Security Architecture for the Internet Protocol
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
S. Kent, K. Seo · 2005-12
Abstract
This document describes an updated version of the IPsec security architecture specification. IPsec is designed to provide interoperable, high-quality, cryptographically-based security for IPv4 and IPv6. The services offered include access control, connectionless integrity, data origin authentication, protection against replays, confidentiality, and limited traffic flow confidentiality.
Why This RFC Matters
RFC 4301 is the definitive architectural document for IPsec, superseding RFC 2401 and unifying the Security Policy Database (SPD), Security Association Database (SAD), and Peer Authorization Database (PAD) into a coherent framework. It defines how packets are matched to security policies, how Security Associations are established and managed, and how transport and tunnel modes operate — the conceptual foundation that all IKEv2 implementations and VPN products must conform to. Enterprise VPNs, site-to-site tunnels, and remote-access solutions all derive their security model from the architecture laid out here.