« Back to Glossary Index
IPsec is a set of standards for encrypting network traffic between two points. An industrial router at a remote site uses IPsec to create a secure tunnel back to the corporate network – so SCADA polling traffic, maintenance sessions, and data uploads cannot be read or tampered with in transit.
IPsec operates in Tunnel mode for site-to-site connections – the entire IP packet is encrypted and wrapped in a new packet for transit. IKEv2 is the preferred key negotiation method on modern hardware, being more stable on cellular connections than IKEv1.
- Tunnel mode: encrypts the full IP packet including headers – standard for site-to-site VPN
- Transport mode: encrypts payload only – used for host-to-host where routing information is not sensitive
- IKEv2 is preferred over IKEv1: faster establishment, better NAT traversal, more resilient on cellular
- AES-256 is the standard encryption cipher for new deployments