Cisco ipsec vpn tutorial pdf

The access-list command designates a numbered extended access list; the ip access-list extended command designates a named access list. Next the crypto access lists need to be associated to particular interfaces when you configure and apply crypto map sets to the interfaces.

If you are specifying SEAL encryption, note the following restrictions:. Your router and the other peer must not have a hardware IPsec encryption. Your router and the other peer must support IPsec. Your router and the other peer must support the k9 subsystem. SEAL encryption is available only on Cisco equipment. Therefore, interoperability is not possible.

There are complex rules defining the entries that you can use for transform arguments. The mode setting is applicable only to traffic whose source and destination addresses are the IPsec peer addresses; it is ignored for all other traffic.

All other traffic is in tunnel mode only. Optional Clears existing IPsec security associations so that any changes to a transform set takes effect on subsequently established security associations.

Using the clear crypto sa command without parameters clears out the full SA database, which clears out active security sessions. You may also specify the peer , map , or entry keywords to clear out only a subset of the SA database. After you have defined a transform set, you should create a crypto map as specified in the Creating Crypto Map Sets section.

Specifies the name of the proposal and enters crypto IKEv2 proposal configuration mode. AES is the recommended encryption algorithm. SHA-1 is the recommended replacement. The following examples show how to configure a proposal:. The proposal of the initiator is as follows:. The proposal of the responder is as follows:. This means that you can specify lists such as lists of acceptable transforms within the crypto map entry. To create IPv6 crypto map entries, you must use the ipv6 keyword with the crypto map command.

For IPv4 crypto maps, use the crypto map command without the ipv6 keyword. For IPv4 crypto maps, use the command without the ipv6 keyword. This access list determines the traffic that should be protected by IPsec and the traffic that should not be protected by IPsec security in the context of this crypto map entry.

Specifies a remote IPsec peer—the peer to which IPsec protected traffic can be forwarded. Enables generating dummy packets. These dummy packets are generated for all flows created in the crypto map. By default, the SAs of the crypto map are negotiated according to the global lifetimes, which can be disabled. Optional Specifies that separate SAs should be established for each source and destination host pair. Use this command with care because multiple streams between given subnets can rapidly consume resources.

Group 1 specifies the bit Diffie-Hellman DH identifier default. By default, PFS is not requested. If no group is specified with this command, group 1 is used as the default. Certain configuration changes take effect only when negotiating subsequent SAs. If you want the new settings to take immediate effect, you must clear the existing SAs so that they are reestablished with the changed configuration. If the router is actively processing IPsec traffic, clear only the portion of the SA database that would be affected by the configuration changes that is, clear only the SAs established by a given crypto map set.

Clearing the full SA database should be reserved for large-scale changes, or when the router is processing very little other IPsec traffic.

To clear IPsec SAs, use the clear crypto sa command with appropriate parameters. Omitting all parameters clears out the full SA database, which clears active security sessions.

After you have successfully created a static crypto map, you must apply the crypto map set to each interface through which IPsec traffic flows. Dynamic crypto map entries specify crypto access lists that limit traffic for which IPsec SAs can be established.

A dynamic crypto map entry that does not specify an access list is ignored during traffic filtering. A dynamic crypto map entry with an empty access list causes traffic to be dropped. If there is only one dynamic crypto map entry in the crypto map set, it must specify the acceptable transform sets.

List multiple transform sets in the order of priority highest priority first. This is the only configuration statement required in dynamic crypto map entries.

This access list determines which traffic should be protected by IPsec and which traffic should not be protected by IPsec security in the context of this crypto map entry. Although access lists are optional for dynamic crypto maps, they are highly recommended. If an access list is configured, the data flow identity proposed by the IPsec peer must fall within a permit statement for this crypto access list.

If an access list is not configured, the device accepts any data flow identity proposed by the IPsec peer. However, if an access list is configured but the specified access list does not exist or is empty, the device drops all packets.

This is similar to static crypto maps, which require access lists to be specified. Care must be taken if the any keyword is used in the access list, because the access list is used for packet filtering as well as for negotiation.

You must configure a match address; otherwise, the behavior is not secure, and you cannot enable TED because packets are sent in the clear unencrypted. This is rarely configured in dynamic crypto map entries. Dynamic crypto map entries are often used for unknown remote peers. Optional Overrides for a particular crypto map entry the global lifetime value, which is used when negotiating IP Security SAs. To minimize the possibility of packet loss when rekeying in high bandwidth environments, you can disable the rekey request triggered by a volume lifetime expiry.

If no group is specified with this command, group1 is used as the default. You should set the crypto map entries referencing dynamic maps to the lowest priority entries in a crypto map set.

You must enter the discover keyword to enable TED. Clearing the entire SA database must be reserved for large-scale changes, or when the router is processing minimal IPsec traffic. Omitting all parameters clears the full SA database, which clears active security sessions. After you have successfully created a crypto map set, you must apply the crypto map set to each interface through which IPsec traffic flows.

To create IPv6 crypto maps entries, you must use the ipv6 keyword with the crypto map command. Specifies the crypto map entry to be created or modified and enters crypto map configuration mode.

Names an IPsec access list that determines which traffic should be protected by IPsec and which traffic should not be protected by IPsec in the context of this crypto map entry. The access list can specify only one permit entry when IKE is not used. Specifies the remote IPsec peer. This is the peer to which IPsec protected traffic should be forwarded.

Sets the AH security parameter indexes SPIs and keys to apply to inbound and outbound protected traffic if the specified transform set includes the AH protocol.

Specifies the cipher keys if the transform set includes an ESP cipher algorithm. Specifies the authenticator keys if the transform set includes an ESP authenticator algorithm.

This manually specifies the ESP security association to be used with protected traffic. For manually established SAs, you must clear and reinitialize the SAs for the changes to take effect. Omitting all parameters clears the entire SA database, which clears active security sessions. You must apply a crypto map set to each interface through which IPsec traffic flows. Optional Permits redundant interfaces to share the same crypto map using the same local identity.

This example shows how a static crypto map is configured and how an AES is defined as the encryption method:. Next Generation Encryption. Security Architecture for the Internet Protocol. IP Authentication Header. The Cisco Support and Documentation website provides online resources to download documentation, software, and tools.

Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train.

Unless noted otherwise, subsequent releases of that software release train also support that feature. The following commands were modified by this feature: crypto ipsec transform-set , encryption IKE policy , show crypto ipsec transform-set , show crypto isakmp policy.

The following command was modified by this feature: crypto ipsec transform-set. IPsec provides this optional service by use of a sequence number combined with the use of data authentication. Data authentication can refer either to integrity alone or to both of these concepts although data origin authentication is dependent upon data integrity.

IPsec protection is applied to data flows. IKE establishes a shared security policy and authenticates keys for services such as IPSec that require keys. This can be done by manually entering preshared keys into both hosts or by a CA service. IPsec —IP Security. A framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers. IPSec provides these security services at the IP layer. IPSec uses IKE to handle the negotiation of protocols and algorithms based on local policy and to generate the encryption and authentication keys to be used by IPSec.

IPSec can protect one or more data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

PFS —perfect forward secrecy. Cryptographic characteristic associated with a derived shared secret value. With PFS, if one key is compromised, previous and subsequent keys are not compromised, because subsequent keys are not derived from previous keys.

SA —security association. Description of how two or more entities use security services in the context of a particular security protocol AH or ESP to communicate securely on behalf of a particular data flow. The transform and the shared secret keys are used for protecting the traffic.

SPI —security parameter index. A number which, together with a destination IP address and security protocol, uniquely identifies a particular security association. It does not refer to using IPsec in tunnel mode. Skip to content Skip to search Skip to footer.

Book Contents Book Contents. Find Matches in This Book. PDF - Complete Book 2. Updated: September 2, Note Security threats, as well as the cryptographic technologies to help protect against them, are constantly changing. Physical Interface and Crypto Map A crypto map on a physical interface is not supported, if the physical interface is the source interface of a tunnel protection interface. Crypto maps are not supported on tunnel interface of MFR. IPsec provides these security services at the IP layer; IPsec uses IKE to handle negotiation of protocols and algorithms based on the local policy, and generate the encryption and authentication keys to be used by IPsec.

IPsec can be used to protect one or more data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. Note The term IPsec is sometimes used to describe the entire protocol of IPsec data services and IKE security protocols, and is also sometimes used to describe only the data services.

Note Cisco IOS images with strong encryption including, but not limited to bit data encryption feature sets are subject to United States government export controls, and have a limited distribution.

An IKEv2 proposal is regarded as complete only when it has at least an encryption algorithm, an integrity algorithm, and a Diffie-Hellman DH group configured. If no proposal is configured and attached to an IKEv2 policy, then the default proposal is used in the negotiation. The default proposal is a collection of commonly used algorithms which are as follows: encryption aes-cbc 3des integrity sha1 md5 group 5 2 Although the crypto ikev2 proposal command is similar to the crypto isakmp policy priority command, the IKEv2 proposal differs as follows: An IKEv2 proposal allows configuration of one or more transforms for each transform type.

The table below shows allowed transform combinations. Table 1. Enter your password if prompted. Step 2 configure terminal Example: Device configure terminal Enters global configuration mode. Enable or disable crypto for traffic that matches these conditions. Step 4 Repeat Step 3 for each crypto access list you want to create. Step 3 crypto ipsec transform-set transform-set-name transform1 [ transform2 [ transform3 ]] Example: Device config crypto ipsec transform-set aesset esp-aes esp-sha-hmac Defines a transform set and enters crypto transform configuration mode.

Step 4 mode [ tunnel transport ] Example: Device cfg-crypto-tran mode transport Optional Changes the mode associated with the transform set. Manually established SAs are reestablished immediately. Step 7 show crypto ipsec transform-set [ tag transform-set-name ] Example: Device show crypto ipsec transform-set Optional Displays the configured transform sets.

Step 3 crypto ikev2 proposal proposal-name Example: Device config crypto ikev2 proposal proposal-1 Specifies the name of the proposal and enters crypto IKEv2 proposal configuration mode. The proposals are referred in IKEv2 policies through the proposal name. Step 4 encryption transform1 [ transform2 ] Step 5 integrity transform1 [ transform2 ] Example: Device config-ikev2-proposal integrity sha1 Optional Specifies one or more transforms of the following integrity type: The sha keyword specifies SHA-2 family bit HMAC variant as the hash algorithm.

Step 6 group transform1 [ transform2 ] Example: Device config-ikev2-proposal group 14 Optional Specifies one or more transforms of the possible DH group type: 1 —bit DH No longer recommended. Step 3 crypto map [ ipv6 ] map-name seq-num [ ipsec-isakmp ] Example: Device config crypto map static-map 1 ipsec-isakmp Creates or modifies a crypto map entry, and enters crypto map configuration mode. Step 4 match address access-list-id Example: Device config-crypto-m match address vpn-tunnel Names an extended access list.

Repeat for multiple remote peers. Step 7 set transform-set transform-set-name1 [ transform-set-name Step 9 set security-association level per-host Example: Device config-crypto-m set security-association level per-host Optional Specifies that separate SAs should be established for each source and destination host pair. Caution Use this command with care because multiple streams between given subnets can rapidly consume resources. Step 10 set pfs [ group1 group14 group15 group16 group19 group2 group20 group24 group5 ] Example: Device config-crypto-m set pfs group14 Optional Specifies that IPsec either should ask for password forward secrecy PFS when requesting new SAs for this crypto map entry or should demand PFS in requests received from the IPsec peer.

Group 2 specifies the bit DH identifier. Group 5 specifies the bit DH identifier. No longer recommended Group 14 specifies the bit DH identifier. Group 15 specifies the bit DH identifier. Group 16 specifies the bit DH identifier. Group 20 specifies the bit ECDH identifier. Step 12 show crypto map [ interface interface tag map-name ] Example: Device show crypto map Displays your crypto map configuration.

What to Do Next After you have successfully created a static crypto map, you must apply the crypto map set to each interface through which IPsec traffic flows.

Note IPv6 addresses are not supported on dynamic crypto maps. Step 3 crypto dynamic-map dynamic-map-name dynamic-seq-num Example: Device config crypto dynamic-map test-map 1 Creates a dynamic crypto map entry and enters crypto map configuration mode.

Step 4 set transform-set transform-set-name1 [ transform-set-name IPsec is based on state-of-the-art cryptographic technology that makes secure data authentication and privacy on large networks a reality. The IPsec protocol suite has a foundation of powerful encryption technologies.

The suite adds security services to the IP layer in a way that is compatible with both the existing IPv4 standard and the emerging IPv6 standard. IPsec supports two encryption modes: Transport mode and Tunnel mode. Transport mode encrypts only the data portion payload of each packet and leaves the packet header untouched. Transport mode is applicable to either gateway or host implementations, and provides protection for upper layer protocols as well as selected IP header fields.

Tunnel mode is more secure than Transport mode because it encrypts both the payload and the header. IPsec in Tunnel mode is normally used when the ultimate destination of a packet is different than the security termination point.

This mode is also used in cases when the security is provided by a device that did not originate packets, as in the case of VPNs. Tunnel mode is often used in networks with unregistered IP addresses. The unregistered address can be tunneled from one gateway encryption device to another by hiding the unregistered addresses in the tunneled packet. Figure shows a typical network using IPsec in Tunnel mode:.

The inner header is constructed by the host; the outer header is added by the device that is providing security services. IKE can use digital certificates for device authentication.

The Encapsulating Security Payload and the Authentication Header use cryptographic techniques to ensure data confidentiality and digital signatures that authenticate the data's source. The IP packet is the fundamental unit of communications in IP networks. IPsec handles encryption at the packet level, and the protocol it uses is the ESP.

ESP supports any type of symmetric encryption. IPsec is a framework of open standards developed by the Internet Engineering Task Force IETF that provides security for transmission of sensitive information over unprotected networks such as the Internet. It acts at the network level and implements the following standards:.

Essentially, if the IPsec suite is used where IP is normally used in the network layer , communications are secured for all applications and for all users more transparently than would be the case if any other approach was employed. The sending and receiving devices must be IPsec compliant, but the rest of the network between the sender and recipient does not have to be IPsec compliant.

The primary strength of the IPsec approach is that security works at a low network level. As a result, IP is transparent to the average user, and IPsec-based security services also function behind the scenes to ensure that all network communications are secure. IPsec meets a broad range of security needs and allows different networks around the world to interconnect and to communicate securely.

In addition, IPsec offers almost infinite scalability with transparent and reliable service, no matter how demanding a company's security needs. The first two parts are not encrypted, but they are authenticated. Those parts are as follows:. Those protocols include the particular algorithms and keys, and how long those keys are valid.

The sequence number indicates which packet is which, and how many packets have been sent with the same group of parameters.

The sequence number also protects against replay attacks. Replay attacks involve an attacker who copies a packet and sends it out of sequence to confuse communicating devices. The remaining four parts of the ESP are all encrypted during transmission across the network.

The padding also ensures that the text of a message terminates on a four-byte boundary an architectural requirement within IP. Because the packet has a standard IP header, the network can route it with standard IP devices.

As a result, IPsec is backwards-compatible with IP routers and other equipment even if that equipment isn't designed to use IPsec. ESP can support any number of encryption protocols. It's up to the user to decide which ones to use. Different protocols can be used for every person a user communicates with. ESP's encryption capability is designed for symmetric encryption algorithms. IPsec employs asymmetric algorithms for such specialized purposes as negotiating keys for symmetric encryption.

Then, it adds a new IP header containing the address of a gateway device to the packet. Tunneling allows a user to send illegal IP addresses through a public network like the Internet that otherwise would not accept them.

Tunneling with ESP offers the advantage of hiding original source and destination addresses from users on the public network. Hiding these addresses reduces the power of traffic analysis attacks. A traffic analysis attack employs network monitoring techniques to determine how much data and what type of data is being communicated between two users.

The ESP Authentication field varies in length depending on the authentication algorithm used. This field can be omitted entirely if authentication is not needed for the ESP. Authentication is calculated on the ESP packet once encryption is complete. The Integrity Check Value supports symmetric type authentication. The sending device encrypts a hash of the data payload and attaches it as the authentication field.

The receiving device confirms that nothing has been tampered with and that the payload did come from the correct source device. The AH does not protect all of the fields in the external IP header because some change in transit, and the sender cannot predict how they might change.

The AH protects everything that does not change in transit. The encryption services provided by the AH and ESP are powerful tools for keeping data secret, for verifying its origin, and for protecting it from undetected tampering. But these tools will not work unless there is a carefully designed infrastructure to work with them. VPN security succeeds or fails depending on the reliability and scalability of this infrastructure. Secure communication with authentication and encryption requires negotiation, an exchange of keys, and a capability to keep track of the keys.

The way that IPsec keeps track of the details, as well as which keys and algorithms to use, is by bundling everything together in a Security Association SA. An association is a one-way relationship between a sender and a receiver that affords security services to the traffic carried on it.

The SA groups together all the elements needed for two parties to communicate securely. If a peer relationship is needed for two-way secure exchange, two security associations are required. A security association is uniquely identified by three parameters:. Currently, only unicast addresses are allowed; this is the address of the destination endpoint of the SA, which may be an end-user system or a network system, such as a firewall or router. An IPsec implementation includes a security association database that defines the parameters associated with each SA.

A security association is defined by the following parameters:. A flag indicating whether overflow of the sequence number counter should generate an auditable event and prevent further transmission of packets on this SA. Used to determine whether an inbound AH or ESP packet is a replay, by defining a sliding window within which the sequence number must fall. Authentication algorithm, keys, key lifetimes, and related parameters being used with AH.

Encryption and authentication algorithm, keys, initialization values, key lifetimes, and related parameters being used with ESP. A time interval or byte count after which an SA must be replaced with a new SA and new SPI or terminated, plus an indication of which of these actions should occur. Tunnel, transport, or wildcard required for all implementations ; these modes are discussed later in this chapter XREF.

Any observed path maximum transmission unit maxi-mum size of a packet that can be transmitted without fragmentation and aging variables required for all implementations. The key management mechanism that is used to distribute keys is coupled to the authentication and privacy mechanisms only by way of the security parameters index. Hence, authentication and privacy have been specified independent of any specific key management mechanism.

The SA is the secure channel through the public network. The SA also lets the system construct classes of security channels. If more secure safeguards are needed, more care can be taken, and the rules of the SA can be changed to specify stronger measures.

IKE enables an agreement to be negotiated on which protocols, algorithms, and keys should be used. It ensures secure authentication services from the beginning of the exchange. It manages keys securely after they have been agreed upon, and it exchanges those keys safely. Key exchange is closely related to security association management.

When a security association is created, keys must be exchanged. IKE wraps them together, and delivers them as an integrated package. IPsec specifies that compliant systems support manual keying as well.

As a result, manual key exchange is possible in certain situations. However, for most large enterprises, manual key exchange is impractical. Thus, IKE is expected to continue to negotiate SAs and exchange keys automatically through public networks.

IKE functions in two phases:. IKE provides three modes for the exchange of keying information and setting up IKE security associations: Main mode , Aggressive mode , and Quick mode. Main mode provides a way to establish the first phase of an IKE SA, which is then used to negotiate future communications.

The first step, securing an IKE SA, occurs in three two-way exchanges between the sender and the receiver. In the first exchange, the sender and receiver agree on basic algorithms and hashes. In the second exchange, public keys are sent for a Diffie-Hellman exchange. Nonces random numbers each party must sign and return to prove their identities are then exchanged.

In the third exchange, identities are verified, and each party is assured that the exchange has been completed. Aggressive mode provides the same services as main mode.

It establishes the phase one SA, and operates in much the same manner as main mode except that it is completed in two exchanges instead of three. In aggressive mode, the sender generates a Diffie-Hellman pair at the beginning of the exchange, doing as much as is reasonable with the first packet proposing an SA, passing the Diffie-Hellman public value, sending a nonce to the other party to sign, and so on.

The recipient then sends back a consolidation of all three response steps that occur in main mode. The result is that aggressive mode accomplishes as much as main mode, with one exception. Aggressive mode does not provide identity protection for communicating parties. In other words, in aggressive mode, the sender and recipient exchange identification information before they establish a secure channel where the information is encrypted.

As a result, a hacker monitoring an aggressive mode exchange can determine who has just formed a new SA. Aggressive mode's value, though, is speed. After two parties have established a secure channel using either aggressive mode or main mode, they can use Quick mode.

Quick mode has two purposes—to negotiate general IPsec security services and to generate newly keyed material. Quick mode is much simpler than both main and aggressive modes. Quick mode packets are always encrypted under the secure channel or an IKE SA established in phase 1 and start with a hash payload that is used to authenticate the rest of the packet. Quick mode determines which parts of the packet are included in the hash.

The sender and recipient can then exchange nonces through the secure channel, and use them to hash the existing keys. Basic quick mode is a three-packet exchange. A user can reduce the risk of hackers deciphering a message through the use of larger and larger keys.

But, the larger the key, the slower encryption is accomplished, and network performance also decreases. Use of fairly large keys and frequent changes of them is a good compromise.

However, the challenge is coming up with ways to generate these new keys. A method to generate a new key that does not depend on the current key is needed. Then, if a hacker knows the current key, he or she will know only a small amount of information. The hacker would have to find out an entirely unrelated key to get to the next part. This concept is called perfect forward secrecy.

Each user sends a public key value to the other. Each then combines the public key they receive with the private key they just generated using the Diffie-Hellman combination algorithm. The resulting value is the same on both sides.