I've been studying IPSec in the last couple of days/weeks. Absolutely fascinating. Learned an awful lot. And it's frightening. There appear to be so many misconceptions about IPSec. Most importantly, many of my senior colleagues in IT believe that IPSec is a stable and reliable solution. After reading the RFCs and playing with various implementations, I feel that IKEv1 is a very fragile protocol. How do you do simple things like detecting a dead peer? Uhm, yeah, depends on the implementation. Kind of. How do you do rekeying? Uhm, yeah, let's agree on a key lifetime but let's break horribly if we try to initiate rekeying at the same time (sic). Also, let's negotiate a couple of parameters when the IKE connection starts -- but let's leave it to the implementation if those parameters actually have to match. IKEv2 seems to be a big improvement, however many firewall appliances out there still don't implement it. And there are still design issues like rekeying collisions and duplicate CHILD-SAs. Oh and how do you monitor an IPSec "tunnel"? I have no idea yet how to do that properly. All of my criticism applies to IPSec as a basis for site-to-site VPNs. Those are long-running VPN tunnels that can't just be broken from time to time. But maybe that's the problem. IPSec feels like it was meant to connect two hosts with a secure channel for just a couple of minutes. I feel like IPSec (meaning SAs, SPs, and the ESP protocol -- not IKE) and TLS are trying to do a very similar (if not the same) thing. Why do we use IPSec for site-to-site VPNs so often? Probably just because so many firewall appliances have built-in support for IPSec and nothing else. I probably sound very arrogant because I'm a newbie in this area and I'm basically telling everybody that they're stupid. This is not my intention. It's likely that I have not yet understood some core principles. I'm well aware that I'm not an expert and I'm willing to learn.