IPSec is a generic description of a set of protocols that establish the parameters and encryption
for a tunnel between two end points, but IPSec itself provides none of these functions. The standard
is defined in RFCs 2401 through 2411 and in RFC 2451; this is recommended reading for
anyone supporting or installing a large-scale IPSec VPN. The elements that comprise many
IPSec functions are outlined in Table 28.2.
NOTE:Many configurations of IPSec have difficulties with Network Address Translation
(NAT), described in Chapter 32, “Centralized Security in Remote Access
Networks.” A new feature—IPSec NAT Transparency—has been introduced
with IOS version 12.2(13)T and should be evaluated for installations that
require NAT and IPSec support.