Module 3b

Module 3b-
Encryption and VPN Technology
PDF created with pdfFactory trial version www.pdffactory.com

Overview
• VPN Overview
• VPN Topologies
• VPN Technologies
• IPSec

VPN Overview
• The primary reason for deploying a VPN is cost savings.

• A Virtual Private Network (VPN) is defined as network connectivity deployed on
a shared infrastructure with the same policies and security as a private
network.
• A VPN can be between two end systems, or it can be between two or more
networks.
• A VPN can be built using tunnels and encryption.
• VPNs can occur at any layer of the OSI protocol stack.
• A VPN is an alternative WAN infrastructure that replaces or augments existing
private networks that use leased-line or enterprise-owned Frame Relay or ATM
networks.
3

VPN Overview

VPN Overview
• VPNs provide 3 critical functions:

– Confidentiality (encryption) – The sender can encrypt the packets before
transmitting them across a network. By doing so, no one can access the
communication without permission. If intercepted, the communications cannot be
read.
– Data integrity – The receiver can verify that the data was transmitted through the
Internet without being altered.
– Origin authentication – The receiver can authenticate the source of the packet,
guaranteeing and certifying the source of the information.
5

VPN Overview
• VPNs offer many advantages over traditional, leased-line

networks.
6

VPN Overview
• Virtual Private Networking enables the benefits of a private network

over the larger shared IP infrastructure of the Internet.
• Benefits include privacy and the use of multiple protocols.
7

Tunneling and encryption
• The main function that a VPN offers for this protection is encryption through a tunnel:
– Tunnels provide logical, point-to-point connections across a connectionless IP
network. Encryption is applied to the tunneled connection to make data legible only
to authorized senders and receivers.
– Encryption ensures that messages cannot be read by anyone but the intended
recipient. Encryption transforms content information into a ciphertext that is
meaningless in its encrypted form. The decryption function restores the ciphertext
back into content information intended for the recipient.
8

Tunneling protocols
• A variety of technologies exist to enable tunneling of protocols through

networks to create a VPN .
• Prior to the Layer 2 Tunneling Protocol (L2TP) standard established in August
1999, Cisco used Layer 2 Forwarding (L2F) as its proprietary tunneling
protocol. L2TP is entirely backwards compatible with L2F. L2F is not forward
compatible with L2TP. L2TP, defined in RFC 2661, is a combination of Cisco
L2F and Microsoft Point-to-Point Tunneling Protocol (PPTP).
• Microsoft supports PPTP in its earlier versions of Windows and PPTP/L2TP in
Windows NT/2000/XP.
• L2TP is used to create a media independent, multiprotocol Virtual Private Dial
Network (VPDN).
• L2TP allows users to invoke corporate security policies across any VPN or
VPDN link as an extension of their internal networks.
9

Tunneling protocols
• The Cisco Generic Routing Encapsulation (GRE) multiprotocol carrier

encapsulates IP, CLNP, IPX, AppleTalk, DECnet Phase IV, and XNS
inside IP tunnels .
• With GRE tunneling, a router at each site encapsulates protocol-
specific packets in an IP header.
• GRE tunneling allows desktop protocols to take advantage of the
enhanced route selection capabilities of IP.
10

Tunneling protocols
• Designing a VPN using IPSec for connectivity between peers has inherent limitations.
These are:
– IPSec can encrypt/decrypt only IP traffic.
– IP traffic destined to a multicast or broadcast IP address cannot be handled by
IPSec, which means that IP multicast traffic cannot traverse the IPSec tunnel. Also,
many routing protocols (such as EIGRP, OSPF, and RIPv2) use a multicast or a
broadcast address; therefore, dynamic routing using these routing protocols cannot
be configured between IPSec peers.
• These limitations can be overcome by configuring an IP-encapsulated GRE tunnel
between the peers and applying IPSec protection on the GRE/IP tunnel.
11

Tunneling protocols
• When GRE is used in conjunction with IPSec, either tunnel mode or transport
mode can be used.
• Tunnel mode adds an IPSec IP header to the GRE packet whereas IPSec
transport mode uses the original GRE packet's IP header.
12

VPN usage scenarios
Hub-and-Spokes
• A variety of networking devices can use VPN tunnels to carry encrypted data.
• Virtual Private Networking can be done from anywhere using routers, firewalls,
or dedicated VPN concentrators.
13

VPN usage scenarios
• Options for business-to-business and business to customer

connections within an expanding ecosystem are added to these
standard network connections.
14

VPN usage scenarios
• There are 2 types of remote access VPNs:

– Client-Initiated – Remote users use clients to establish a secure tunnel
across a shared ISP network to the enterprise.
– Network Access Server-initiated – Remote users dial in to an ISP
Network Access Server (NAS). The NAS establishes a secure tunnel to the
enterprise private network that might support multiple remote user-initiated
sessions.
• Site-to-site VPNs also have 2 main types:
– Intranet VPNs connect corporate headquarters, remote offices, and
branch offices over a public infrastructure.
– Extranet VPNs link customers, suppliers, partners, or communities of
interest to a corporate intranet over a public infrastructure.
15

Remote access VPNs
Point-of-Presence (POP)
• Remote access is targeted to mobile users and home telecommuters.

In the past, corporations supported remote users via dial-in networks.
This typically required a call to access the corporation.
• With the advent of VPN, a mobile user can connect to any ISP using
dial, cable, or DSL, and connect to the Internet to access the
corporation. This is the evolution of dial networks.
16

Site-to-site VPNs
• Site-to-site VPNs can be used to connect corporate sites. In the past, a

leased line or Frame Relay connection was required to connect sites.
• Currently, most corporations have Internet access. With Internet
access, expensive leased lines and Frame Relay lines can be replaced
with site-to-site VPNs.
17

VPN technology options
18

VPN technology options
ATM and Frame Relay
• With implementation of encryption on one layer, this layer and all

layers above it are automatically protected.
• Network layer protection offers one of the most flexible solutions. It is
media independent as well as application independent.
19

WebVPN
• WebVPN lets users establish a secure, remote-access VPN tunnel to a head-

end device using a web browser.
• Users are no longer restricted to a particular PC or workstation, improving
mobility and flexibility of access .
• WebVPN is not a replacement for IPSec, but widens application availability.
20

WebVPN
• WebVPN features include the following :

– Secure access to internal web sites via HTTPS
– Windows File Access provides access to files on pre-configured file servers, or file
browsing on the network.
– Port Forwarding, or Application Access, for legacy application support.
– E-mail Proxies enable e-mail via Post Office Protocol, Revision 3 (POP3S) over
SSL, Internet Messages Access Protocol, Revision 4 (IMAP4S) over SSL, and
Simple Mail Transfer Protocol Secure (SMTPS) over SSL proxies.
21

WebVPN
• WebVPN and IPSec comparison

Each type of remote access has its own unique set of benefits.
WebVPN allows clientless access, but there are possible tradeoffs in
ease of use and security. Many of these trade-offs can be mitigated by
properly implementing WebVPN.
22

Tunnel interfaces
• Tunnel interfaces provide a point-to-point connection between two

routers through a virtual software interface. They also appear as one
direct link between routers hiding the underlying infrastructure that are
connected via a large network, such as the Internet.
• However, tunnel interfaces should not to be confused with IPSec or
L2TP tunnels, which can act as tunnels but not as true Cisco IOS
interfaces.
23

IPSec
24

Introduction to IPSec
• IPSec is a framework of security protocols and algorithms used to

secure data at the network layer .
• It is not bound to any specific encryption or authentication algorithm
keying technology.
• Prior to the IPSec standard, Cisco implemented its proprietary Cisco
Encryption Technology (CET) to provide protection at the packet level.
25

• IPSec security provides 4 major functions:

– Confidentiality: The sender can encrypt the packets before transmitting
them across the network. If such a communication is intercepted, it cannot
be read by anybody.
– Data integrity: The receiver can verify whether the data was changed while
traveling the Internet.
– Origin authentication: The receiver can authenticate the source of the
packet.
– Antireplay protection: The receiver can verify that each packet is unique
and is not duplicated.
26

• Encryption
– When packets are traveling on the Internet, they are vulnerable to
eavesdropping. Clear-text messages can be intercepted and read by
anybody. Therefore, to keep the data secure, it can be encrypted.
– For encryption to work, both the sender and the receiver need to
know the rules that were used to encrypt the original message.
• There are 2 types of encryption:
– Symmetric
– Asymmetric
27

• Data Integrity
– Data integrity is also a critical function of VPN because data is sent over a
public network and can be intercepted and modified.
– To guard against this interception, every message has an attached hash.
This hash guarantees the integrity of the message. The receiver checks this
by comparing the received hash with the hash it calculates from the
message itself. If both values are equal, the message has not been
tampered with.
• IPSec uses the Hashed Message Authentication Codes (HMAC) protocol to
calculate the hash.
• Two HMAC algorithms are commonly used:
– HMAC-MD5 This protocol uses a 128-bit shared key. The key and the
message are combined to a 128-bit hash.
– HMAC-SHA-1 This protocol uses a 160-bit shared key. The length of the
hash is 160 bits. This protocol is considered stronger because of the longer
key.
28

• Origin Authentication
– Another important function is origin authentication. In the electronic era, a
document is signed with the sender's private encryption key. This is also
called a digital signature.
– This signature can be authenticated by decrypting it with the sender's public
key.
– When doing business over a long distance, it is important to know who is at
the other side of the phone, fax, and so on. The same is true for VPNs. The
devices at the other end of the tunnel must be authenticated before the path
is considered secure.
• There are 3 peer authentication methods:
– Preshared keys A secret key is entered into each peer manually.
– RSA signatures The exchange of digital certificates authenticates the
peers.
– RSA encryption nonces Nonces (a random number generated by the
peers) are encrypted and then exchanged between peers. The two nonces
are used during the peer authentication process.
29

• Preshared Keys
– If preshared keys are used, the same key is configured on each IPSec
peer.
– At each end, the preshared keys are combined with other information
(device-specific information) to form the authentication key.
– They are both sent through a hash algorithm to form a hash. Then the hash
is sent to the other site.
30

• RSA Signatures
– With RSA signatures, both hashes are not only authenticated but
also digitally signed.
– At the local end, the authentication key and identity information are
sent through the hash algorithm to form the hash, a process similar
to that used with preshared keys. But with RSA signatures, the
hash is then encrypted using the local peer's private key.
– The result of this procedure is a digital signature
31

Extra: Generating and Verifying a Digital Signature
32

33

34

35

• RSA-Encrypted Nonces
– RSA-encrypted nonces require that each site generate a nonce.
– Nonce is a pseudorandom number.
– The generated nonces are then encrypted and exchanged.
– When the other side receives the nonces, it makes an
authentication key from both nonces and some other information.
– That nonce-based key is then combined with device-specific
information and run though the hash algorithm
36

Extra: RSA-Encrypted Nonce Authentication
37

38

1. Initiator (James) and Responder (Charlie) generate an RSA public and

private keypair.
2. Initiator and Responder exchange public keys.
3. The Initiator creates a nonce and forwards it to the Responder.
4. The Responder encrypts the nonce with the Initiator's public RSA key
(obtained in Step 1), and forwards the ciphered message to the Initiator.
5. The Initiator decrypts the ciphered nonce from the Responder. If the value
matches the original nonce, the Responder has authenticated with the Initiator
(Hash_I).
6. The Responder creates a nonce and forwards it to the Initiator.
7. The Initiator encrypts the nonce with the Initiator's public RSA key (obtained
in Step 1), and forwards the ciphered nonce to the Responder (Hash_R).
8. The Responder decrypts the ciphered message with its own private RSA
key. If the decrypted nonce matches the original nonce sent from the
Responder, the Initiator has authenticated with the responder.
39

• Antireplay Protection
– Antireplay protection verifies that each packet is unique and not
duplicated.
– IPSec packets are protected by comparing the sequence number of
the received packets and a sliding window on the destination host.
– Packets in which the sequence number is before the sliding window
are considered late, or duplicate. These packets are dropped.
40

• Protocol Framework
– The previous sections discussed encryption, integrity, and authentication.
Now let's apply these three concepts to the IPSec protocol suite.
– IPSec is a framework of open standards.
– IPSec relies on existing technology, such as DES and 3DES, to secure the
communication between two entities.
• There are 2 main IPSec framework protocols available:
– Authentication header (AH)
– Encapsulating security payload (ESP)
41

• IPSec consists of 2 protocols:

– Encapsulating Security Payload (ESP): it encapsulates the data, but
does not provide protection to the outer headers. ESP encrypts the
payload for data confidentiality.
– Authentication Header (AH): the AH protocol provides protection to the
entire datagram by embedding the header in the data. The AH verifies the
integrity of the IP datagram.
• AH and ESP use symmetric secret key algorithms, although public key
algorithms are feasible.
42

• The advantages of IPSec
43

Authentication Header (AH)
• The IP Authentication Header (AH) is used to provide connectionless integrity

and data origin authentication for IP datagrams, and to provide protection
against replays. It does not encrypt the data packet, so the text is transported in
clear text.
• AH, defined in RFC 2402, provides authentication for as much of the IP header
as possible, as well as for upper level protocol data.
• However, some IP header fields may change in transit, such as the Time-To-
Live field . The value of these fields may not be predictable by the sender, when
the packet arrives at the receiver. The values of such fields cannot be protected
by AH.
• AH is defined as IP protocol 51.
44

• AH may be applied alone, in combination with the IP ESP, or in a nested fashion

through the use of tunnel mode.
• ESP may be used to provide the same security services, and it also provides a
confidentiality, or encryption, service.
• The primary difference between the authentication services provided by ESP
and AH is the extent of the coverage.
• Specifically, ESP does not protect any IP header fields unless ESP
encapsulates those fields, or the fields are in tunnel mode
45

• AH provides:
– the packet authentication,
– integrity assurance,
– and replay detection/protection via sequence numbers.
• However, no confidentiality or encryption is provided .
46

47

The AH Header Structure
• A 32-bit Security Parameter Index (SPI) value shows the Security Association
(SA) used for this packet
• A 64-bit sequence number prevents packet replay:
– The receiver can verify that each packet is unique and is not duplicated.
• Authentication data is a HMAC value of the packet
• The following are reasons to use AH even though ESP seems to do all the
security services:
– AH requires less overhead than ESP.
– AH is never export-restricted.
– AH is mandatory for IPv6 compliance.
48

• The workings of AH are spelled out in the following steps:

Step 1. The IP header and data payload are hashed.
Step 2. The hash is used to build the AH, which is inserted into the original packet.
Step 3. The modified packet is send to the peer router.
Step 4. The peer router hashes the IP header and data payload.
Step 5. The router extracts the transmitted hash from the AH.
Step 6. The peer router compares the two hashes. The hashes have to match
exactly to prove that the packet was not modified during transport.
• AH supports both HMAC-MD5 and HMAC-SHA-1 algorithms. 49

Encapsulating Security Payload (ESP)
• ESP, defined in RFC 2406, is used to provide:

– confidentiality,
– data origin authentication,
– connectionless integrity,
– an anti-replay service,
– and limited traffic flow confidentiality by defeating traffic flow
analysis.
• The set of services provided depends on options selected at the time
of security association establishment and on the placement of the
implementation.
• Confidentiality may be selected independent of all other services.
However, use of confidentiality without integrity authentication, either in
ESP or separately in AH, may subject traffic to certain forms of active
attacks that could undermine the confidentiality service.
• ESP is defined as IP protocol 50.
50

• Traffic flow confidentiality requires
selection of tunnel mode.
• Traffic flow confidentiality is most
effective if implemented at a security
gateway where traffic aggregation
may be able to mask true source-
destination patterns.
• Note that although both confidentiality
and authentication are optional, at
least one of them must be selected.
• ESP Packet Header Format is shown
in this figure:
– One of the most important values
is the Security Parameters Index
(SPI) that allows the router to keep
track to the current security
association between two IPSec
devices.
51

• The security parameter index (SPI) in the ESP header is a 32-bit value that,
combined with the destination address and protocol in the preceding IP header,
identifies the security association (SA) to be used to process the packet.
• The SPI is an arbitrary number chosen by the destination peer during Internet Key
Exchange (IKE) negotiation between the peers. It functions like an index number
that can be used to look up the SA in the security association database (SADB).
• The sequence number is a unique monotonically increasing number inserted into
the header by the sender.
• Sequence numbers, along with the sliding receive window, provide anti-replay
services. The anti-replay protection scheme is common to both ESP and AH.
52

• Encryption is done with DES or 3DES.

• Optional authentication and integrity are provided with HMAC, keyed
SHA-1/RFC 2404, or keyed MD5/RFC 2403.
• There are 2 different key types contained in the SA :
– Encryption session keys
– HMAC session keys
53

• An ESP header and trailer are added to the encrypted payload.

• With authentication, the encrypted IP datagram and the ESP header and trailer
are included in the hashing process.
• A new IP header is appended to the front of the packet. This new IP header is
used to route the packet through the Internet. When both ESP authentication
and encryption are selected, encryption is performed before authentication.
• One of the main reasons for this order of processing is that it facilitates rapid
detection and rejection of incorrect packets at the receiving side. Before
decrypting the packet, the receiver can check the authentication of the packets.
This requires less processing time and can reduce the impact of denial-of-
service (DoS) attacks.
54

Tunnel and transport modes
• In transport mode, each end host does IPSec encapsulation of its

own data, host-to-host. Therefore, IPSec has to be implemented on
end-hosts. The application endpoint must also be the IPSec endpoint.
• In tunnel mode, IPSec gateways provide IPSec services to other
hosts in peer-to-peer tunnels. End-hosts are not aware of IPSec being
used to protect their traffic. IPSec gateways provide transparent
protection of the traffic of other hosts over untrusted networks.
55

• ESP and AH can be applied to IP packets in two different ways,

transport mode and tunnel mode.
• In transport mode, security is provided only for the transport layer and
above.
– Transport mode protects the payload of the packet but leaves the
original IP address in the clear.
– The original IP address is used to route the packet through the
Internet.
• Tunnel mode provides security for the whole original IP packet.
– The original IP packet is encrypted. Next, the encrypted packet is
encapsulated in another IP packet.
– The outside IP address is used to route the packet through the
Internet.
56

transport mode tunnel mode
• New AH headers, and optional tunnel headers, are added to the

packet.
– In transport mode, the AH header normally adds 24 bytes to each
packet .
– In tunnel mode, the tunnel IP and AH headers add 44 bytes to each
packet
57

transport mode tunnel mode
• New ESP headers, optional tunnel headers, and a trailer are added to the
packet.
– In transport mode, the ESP header/trailer normally adds up to 37 bytes to
each packet .
– In tunnel mode, the tunnel IP and ESP headers and trailer add up to 57
bytes to each packet . Using both AH and ESP in tunnel mode can add up
to 101 bytes to each packet. 58

Transport Mode
• Although the original header remains intact in both situations, the AH transport
does not support Network Address Translation (NAT) because changing the
source address in the IP header would cause the authentication to fail.
• If NAT is needed with AH transport mode, make sure that NAT happens before
IPSec.
• ESP transport mode does not have this problem. The IP header remains
outside the authentication and encryption area.
59

Tunnel Mode
60

61

62

Effect of NAT on AH
• AH protects the entire IP packet, including invariant header

fields such as the source and destination IP address,
through a message digest algorithm to produce a keyed
hash.
• The recipient uses the hash to authenticate the packet. If
any field in the original IP packet is modified, authentication
will fail and the recipient will discard the packet.
• AH is intended to prevent unauthorized modification,
source spoofing, and man-in-the-middle attacks. But NAT,
by definition, modifies IP packets. Therefore, NAT on AH
does not work.
63

Effect of NAT on ESP
• Like AH, ESP also employs a message digest algorithm for packet
authentication.
• But unlike AH, the hash created by ESP does not include the outer
packet IP header fields. This solves one problem, but leaves other
problems with ESP. When TCP or UDP are involved, as they are in
transport mode ESP, there are two caveats for ESP and NAT to work
together.
– First, because NAT modifies the TCP packet, NAT must also
recalculate the checksum used to verify integrity.
– On the other hand, ESP authentication will fail if NAT updates the
TCP checksum. If NAT does not update the checksum (for
example, if the payload is encrypted), TCP verification will fail.
• In tunnel mode, however, ESP has no issues with NAT. In this mode,
the original IP address and transport information is included as
payload.
• So, NAT and ESP can work together in tunnel mode when the NAT
translation is 1:1 on addresses with no multiplexing of inside addresses
to a single outside address using the transport layer port for
differentiation.
64

Effect of NAT on IKE
• IKE has problems when NAT devices transparently modify outgoing
packets.
• The first issue is that some devices might depend on IKE negotiation
being made by incoming packets sent from UDP port 500.
• If a NAT device is introduced, the final packet port will, most surely, not
be the expected port; therefore, IKE negotiation will not even begin.
• Another issue comes about when IKE includes IP addresses as part of
the authentication process, which depends on which IKE mode is used.
• If the authentication is based on the IP address, the changes made by
a NAT device will cause IKE negotiation to fail.
65

Extra: Address Translation Solutions
• NAT Traversal (NAT-T)

• IPSec Pass-through
• IKE Passing Through PAT
• ESP Passing Through PAT
• Restricted ESP Through PAT Mode
66

Security associations
• SAs represent a policy contract between 2 peers or hosts, and

describe how the peers will use IPSec security services to protect
network traffic.
• SAs contain all the security parameters needed to securely transport
packets between the peers or hosts, and practically define the security
policy used in IPSec.
67

• SAs always contain unidirectional, or one-way, specifications.

• SAs are also encapsulation protocol specific. There is a separate SA for each
encapsulation protocol, AH and ESP, for a given traffic flow.
• VPN devices store all their active SAs in a local database called the SA
database (SADB).
• The Security Parameters Index (SPI) is a 32-bit number that identifies each
established SA. The SPI uniquely identifies a particular SA in the SADB.
Finally, SPIs are written into IPSec packet headers to locate the appropriate
SA on the receiving system.
68

• SA contains information about the security that has been negotiated

between 2 parties for IKE or IPSec.
• There are 2 types of SAs:
– IKE or ISAKMP SA
– IPSec SA
• IKE SAs between peers are used for control traffic, such as negotiating
algorithms to use to encrypt IKE traffic and authenticate peers.
– There is only one IKE SA between peers, and it usually has less
traffic and a longer lifetime than IPSec SAs.
• IPSec SAs are used for negotiating encryption algorithms to apply for
IP traffic between the peers, based on policy definitions that define the
type of traffic to be protected.
– Because they are unidirectional, at least two IPSec SAs are needed
(one for inbound traffic and the other for outbound traffic). It is
possible to have multiple pairs of IPSec SAs between peers to
describe unique disjoint sets of IP hosts or IP data traffic.
– IPSec SAs also usually have more traffic and a shorter lifetime than
IKE SAs.
69

Router# show crypto isakmp policy

Global IKE policy
Protection suite of priority 110
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Message Digest 5
authentication method: Pre-Shared Key
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
Router# show crypto ipsec transform-set

Transform set MINE: { esp-des }
will negotiate = { Tunnel, },
70

71

• Security Association Database (SADB)
Router# show crypto ipsec sa
…
inbound esp sas:
spi: 0x19646448(426009672)
transform: esp-des ,
in use settings ={Tunnel, }
conn id: 19, flow_id: 19, crypto map: MYMAP
sa timing: remaining key lifetime (k/sec): (4431954/2604)
IV size: 8 bytes
replay detection support: N
Status: ACTIVE
…
outbound esp sas:
spi: 0x7AF99042(2063175746)
transform: esp-des ,
in use settings ={Tunnel, }
conn id: 20, flow_id: 20, crypto map: MYMAP
sa timing: remaining key lifetime (k/sec): (4431953/2564)
IV size: 8 bytes
replay detection support: N
Status: ACTIVE
72

Manual IPSec
• In manual IPSec, all the Security Association parameters must be

predefined by the network manager.
– Those parameters include the security protocol (AH, ESP), peer IP
address, SPI, and keying material (session keys).
• This makes manual IPSec configuration-intensive and prone to
incorrect configuration.
– Note that the Security Associations in manual IPsec never expire.
This means that the keying material (session keys) will not expire
and thus be more vulnerable to attacks.
– Also, the anti-replay security feature is not available in this type of
configuration.
• Manual Ipsec is generally used for initial test and debugging purposes.
• For larger, more complex environments, the use of IKE is strongly
advised since the Security Association management is automated.
73

Manual IPSec
74

Internet Key Exchange (IKE)
• For secure communication, both parties must be able to negotiate keys and decide
which encryption and authentication algorithms to use.
• The default IPSec method for secure key negotiation is the Internet Key Exchange
(IKE) protocol.
• The Internet Key Exchange (IKE) protocol (formerly known as ISAKMP/Oakley)
provides authentication of all peers, handles the security policies each can perform,
and controls the exchange of keys.
• IKE is a hybrid of the ISAKMP framework and the Oakley and SKEME protocols.
– ISAKMP provides a framework for authentication and key exchange but does
not define them. It is designed to be key exchange independant; that is, it is
designed to support many different key exchanges.
– Oakley describes a series of key exchanges, known as modes, and details the
services provided by each (e.g. perfect forward secrecy for keys, identity
protection, and authentication).
– SKEME describes a versatile key exchange technique which provides
anonymity, repudiability, and quick key refreshment.
• Perfect Forward Secrecy is supported. PFS guarantees that session keys are
generated independently from previous session keys. With PFS enabled, would-be
attackers are unable to use old session keys that have been compromised to
compromise the integrity and confidentiality of current and future session keys.
• IKEv2 does not interoperate with IKEv1, but it has enough of the header format in
common that both versions can unambiguously run over the same UDP port.
75

• IKE enhances IPSec by providing additional features and flexibility. It makes IPSec
easier to configure.
• IKE, defined in RFC 2409, is a hybrid protocol which implements the Oakley key
exchange and SKeme key exchange inside the Internet Security Association and Key
Management Protocol (ISAKMP) framework.
• ISAKMP is defined in RFC 2408. ISAKMP, Oakley, and SKeme are security protocols
implemented by IKE.
• IKE provides authentication of the IPSec peers, negotiates IPSec keys, and negotiates
IPSec security associations.
76

• IKE provides the following benefits:

– Eliminates the need to manually specify all the IPSec security parameters in the
crypto maps at both peers
– Allows administrators to specify a lifetime for the IPSec security association
– Allows encryption keys to change during IPSec sessions
– Allows IPSec to provide anti-replay services
– Permits CA support for a manageable, scalable IPSec implementation
– Allows dynamic authentication of peers
77

• The establishment and maintenance of both ISAKMP/IKE SAs and

IPSec SAs is a major function of the IKE protocol.
• IKE operates in 2 separate phases when establishing IPSec VPNs.
• IKE Phase 1, in main or aggressive mode, is responsible for
– Authenticating the IPSec peers
– Negotiating an IKE security association among the peers
– Initiating a secure tunnel for IPSec using the Internet Security
Association and Key Management Protocol (ISAKMP)
• IKE Phase 2, in quick mode, is responsible for
– Negotiating the set of security parameters for the tunnel
– Creating the IPSec tunnel
78

Five steps of IPSec
• The goal of IPSec is to protect the desired data with the necessary
security and algorithms .
• The operation of IPSec can be broken down into 5 primary steps.
79

IKE and IPSec
• IPSec, in Cisco IOS software, processes packets as shown in this figure. The process
assumes that public and private keys have already been created and that at least one
access list exists.
• Step 1 – Access lists are used by Cisco IOS software to select interesting traffic to be
encrypted.
• Step 2 – If the SA has not been established, Cisco IOS software checks to see if an
ISAKMP SA has been configured and set up. If the ISAKMP SA has been set up, the
ISAKMP SA governs negotiation of the IPSec SA as specified in the ISAKMP policy. The
packet is then encrypted by IPSec and is transmitted.
80

IKE and IPSec
• Step 3 – If the ISAKMP SA has not been set up, Cisco IOS software checks to see if
certification authority has been configured to establish an ISAKMP policy.
• Step 4 – The router then encrypts and transmits the packet.
81

Cisco VPN solutions
• IPsec VPN capabilities are included in many models of Cisco routers, as well
as in the PIX Security Appliance. The following products also have IPSec
capabilities.
• VPN 3000 Series Concentrators
The Cisco VPN 3000 Series offers best-in-class remote-access VPN devices
that provide businesses with flexible, reliable, and high-performance remote-
access solutions. The Cisco VPN 3000 Series offers solutions for diverse
remote-access deployments by offering both IPSec and SSL-based VPN
connectivity on a single platform.
82

Cisco VPN solutions
• VPN Software Client

The Cisco VPN Client allows organizations to establish end-to-end, encrypted
VPN tunnels for secure connectivity for mobile employees or teleworkers. This
IPSec client is compatible with all Cisco VPN products.
• The Cisco VPN Client is compatible with the following Cisco products:
– Cisco VPN 3000 Series Concentrators
– Cisco VPN 3000 Series Concentrator Software version 3.0 and higher
– Cisco IOS Software releases 12.2(8)T and higher
– Cisco PIX Firewall Software version 6.0 and higher
83

Cisco VPN solutions
• VPN 3002 Hardware Client

The Cisco VPN 3002 Hardware Client combines the ease-of-use and
high-scalability features of a software VPN client while providing the
reliability and stability of a hardware platform. The Cisco VPN 3002
Hardware Client is designed for organizations with many remote office
environments because it easily scales to tens of thousands of devices.
The Cisco VPN 3002 Hardware Client is a full-featured VPN client in a
hardware platform that supports 56-bit DES, 168-bit Triple DES, or up
to 256-bit AES encryption.
84

Cisco VPN solutions
• IPSec VPN Services Module

The Cisco IPSec VPN Services Module is a high-speed module for the Cisco
Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Router that
provides infrastructure-integrated IPSec VPN services to meet the need for
ubiquitous connectivity and increased bandwidth requirements.
85

Summary
• This module covered the VPN protocols available in Cisco

devices. Upon completion of this module, the student
should be to identify the protocols used to ensure
authenticity, data integrity, and confidentiality with a VPN
connection.
• The student was also introduced to the protocols that make
up the IPSec framework. This module also included a
discussion of digital certificates and how they can be used
to implement VPNs.
86

Module 3b

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Module 3b

Enviado por

Direitos autorais:

Formatos disponíveis

Module 3b-

Encryption and VPN Technology

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

• The primary reason for deploying a VPN is cost savings.

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

• VPNs provide 3 critical functions:

PDF created with pdfFactory trial version www.pdffactory.com

• VPNs offer many advantages over traditional, leased-line

PDF created with pdfFactory trial version www.pdffactory.com

• Virtual Private Networking enables the benefits of a private network

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

• A variety of technologies exist to enable tunneling of protocols through

PDF created with pdfFactory trial version www.pdffactory.com

• The Cisco Generic Routing Encapsulation (GRE) multiprotocol carrier

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

• Options for business-to-business and business to customer

PDF created with pdfFactory trial version www.pdffactory.com

• There are 2 types of remote access VPNs:

PDF created with pdfFactory trial version www.pdffactory.com

• Remote access is targeted to mobile users and home telecommuters.

PDF created with pdfFactory trial version www.pdffactory.com

• Site-to-site VPNs can be used to connect corporate sites. In the past, a

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

ATM and Frame Relay

• With implementation of encryption on one layer, this layer and all

PDF created with pdfFactory trial version www.pdffactory.com

• WebVPN lets users establish a secure, remote-access VPN tunnel to a head-

PDF created with pdfFactory trial version www.pdffactory.com

• WebVPN features include the following :

PDF created with pdfFactory trial version www.pdffactory.com

• WebVPN and IPSec comparison

PDF created with pdfFactory trial version www.pdffactory.com

• Tunnel interfaces provide a point-to-point connection between two

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

• IPSec is a framework of security protocols and algorithms used to

PDF created with pdfFactory trial version www.pdffactory.com

• IPSec security provides 4 major functions:

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

1. Initiator (James) and Responder (Charlie) generate an RSA public and

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com

PDF created with pdfFactory trial version www.pdffactory.com