IPSec establishes a pair of security associations between IPSec peers to form an IPSec tunnel, transmits the defined IPSec-protected data flows over the tunnel, and uses a security protocol to encrypt and authenticate the data passing through the tunnel. This implementation ensures secure data transmission over the Internet.
IPSec SAs can be manually established or established through IKEv1 or IKEv2 negotiation. The following describes how to define IPSec-protected data flows and how to establish IPSec SAs through IKE negotiation.