8/30/16

APNIC eLearning:

IPSec VPN Design

31 AUGUST 2016
11:00 AM AEST Brisbane (UTC+10)

Issue Date: 07 July 2015

Revision:

2.0

Introduction
Presenter/s

Jessica Bei Wei

Training Officer
[email protected]
Specialties:
Routing & Switching
MPLS IPv6
QoS

Reminder: please take time to fill-up the survey

8/30/16

Overview
Virtual Private Networks
What is IPsec?
Benefits of IPsec
IPsec Architecture and Components
Setting up an IPsec VPN tunnel
Tunnel and Transport Mode

Virtual Private Network

Creates a secure tunnel over a public network
Client to firewall
Router to router
Firewall to firewall

Uses the Internet as the public backbone to access a

secure private network
Remote employees can access their office network

VPN Protocols

PPTP (Point-to-Point tunneling Protocol)

L2F (Layer 2 Forwarding Protocol)
L2TP (Layer 2 Tunneling Protocol)
IPSec (Internet Protocol Security)

8/30/16

IPsec
Provides Layer 3 security (RFC 2401)
Transparent to applications (no need for integrated IPSec support)

A set of protocols and algorithms used to secure IP data at

the network layer
Combines different components:

Security associations (SA)

Authentication headers (AH)
Encapsulating security payload (ESP)
Internet Key Exchange (IKE)

A security context for the VPN tunnel is established via the

ISAKMP
5

IPsec Standards
RFC 4301 The IP Security Architecture
Defines the original IPsec architecture and elements common to both AH
and ESP

RFC 4302

Defines authentication headers (AH)

RFC 4303

Defines the Encapsulating Security Payload (ESP)

RFC 2408
ISAKMP

RFC 5996

IKE v2 (Sept 2010)

RFC 4835

Cryptographic algorithm implementation for ESP and AH

8/30/16

Benefits of IPsec
Confidentiality
By encrypting data

Integrity
Routers at each end of a tunnel calculates the checksum or hash
value of the data

Authentication
Signatures and certificates
All these while still maintaining the ability to route through existing IP
networks
IPsec is designed to provide interoperable, high quality, cryptographicallybased security for IPv4 and IPv6 - (RFC 2401)

Benefits of IPsec
Data integrity and source authentication
Data signed by sender and signature is verified by the recipient
Modification of data can be detected by signature verification
Because signature is based on a shared secret, it gives source
authentication

Anti-replay protection
Optional; the sender must provide it but the recipient may ignore

Key management

IKE session negotiation and establishment

Sessions are rekeyed or deleted automatically
Secret keys are securely established and authenticated
Remote peer is authenticated through varying options
8

8/30/16

Different Layers of Encryption

Application Layer SSL, PGP, SSH, HTTPS

Destination

Source
Network Layer - IPsec

Link Layer Encryption

IPsec Architecture
AH

Security
Protocols

Authentication Header

IPsec Security Policy

ESP
Encapsulating Security
Payload
IKE

The Internet Key Exchange

Establishes the tunnel

Key management

10

8/30/16

Security Associations (SA)

A collection of parameters required to establish a secure
session
An SA is either uni or bidirectional
IKE SAs are bidirectional
IPsec SAs are unidirectional
A single SA can be used for AH or ESP, but not both
must create two (or more) SAs for each direction if using both AH and ESP

11

ISAKMP
Internet Security Association and Key Management
Protocol
Used for establishing Security Associations (SA) and
cryptographic keys
Only provides the framework for authentication and key
exchange, but key exchange independent
Key exchange protocols
Internet Key Exchange (IKE)
Kerberized Internet Negotiation of Keys (KINK)

12

8/30/16

Authentication Header (AH)

Provides source authentication and data integrity
Protection against source spoofing and replay attacks

Authentication is applied to the entire packet, with the

mutable fields in the IP header zeroed out
If both AH and ESP are applied to a packet, AH follows ESP
Operates on top of IP using protocol 51
In IPv4, AH protects the payload and all header fields
except mutable fields and IP options (such as IPSec option)

13

Encapsulating Security Payload (ESP)

Uses IP protocol 50
Provides all that is offered by AH, plus data confidentiality
uses symmetric key encryption

Must encrypt and/or authenticate in each packet

Encryption occurs before authentication

Authentication is applied to data in the IPsec header as well

as the data contained as payload

14

8/30/16

Overview of IPSec
1

IPsec Peer

IPsec Peer
2

Traffic which needs

to be protected

IKE Phase 1

Secure communication channel

IKE Phase 2
3
IPsec Tunnel
Secured traffic exchange
4

15

Internet Key Exchange (IKE)

An IPsec component used for performing mutual
authentication and establishing and maintaining Security
Associations. (RFC 5996)
Typically used for establishing IPsec sessions
A key exchange mechanism
Five variations of an IKE negotiation:
Two modes (aggressive and main modes)
Three authentication methods (pre-shared, public key encryption,
and public key signature)

Uses UDP port 500

16

8/30/16

IKE Modes
Mode

Description

Main mode

Three exchanges of information between IPsec peers.

Initiator sends one or more proposals to the other peer
(responder)
Responder selects a proposal

Aggressive Mode

Achieves same result as main mode using only 3 packets

First packet sent by initiator containing all info to establish
SA
Second packet by responder with all security parameters
selected
Third packet finalizes authentication of the ISAKMP
session

Quick Mode

Negotiates the parameters for the IPsec session.

Entire negotiation occurs within the protection of ISAKMP
session

17

Internet Key Exchange (IKE)

Phase I
Establish a secure channel (ISAKMP SA)
Using either main mode or aggressive mode
Authenticate computer identity using certificates or pre-shared secret

Phase II
Establishes a secure channel between computers intended for the
transmission of data (IPsec SA)
Using quick mode

18

8/30/16

IKE Phase 1 (Main Mode)

Main mode negotiates an ISAKMP SA which will be used to
create IPsec SAs
Three steps
SA negotiation (encryption algorithm, hash algorithm, authentication
method, which DH group to use)
Diffie-Hellman exchange
Provide authentication information
Authenticate the peer

19

IKE Phase 1 (Main Mode)

3

Compute DH shared secret

and derive keying material

Initiator

Responder
Internet

Negotiate
IKE Policy

Authenticated
DH Exchange

Protect IKE
Peer Identity

IKE Message 1 (SA proposal)

IKE Message 2 (accepted SA)

IKE Message 3 (DH public value, nonce)

IKE Message 4 (DH public value, nonce)

IKE Message 5 (Authentication material, ID)

IKE Message 6 (Authentication material, ID)

(Encrypted)

20

10

8/30/16

IKE Phase 1 (Aggressive Mode)

Uses 3 (vs 6) messages to establish IKE SA
No denial of service protection
Does not have identity protection
Optional exchange and not widely implemented

21

IKE Phase 2 (Quick Mode)

In phase 2, all traffic is encrypted using the ISAKMP
Security Association
Each quick mode negotiation results in two IPsec Security
Associations (one inbound, one outbound)
Creates/refreshes keys

22

11

8/30/16

IKE Phase 2 (Quick Mode)

7
Initiator

Compute keying material

Validate
message 1

Responder

Validate
message 2

Internet
6
Validate
message 3

Message 1 (authentication/keying material and SA proposal)

Message 2 (authentication/keying material and accepted SA)

Message 3 (hash for proof of integrity/authentication)

23

IPsec Modes
Tunnel Mode
Entire IP packet is encrypted and becomes the data component of a
new (and larger) IP packet.
Frequently used in an IPsec site-to-site VPN

Transport Mode
IPsec header is inserted into the IP packet
No new packet is created
Works well in networks where increasing a packets size could cause
an issue
Frequently used for remote-access VPNs

24

12

8/30/16

Tunnel vs. Transport Mode IPsec

IP
TCP
Header Header

Without IPsec

Payload

IP
TCP
IP
IPsec
Header Header Header

Transport Mode
IPsec

Payload

IP
TCP
New IP IPsec
Header Header Header Header

Payload
Tunnel Mode
IPsec

25

Packet Format Alteration for AH

Transport Mode
Authentication Header

Without AH

With AH

Original
IP Header

TCP/UDP

Original
IP Header

AH
Header

Data

TCP/UDP

Data

Authenticated except for

mutable fields in IP header
(ToS, TTL, Header Checksum, Offset, Flags)

26

13

8/30/16

Packet Format Alteration for ESP

Transport Mode
Encapsulating Security Payload

Before applying
ESP:

Original
IP Header

TCP/UDP

After applying
ESP:

Original
IP Header

ESP
Header

Data

TCP/UDP

Data

ESP
Trailer

ESP
Authentication

Encrypted
Authenticated

27

Packet Format Alteration for AH

Tunnel Mode
Authentication Header

Before applying
AH:

Original
IP Header

TCP/UDP

After applying
AH:

New
IP Header

AH
Header

Data

Original
IP Header

Data

Authenticated except for

mutable fields in new IP header
(ToS, TTL, Header Checksum, Offset, Flags)

28

14

8/30/16

Packet Format Alteration for ESP

Tunnel Mode
Encapsulating Security Payload

Before applying
ESP:

Original
IP Header

TCP/UDP

After applying
ESP:

New
IP Header

ESP
Header

Data

Original
IP Header

TCP/UDP

Data

ESP
Trailer

ESP
Authentication

Encrypted
Authenticated

29

IPsec Best Practices

Use IPsec to provide integrity in addition to encryption.
Use ESP option

Use strong encryption algorithms

3DES and AES instead of DES

Use a good hashing algorithm

SHA instead of MD5

Reduce the lifetime of the Security Association (SA) by

enabling Perfect Forward Secrecy (PFS)
Increases processor burden so do this only if data is highly sensitive

30

15

8/30/16

Configuring IPsec
Step 1: Configure the IKE Phase 1 Policy (ISAKMP Policy)
crypto isakmp policy [priority]

Step 2: Set the ISAKMP Identity

crypto isakmp identity {ipaddress|hostname}

Step 3: Configure the IPsec transfer set

crypto ipsec transform-set transform-set-name
<transform1> <transform2> mode [tunnel|transport]
crypto ipsec security-association lifetime seconds
seconds

Configuring IPsec
Step 5: Creating map with name

Crypto map crypto-map-name seq-num ipsec-isakmp

Match address access-list-id
Set peer [ipaddress|hostname]
Set transform-set transform-set-name
Set security-association lifetime seconds seconds
Set pfs [group1|group2]

Step 6: Apply the IPsec Policy to an Interface

Crypto map crypto-map-name local-address interfaceid

16

8/30/16

IPsec Layout
Encrypted session

Public Network
R1

R2

Router Configuration
crypto isakmp policy 1
authentication pre-share

Phase 1 SA

encryption aes
hash sha

Encryption and
authentication

group 5
crypto isakmp key Training123 address 172.16.11.66
!

crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac

!
crypto map LAB-VPN 10 ipsec-isakmp
match address 101

Phase 2 SA

set transform-set ESP-AES-SHA

set peer 172.16.11.66

17

8/30/16

Router Configuration
int fa 0/1
crypto map LAB-VPN

Apply to an
outbound interface

Exit
!
access-list 101 permit ip 172.16.16.0
0.0.0.255 172.16.20.0 0.0.0.255
Define interesting
VPN traffic

IPsec Debug Commands

sh crypto ipsec sa
sh crypto isakmp peers
sh crypto isakmp sa
sh crypto map

18

8/30/16

Questions
Please remember to fill out the
feedback form
https://www.surveymonkey.com/r/a
pnic-20160831-eL1

Slides are available for download

from APNIC FTP.

37

APNIC Helpdesk Chat

19

8/30/16

Thank You!

END OF SESSION

39

20