|NIST Draft Special Publication 800-77, Guide to IPsec VPNs
NIST is pleased to announce new draft special publication 800-77, Guide to IPsec VPNs. IPsec is a framework of open standards for ensuring private communications over IP networks. The most common use is with virtual private networks (VPN). IPsec provides several types of data protection, including maintaining confidentiality and integrity, authenticating the origin of data, preventing packet replay and traffic analysis, and providing access protection.
This document describes the three primary models for VPN architectures: gateway-to-gateway, host-to-gateway, and host-to-host. These models can be used, respectively, to connect two secured networks, such as a branch office and headquarters, over the Internet; to protect communications for hosts on unsecured networks, such as traveling employees; or to secure direct communications between two computers that require extra protection.
The guide describes the components of IPsec. It also presents a phased approach to IPsec planning and implementation that can help in achieving successful IPsec deployments. The five phases of the approach are as follows: identity needs, design the solution, implement and test a prototype, deploy the solution, and manage the solution. Special considerations affecting configuration and deployment are analyzed, and three test cases are presented to illustrate the process of planning and implementing IPsec VPNs.
Comments on SP 800-77 can be made until 3 March 2005. Please submit comments to IPsecpub@nist.gov.
URL: NIST Draft Special Publication 800-77, Guide to IPsec VPNs (1.45 MB PDF)