ports are usually open in firewall. If it is not, you can make it work by opening UDP port 500. It allows ISAKEP traffic to get forwarded through your firewalls. And, it permits IP protocol IDs 50 to allow ESP traffic and 51 to allow AH traffic. The traffic is forwarded on firewall filters – both inbound and unbound.
While it is possible to setup IPSec over IPv6, PureVPN does not support IPSec over IPv6.
  • 31 Guarantee 31-Day Money-Back
  • One-click
  • 3 Million+
    Satisfied Users
  • 24x7x365
    Customer Support