Internet Protocol security (IPsec) helps make network traffic more secure by authenticating and encrypting packet exchanges in the IP transport stream. IPsec uses two methods for encryption, transport and tunnel. Tunneling mode wraps, routes, and then unwraps data packets.
Mobile Device Manager Gateway Server uses IPsec Tunneling to communicate with and manage Windows Mobile devices outside the perimeter network and firewall of a company.
To move data more securely over a network connection that is not secure, tunneling adds new information at the start and end of each data packet. This process is known as encapsulation or wrapping.
The additional data, known as the wrapper, can have new addressing and routing information. This information helps hide the data packet from intruders who want to intercept network traffic. After the information arrives at the destination, IPsec removes the wrappers and sends the original contents to the recipient.
The tunnel is the logical path along which wrapped packets travel. Typically, the tunnel is transparent to the sending and receiving computers and appears as merely another point-to-point connection in the network path.
When you combine tunneling with data confidentiality, you can use it to create a virtual private network (VPN). The IPsec tunnel mode helps protect traffic between two IP addresses, or two IP subnets.
In IPsec tunnel mode, MDM Gateway Server administrators can perform the following functions:
- Create an IPsec Tunnel between a managed device and MDM Gateway
Server.
- Use mutual client/server authentication based on certificates.
- Close the VPN tunnel connection at the MDM Gateway
Server location.
- Allocate, assign, and manage IP addresses for connected managed
devices.
- Optimize IPsec connections over a wireless wide area network
(WWAN); for example, HTTP pipelining, minimizing round trips, and
minimizing Domain Name System (DNS) lookups.
- Enable MDM Gateway Server to block connections from
non-authenticated managed devices.
- Use standard protocols for IPsec tunneling.