1077_pg - Security Audit Systems

Download Report

Transcript 1077_pg - Security Audit Systems

Enterprise VPN
Configuration
and Design Clinic
Part 1 of 2
1077_05F9_c1
© 1999, Cisco Systems, Inc.
1
Agenda (Part 1 of 2 )
• VPN Overview
• Tunnels
• Cryptography Fundamentals
• IPSec and IKE
• IPSec Configuration Commands
1077_05F9_c1
© 1999, Cisco Systems, Inc.
2
Agenda (Part 2 of 2 )
• Firewalls
• QoS Review
• VPN Management
• VPDN
• VPN Design Considerations
1077_05F9_c1
© 1999, Cisco Systems, Inc.
3
VPN Overview
• A virtual private network is an
overlay network over a public
infrastructure
• Customer connectivity deployed
on a shared infrastructure
delivering the same policies
as a private network
1077_05F9_c1
© 1999, Cisco Systems, Inc.
4
VPN Business Drivers
Connecting to
Business Applications:
• Wherever
(for example, home)
98765433123690
43855022476554
87567848473583
006894
Lesso
n1
• Whoever
(such as, 3rd party)
• Whenever
(for example, quick)
• Whatever
(such as, applications)
At the Minimum Cost
1077_05F9_c1
© 1999, Cisco Systems, Inc.
5
Shared Infrastructure Issues
• Connectivity (VCs or tunnels)
• Security (secret and block)
• Quality of service (priority)
• Scalability/reliability
• Management (SLAs and policy)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
6
Build versus Buy
Private WAN
PRO • Secure
• Controlled
• Self destined
• Self managed
CON • Scaling challenge
• Local skill required
• Investment in
technology
1077_05F9_c1
© 1999, Cisco Systems, Inc.
Purchase a VPN
•
•
•
•
•
•
Globally available
Redundant
Less expensive
Greater connectivity
Simplified WAN
Renewed focus
• Third party
• Perceived less secure
• Lack of control
7
Comparing VPN Technologies
Leased
Lines
Business
Drivers
Cost
Security
QoS
Scalability
Known
Slow
High
Inherent to
SP Network
Dedicate
Bandwidth
Quite
Complex
Several
Tools
VC
Complexity
Several
Tools
Complex
but Good
Potential
L1 VPNs
Protect
Switches
FR/ATM
Inherent to
SP Network
L2 VPNs
IP/Internet
L3 VPNs
1077_05F9_c1
Known
Faster
Medium
New
Quick
Low
© 1999, Cisco Systems, Inc.
Protect
Switches
IPsec
Protect Routers
Turn Off Appns
8
VPN Buying Habits
Subscriber VPN Growth Plans
Grow
32%
Too Early to Tell
55%
4%
Shrink
9%
Stay the Same
Subscriber’s Reasons for Choosing a VPN
Multiple Responses Accepted
Prefer to Outsource
Scalability
IP-Based
Price/Performance
0%
5% 10% 15% 20% 25% 30% 35% 40% 45%
Source: Forrester Research 11/97
1077_05F9_c1
© 1999, Cisco Systems, Inc.
9
Enterprise Networks Today
ISP
Gateway
Remote Office
Firewall
Home Office
Internet
Security
Server
NAS Dialup Users
DMZ
Corporate Intranet
1077_05F9_c1
© 1999, Cisco Systems, Inc.
10
Enterprise Intranet VPN
Remote
Office
ISP
Gateway
Remote Office
Firewall
Security
Server
Remote
Office
ISP Network
DMZ
Corporate Intranet
Partial Meshing—Full Meshing
1077_05F9_c1
© 1999, Cisco Systems, Inc.
11
Internal VPN—Special Case
Enterprise Intranet VPN
ISP
Gateway
Remote Office
Firewall
Internet
Security
Server
DMZ
Remote Office
Corporate Intranet
1077_05F9_c1
© 1999, Cisco Systems, Inc.
12
Enterprise Extranet VPN
Supplier
ISP
Gateway
Remote Office
Firewall
Security
Server
Supplier
ISP Network
DMZ
Corporate Intranet
Primarily Hub and Spoke
1077_05F9_c1
© 1999, Cisco Systems, Inc.
13
Access VPN—VPDN
Home Office: Dial
ISDN, xDSL, Cable
ISP
Gateway
Remote Office
Firewall
Home Office
POP
ISP Network
Security
Server
DMZ
Corporate Intranet
Only Hub and Spoke
1077_05F9_c1
© 1999, Cisco Systems, Inc.
14
Virtual Private Networks
Cisco
IOS®
1077_05F9_c1
© 1999, Cisco Systems, Inc.
15
Agenda (Part 1 of 2 )
• VPN Overview
• Tunnels
• Cryptography Fundamentals
• IPSec and IKE
• IPSec Configuration Commands
1077_05F9_c1
© 1999, Cisco Systems, Inc.
16
Tunnel Interfaces
• Provide a point-to-point connection
between two routers via a virtual
software interface
• Appears as one direct link between
routers that are connected via a large
IP network (Internet)
• Not to be confused with IPSec tunnels
which can act as tunnels but not as
true Cisco IOS interfaces and only
carry IP unicast
1077_05F9_c1
© 1999, Cisco Systems, Inc.
17
Tunnel Interfaces for VPN
10.1.1.0
Registered
Address
10.1.10.0
Internet
10.2.1.0
Registered
Address
• Tunnel interfaces
Hide the underlying infrastructure
Reduce hop count
1077_05F9_c1
© 1999, Cisco Systems, Inc.
18
Tunnel Components
• Passenger protocol
AppleTalk, Banyan VINES, CLNS,
DECnet, IP or IPX
• Carrier protocol—encapsulation
GRE, DVMRP, Cayman, and so on
• Transport protocol
IP only
IP/UDP
GRE
Network Packet
Transport
Protocol
Carrier
Protocol
Passenger
Protocol
1077_05F9_c1
© 1999, Cisco Systems, Inc.
19
Tunnel Configuration
• Interface tunnel number
Creates tunnel interface
• Tunnel source {ip address|type number}
type number selects address of an interface
• Tunnel destination {ip address|hostname}
• Tunnel endpoints may be loopback interfaces
WARNING: must use registered addresses!
1077_05F9_c1
© 1999, Cisco Systems, Inc.
20
Tunnel Configuration (Cont.)
• Tunnel mode
[aurp | cayman | dvmrp | eon | gre | ipip | nos | tag]
• For VPN use
GRE—transport of non-IP protocols
and multicast IP packets—RFC1701/02
DVMRP—for IP multicast from workstations
• Tag would require complete Label-switched path
across SP network
1077_05F9_c1
© 1999, Cisco Systems, Inc.
21
Tunnel Configuration (Cont.)
• Further tunnel interface configuration
like other interfaces
Layer 3 addresses—“unnumbered” supported
but not allowed for IPSec
Access-lists
• QoS
CAR, WFQ, WRED are not supported on
tunnel interfaces for the moment
Precedence is copied over into GRE IP
header as of 11.3(5)T
1077_05F9_c1
© 1999, Cisco Systems, Inc.
22
Example
10.1.1.0
Rem-1
10.1.10.0
207.1.2.1
HGW
10.2.1.0
207.1.1.1
Internet
• Interface tunnel 100
Description VPN connection back to HGW
IP add 10.1.10.2 255.255.255.0
No IP directed broadcast
Tunnel source 207.1.2.1
Tunnel destination 207.1.1.1
Tunnel mode gre
1077_05F9_c1
© 1999, Cisco Systems, Inc.
23
TAG-VPN or Extended MPLS
• MPLS is based on Cisco’s
Tag Switching
Extended
MPLS Features
• Cisco has extended MPLS
functionality to enable:
MPLS
Secure, scalable VPN creation
End-to-end QoS
Traffic engineering (RRR)
• Cisco will offer MPLS-compliance
Mode but extended MPLS will be
needed for VPN
MPLS-Compliance
Mode
MPLS+ term will be used below
1077_05F9_c1
© 1999, Cisco Systems, Inc.
24
MPLS+ Architecture
Corp A
Site 3
Corp A
Site 2
Traffic Separation at
Layer 3 (One Forwarding
Table per-Attached VPN )
extMPLS
Network
Corp A
Site 1
Corp B
Site 1
Intranet
VPNID 4
Extranet
VPNID 12
Corp C
Site 1
Corp B
Site 2
VPNs Defined by IP Address
plus BGP Route Distinguisher
1077_05F9_c1
© 1999, Cisco Systems, Inc.
25
Building VPNs with MPLS+
• MPLS+ used to create VPN-IP addresses
At the edge, the VPNID maps to the
physical interface
• Labels (tags) applied at the edge (use LDP)
No impact on the customer’s addressing or routing
• Standard mechanisms in BGP are used
to securely distribute VPN routing
BGP is a reachability protocol (RRs and CAs)
No change to existing routing protocols
(for example, OSPF)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
26
Building VPNs with MPLS+
Private View
Cust A
10.1.1
VPN 15
Public View
Controlled Route
(15)10.1.1 Distribution (15)10.2.1
Cust A
10.2.1
VPN 15
(15)10.3.1
extMPLS
Network
(354)10.1.1
Private View
Cust A
10.3.1
VPN 15
(354)10.2.1
Forwarding Examples
Cust B
10.1.1
VPN 354
1077_05F9_c1
© 1999, Cisco Systems, Inc.
IN
OUT
(15)10.2.1
(15)10.1.1
(15)10.3.1
(354)10.2.1
(354)10.1.1
Cust B
10.2.1
VPN 354
27
MPLS+ Key Features
• Security—similar to FR/ATM
injecting a packet into a VPN can only at the edge
physical interface associated with that VPN
customer can always choose to use IPSec
• Quality of service
CAR applied per VPN customer port per CoS
CIR can be applied per pair of sites per application
• Scalability
TAGs and routing; BGP route reflectors and ASBRs
1077_05F9_c1
© 1999, Cisco Systems, Inc.
28
Agenda (Part 1 of 2 )
• VPN Overview
• Tunnels
• Cryptography Fundamentals
• IPSec and IKE
• IPSec Configuration Commands
1077_05F9_c1
© 1999, Cisco Systems, Inc.
29
Cryptography Fundamentals
• Encryption
• Key management
• Authentication
1077_05F9_c1
© 1999, Cisco Systems, Inc.
30
Cryptography Fundamentals
• Encryption
• Key management
• Authentication
1077_05F9_c1
© 1999, Cisco Systems, Inc.
31
Encryption
Plaintext
Encryption
Ciphertext
Encryption Key
1077_05F9_c1
© 1999, Cisco Systems, Inc.
32
Encrypted Communication
Sender
Plaintext
Encryption
Transmitted
Ciphertext
Encryption Key
1077_05F9_c1
© 1999, Cisco Systems, Inc.
Receiver
Decryption
Plaintext
Decryption Key
33
Secret Key and
Public Key Systems
• Secret key encryption
A single key
Encryption key = decryption key
Symmetric key
• Public key encryption
A pair of keys
Public key and private key
Asymmetric key
1077_05F9_c1
© 1999, Cisco Systems, Inc.
34
Secret Key Encryption Algorithms
• DES (data encryption standard)
• Triple DES
• Others: IDEA, Blowfish, CAST-128, ...
1077_05F9_c1
© 1999, Cisco Systems, Inc.
35
DES
• A block cipher—encrypts 64 bits
of plaintext to produce 64 bits
of ciphertext
• Key length = 56 bits
• Secret key system
• Consists of 16 rounds of permutations
and substitutions, each round takes a
different permutation of the secret key
(for example, 16 subkeys)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
36
DES (Cont.)
• Decryption algorithm same as
encryption, except the subkeys
are applied in reverse order
• DES algorithm is public information
• Export control not for secrecy,
but to control product availability
1077_05F9_c1
© 1999, Cisco Systems, Inc.
37
Triple DES
• Apply DES 3 times
• Each time with a different key
• Total key length = 3 x 56 = 168 bits
1077_05F9_c1
© 1999, Cisco Systems, Inc.
38
Strength of DES and 3DES
• Well-studied and no known weakness
• Brute-force attack on DES is feasible, but
requires enormous resources and some
knowledge of the plaintext
• Brute-force attack on 3DES is infeasible
with current computing technology
• “Breaking the code” means deciphering a
particular encrypted message and finding
the secret key, nothing is really “broken”
1077_05F9_c1
© 1999, Cisco Systems, Inc.
39
Secret Key Exchange
Requirement
Sender
Plaintext
Receiver
Transmitted
DES/3DES Ciphertext
Encryption
DES/3DES
Decryption
Secret Key
Secret Key
Plaintext
• A secure and manageable scheme of
secret key exchange and renewal is
needed in actual implementation
1077_05F9_c1
© 1999, Cisco Systems, Inc.
40
Public Key Encryption Concept
Sender
Plaintext
Encryption
Receiver’s
Public Key
Transmitted
Ciphertext
Receiver
Decryption
Plaintext
Receiver’s
Private Key
• Private key is known only to receiver
• Public key is known to public
• Public key distribution not a secret operation
1077_05F9_c1
© 1999, Cisco Systems, Inc.
41
Public Key Encryption Algorithms
• Public key concept was first postulated
by Diffie and Hellman in 1976
• RSA (Rivest-Shamir-Adleman) algorithm
was the first public algorithm,
developed in 1977, and has been the
most popular
1077_05F9_c1
© 1999, Cisco Systems, Inc.
42
RSA Algorithm
• A block cipher
• Each message block is treated
as a number (M)
• The number is manipulated with
modular arithmetic operations
1077_05F9_c1
© 1999, Cisco Systems, Inc.
43
RSA Algorithm
Sender
Plaintext
M
RSA
Encryption
Transmitted
Ciphertext C
Receiver
RSA
Decryption
Plaintext
M
C = Me mod n
M = Cd mod n
Receiver’s
Public Key = {e, n}
Receiver’s
Private Key = {d, n}
Receiver Computes: Cd mod n = Med mod n = M
1077_05F9_c1
© 1999, Cisco Systems, Inc.
44
RSA Key Generation
• Select two prime numbers p and q
• Calculate n = p x q
• Select integer e such that
gcd { (p-1) (q-1), e } = 1
• Calculate d such that
ed = 1 mod((p-1)(q-1)), 1 < e < (p-1)(q-1)
• Public key = {e, n}
• Private key = {d, n}
1077_05F9_c1
© 1999, Cisco Systems, Inc.
45
RSA Key Pair Role Reversal
• Can use private key to encrypt and public key
to decrypt (useful for authentication)
• For encryption, sender uses receiver’s public
key to encrypt, only receiver (who has the
corresponding private key) can decrypt
• For authentication, sender uses its own
private key to encrypt, everyone can decrypt
with the sender’s public key, but only sender
(private key owner) could have sent the
message
1077_05F9_c1
© 1999, Cisco Systems, Inc.
46
Public Key
Encryption Application
• Public key encryption is much more
CPU-intensive than secret key encryption
• Used mainly in key management and
digital signature applications, not in
bulk encryption
1077_05F9_c1
© 1999, Cisco Systems, Inc.
47
Cryptography Fundamentals
• Encryption
• Key management
• Authentication
1077_05F9_c1
© 1999, Cisco Systems, Inc.
48
Encryption Key Management
• Secret-key cryptography
Sender and receiver have to know secret key
Secret key exchange has to be confidential
• Public-key cryptography
Every receiver has to publish its public key
Key publishing has to be authenticated
1077_05F9_c1
© 1999, Cisco Systems, Inc.
49
Secret Key Exchange
Diffie-Hellman Key Exchange (1976)
• Sender and Receiver preselect two public values
p—a prime number; g—a primitive root of p
• Sender selects private Xs
X
• Sender calculates and sends public YS = g smod p
• Rcvr selects private XR
X
• Rcvr calculates and sends public YR = g Rmod p
XR
Xs
• Secret key = YS mod p = YR mod p
XsXR
= g
1077_05F9_c1
© 1999, Cisco Systems, Inc.
mod p
50
Public Key Infrastructure (PKI)
• Certificate authority (CA)—an entity who issues
public key certificates, and is trusted by all
communicating parties
• CA can be public (VeriSign, Entrust, and so on)
or private (in-house certificate servers)
• Public key certificate—an authenticated and
verifiable (using CA’s public key) copy of one’s
public key and other identity information
• Certificate revocation list (CRL)—a list of
certificates that have been revoked (this list
is maintained by CA)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
51
How PKI Works
• Each participant enrolls with CA:
Gets CA’s public key (via CA’s own certificate
and manual authentication)
Sends its public key and identity information to CA
Receives its own public key certificate from CA
Gets the latest CRL from CA
• Participants exchange certificates, thereby
exchanging their public keys
• Each participant verifies others’ certificates
with the CA’s public key for authenticity,
and checks its latest copy of the CA’s CRL
1077_05F9_c1
© 1999, Cisco Systems, Inc.
52
Cryptography Fundamentals
• Encryption
• Key management
• Authentication
1077_05F9_c1
© 1999, Cisco Systems, Inc.
53
Authentication
• Fundamental objectives—to verify that:
The received message comes from the
alleged source
The received message has not been altered
• Techniques are available to guard against
packet insertion, deletion, delay, and replay
• Digital signatures can be used to prove the
transmission and/or receipt of messages
• Authentication and encryption are
different functions
1077_05F9_c1
© 1999, Cisco Systems, Inc.
54
Basic Authentication Techniques
• Encryption—message encrypted
by private key can serve as
the authenticator
• Message Authentication Code
(MAC)
• Hash functions
1077_05F9_c1
© 1999, Cisco Systems, Inc.
55
Message Authentication Code
(MAC)
• A keyed public function that maps
a message of any length into a
fixed-length value
• Requires a secret key
• MAC can be built using encryption
technology or hash functions
1077_05F9_c1
© 1999, Cisco Systems, Inc.
56
Message Authentication Code
Sender
Transmitted
Message
M
Message
M
MAC
Key
Key
Receiver
MAC
N
Same? Y
MAC(M)
Reject
Accept
• Match of received and computed MACs at
receiving end verifies that the message has
not been altered after being transmitted
• Only the sender could have generated it,
because of the secret key
1077_05F9_c1
© 1999, Cisco Systems, Inc.
57
Hash Functions
• A public function that maps a message
of any length into a fixed-length
hash value
• No keys are involved in hash functions
• Hash by itself is not an authentication
of originality
• Hash combined with encryption can
provide authentication
1077_05F9_c1
© 1999, Cisco Systems, Inc.
58
Hash Functions
Sender
Transmitted
Message
M
Message
M
Hash
Receiver
Hash
N
Same? Y
H(M)
Reject
Accept
• Match of received and computed hash values
at receiving end verifies that the message has
not been altered after being transmitted
• Anyone could have generated it, because the
hash function itself is public and keyless
1077_05F9_c1
© 1999, Cisco Systems, Inc.
59
Hash Algorithms
• MD5 (message digest v5)
Takes input message of any length, and
processes in 512-bit blocks successively
Outputs 128-bit message digest
• SHA-1 (secure hash function)
Based on MD4
Outputs 160-bit message digest
Stronger and computationally more
expensive than MD5
• Others
1077_05F9_c1
© 1999, Cisco Systems, Inc.
60
HMAC (Hash-Based MAC)
• A popular class of MAC using hash
functions such as MD5 and SHA-1,
because
Computationally more efficient than encryption
Hash functions have no export restrictions
• A secret key is incorporated into
the hash algorithm to produce HMAC
1077_05F9_c1
© 1999, Cisco Systems, Inc.
61
Digital Signatures
• To offer authentication, and
• To protect sender and receiver against one
another for possible disputes as follows:
Receiver may forge/alter message (common key)
Sender may deny message transmission
(repudiation)
• Digital signature standard (DSS)
Digital signature algorithm (DSA)
DSA uses SHA and public key technique
for signature generation and verification
1077_05F9_c1
© 1999, Cisco Systems, Inc.
62
The Basic Technology Picture
Encryption
Secret Key:
DES, 3DES
Public Key:
RSA
Authentication
Hash
Functions
MAC
SHA
HMAC
(secret key)
Key Management
Manual
Operation
1077_05F9_c1
Secret Key Exchange:
Diffie-Hellman
© 1999, Cisco Systems, Inc.
MD5
Digital
Signature
(public key)
Public Key Exchange:
Certificate Authority
63
Agenda (Part 1 of 2 )
• VPN Overview
• Tunnels
• Cryptography Fundamentals
• IPSec and IKE
• IPSec Configuration Commands
1077_05F9_c1
© 1999, Cisco Systems, Inc.
64
IPSec
• A set of IP security architecture
and protocol standards
• Two IP security protocols
Authentication header (AH)
Encapsulating security payload (ESP)
• Internet key exchange (IKE)
Negotiates IPSec attributes
between peers
1077_05F9_c1
© 1999, Cisco Systems, Inc.
65
IPSec Modes of Operation
• Transport mode
• Tunnel mode
• Both supported in AH and ESP
1077_05F9_c1
© 1999, Cisco Systems, Inc.
66
Transport Mode
• Used for end-to-end communication
between two hosts, such as when
both ends of the “session” are hosts
• Can also be used by routers in
conjunction with GRE tunnels
• Protects the IP payload only
1077_05F9_c1
© 1999, Cisco Systems, Inc.
67
Tunnel Mode
• Used between gateways and/or hosts
• Protects the entire IP packet
• Packet is encapsulated by an
outer packet
1077_05F9_c1
© 1999, Cisco Systems, Inc.
68
IPsec Modes
IP HDR
Data
IP HDR
Data
Tunnel Mode
New IP HDR IPsec HDR
To Be Protected
IP HDR
Data
Transport Mode
IP HDR
IPsec HDR
Data
To Be Protected
1077_05F9_c1
© 1999, Cisco Systems, Inc.
69
Tunnel and Transport Modes
Tunnel Mode
Tunnel Mode
Tunnel Mode
Joe’s PC
HR Server
Transport Mode (with GRE)
Transport Mode
• Transport mode for end-to-end or GRE
• Tunnel mode for everything else
1077_05F9_c1
© 1999, Cisco Systems, Inc.
70
Security Association
• A one-way relationship from sender
to receiver
• Specifies and provides mutually agreed
security services to the one-way traffic
• Two-way traffic requires two SAs
• Each SA identified by a security
parameters index (SPI)
Part of IPSec header
Local significance only
1077_05F9_c1
© 1999, Cisco Systems, Inc.
71
Authentication Header
• Uses either HMAC-MD5 or HMAC-SHA-1
• Uses 32-bit sequence number (with window)
to guard against replay attack
• Total AH header length 24 bytes
• AH in transport mode authenticates the
IP payload and the static portion of the
IP header
• AH in tunnel mode authenticates the entire
inner IP packet and the static portion of
the outer IP header
1077_05F9_c1
© 1999, Cisco Systems, Inc.
72
Authentication Header
IP HDR
Data
Transport Mode
IP HDR
AH
Data
Authenticated Except for Mutable Fields
Tunnel Mode
New IP HDR
AH
IP HDR
Data
Authenticated Except for Mutable Fields in New IP Header
1077_05F9_c1
© 1999, Cisco Systems, Inc.
73
Mutable Fields in Outer IP Header
• Type of service (TOS)
• Flags
• Fragment offset
• Time to live (TTL)
• Header checksum
• These fields may be modified
during transit, therefore they
are not authenticated by AH
1077_05F9_c1
© 1999, Cisco Systems, Inc.
74
Encapsulating Security Payload
• Uses DES or Triple DES
• ESP in transport mode encrypts (and
optionally authenticates) the IP payload
• ESP in tunnel mode encrypts (and optionally
authenticates) the entire inner IP packet
• Uses 64-bit sequence number (with window)
to guard against replay attack
• Uses either HMAC-MD5 or HMAC-SHA-1
for optional authentication
1077_05F9_c1
© 1999, Cisco Systems, Inc.
75
Encapsulating Security Payload
IP HDR
Data
Transport Mode
IP HDR
ESP HDR
Data
ESP
ESP
Trailer Auth
Encrypted
Authenticated
Tunnel Mode
New IP HDR
ESP HDR
IP HDR
Data
ESP ESP
Trailer Auth
Encrypted
Authenticated
1077_05F9_c1
© 1999, Cisco Systems, Inc.
76
AH versus ESP
• ESP encrypts; AH does not encrypt
• In transport mode, AH authenticates
the entire packet; ESP authenticates
only the data but not the IP header
• In tunnel mode, AH authenticates
the entire packet (inner + outer);
ESP authenticates only the inner
packet but not the outer IP header
1077_05F9_c1
© 1999, Cisco Systems, Inc.
77
Internet Key Exchange (IKE)
• A hybrid protocol to negotiate keys and SAs
in an authenticated and protected manner
• Two components:
A framework for authentication and key exchange
(ISAKMP), specifying packet formats for SA
negotiations, but not dictating any specific
key exchange algorithms
An authenticated key exchange algorithm
(based on Diffie-Hellman, with added authentication
and security features from Oakley and SKEME
techniques)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
78
Attributes Negotiated by IKE
• Encryption algorithm
• Hash algorithm
• Authenticated method
• Diffie-Hellman group info
• IKE SA lifetime
• These are ISAKMP SA attributes,
for setting up a secured IKE link,
of which IPSec SAs are negotiated
1077_05F9_c1
© 1999, Cisco Systems, Inc.
79
How IPSec Uses IKE
4. Packet Is Sent from
1. Outbound packet from
Sender to Rcvr Protected
Sender to Rcvr*—No IPSec SA
by IPSec SA
IPSec
IPSec
Sender’s
Router
Rcvr’s
Router
IKE
2. Sender’s IKE Begins
Negotiation with Rcvrs
IKE Tunnel
IKE
3. Negotiation Complete—
Sender and Rcvr Now Have
Complete Set of SAs in Place
* Rcvr = Receiver
1077_05F9_c1
© 1999, Cisco Systems, Inc.
80
Agenda (Part 1 of 2 )
• VPN Overview
• Tunnels
• Cryptography Fundamentals
• IPSec and IKE
• IPSec Configuration Commands
1077_05F9_c1
© 1999, Cisco Systems, Inc.
81
Six Basic Steps of IPSec
VPN Configuration
• Define IKE policy
• Configure CA support or
manual keys
• Create crypto access-list
• Define transform sets
• Create crypto maps
• Apply crypto maps to interfaces
1077_05F9_c1
© 1999, Cisco Systems, Inc.
82
IKE Policy
• A set of security parameters for
protecting IKE negotiations and
exchanging IPSec session keys
1077_05F9_c1
© 1999, Cisco Systems, Inc.
83
IKE Policy Command Syntax
• Crypto isakmp policy priority
• encryption des
/* default */
• hash [sha | md5] /* def = sha */
• authentication [rsa-sig | rsa-encr |
pre-share]
/* def = rsa-sig */
• group [1 | 2]
/* def = 1 */
• lifetime seconds /* def = 86400 */
• exit
• Group 1 is 768-bit modulus for Diffie-Hellman,
Group 2 is 1024-bit modulus
1077_05F9_c1
© 1999, Cisco Systems, Inc.
84
IKE Config—
Authentication Options
• rsa-sig—need to configure CA
support
• rsa-encr—need to configure RSA
public keys manually
• preshare—need to configure
preshared keys
• (Please refer to Cisco IOS doc for
complete details and examples)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
85
Generate RSA Public Key
• To generate one’s own RSA keys:
crypto key generate rsa [usage-keys]
• To show one’s own RSA keys:
show crypto key mypubkey rsa
• RSA key generation is needed when IKE
policy is either rsa-sig or rsa-encr
• With rsa-sig, RSA public key is sent to
CA for certification
• With rsa-encr, RSA public key is copied
(cut-and-pasted) to peer router’s config
1077_05F9_c1
© 1999, Cisco Systems, Inc.
86
General-Purpose
versus Usage Keys
• To generate one’s own RSA keys:
crypto key generate rsa [usage-keys]
• [Usage-keys]is an option, which means
two set of RSA keys—one for encryption
and one for signature
• Without [Usage-keys], the same set
of keys is used for both encryption
and signature
1077_05F9_c1
© 1999, Cisco Systems, Inc.
87
ISAKMP Identity
• IKE identity used during negotiation can
be either IP address or hostname
(default is IP address)
• To set ISAKMP identity:
crypto isakmp identity [address |
hostname]
• If hostname is used, make sure DNS mapping
or ip host config is in place
• Address option (default) is recommended
• All peering routers should be set the same way
1077_05F9_c1
© 1999, Cisco Systems, Inc.
88
Configure Peers’ RSA
Public Keys
• Crypto key public-chain rsa
• addressed-key key-address [encr | sig]
(If peer has generated [usage-keys], separate encryption and
authentication keys have to be configured here; otherwise,
leave out [encr | sig] for the same general-purpose key)
• named-key key-name [encr | sig
(If remote peer’s ISAKMP identity is hostname)
• key-string
• string /* enter the key string here */
• quit
• exit
1077_05F9_c1
© 1999, Cisco Systems, Inc.
89
CA Support Configuration
• Configure host name
hostname name
• Configure IP domain name
ip domain-name name
• Generate RSA key pair
crypto key generate rsa [usage-keys]
1077_05F9_c1
© 1999, Cisco Systems, Inc.
90
CA Support Command Syntax
• Crypto ca identity name
• enrollment url url
• exit
• (Please refer to Cisco IOS doc for additional
configuration commands and options)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
91
CA Support Initialization
• Authenticate the CA
crypto ca authenticate name
• Request one’s own certificate
crypto ca enroll name
• Request CRL
crypto ca crl request name
1077_05F9_c1
© 1999, Cisco Systems, Inc.
92
Crypto Access-Lists
• Same syntax as IP extended ACLs
• Action is not pass/no-pass, but
protect/no-protect
Permit = Protect: IPSec-transform the
packet before transmit
Deny = No-protect: Just transmit
the packet
1077_05F9_c1
© 1999, Cisco Systems, Inc.
93
Crypto Access-List Effects
• Crypto ACL is referenced in crypto maps
(which are applied to interfaces)
• It screens outbound traffic for protect/
no-protect decision
• It screens inbound traffic, to discard
those that should have arrived protected
For example if net_A to net_B traffic (outbound) is
protected, then net_B to net_A traffic (inbound) must
arrive protected, otherwise it will be discarded
• Crypto ACL identifies target traffic in
IKE negotiations
1077_05F9_c1
© 1999, Cisco Systems, Inc.
94
Transform Sets
• A set of security protocols and
algorithms acceptable to a router
• Multiple sets can be defined
• One or more sets are referenced
in a crypto map
• Used by IKE to negotiate IPSec SAs
Sets are proposed until accepted/matched
1077_05F9_c1
© 1999, Cisco Systems, Inc.
95
Transform Set Command Syntax
• Crypto ipsec transform-set name
transform1 [transform2] [transform3]
/*up to 3*/
• mode [tunnel | transport] /*def =
tunnel*/
• exit
• (Please refer to Cisco IOS doc for additional
configuration commands, options, explanations,
and examples)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
96
Allowed Transforms
• Each transform-set can have AH and/or
ESP (with optional ESP authentication)
• For AH, select one out of:
ah-md5-hmac, ah-sha-hmac, ah-rfc1828
• For ESP, select one out of:
esp-des, esp-3des, esp-rfc1829
• For optional ESP auth, select one out of:
esp-md5-hmac, esp-sha-hmac
1077_05F9_c1
© 1999, Cisco Systems, Inc.
97
Crypto Maps
• A set of policies to specify an SA
• “Static” crypto maps – IPSec peers are explicitly configured
• Dynamic crypto maps – IPSec peers are not specified
– Used for accepting SA negotiations,
not for initializing SA negotiations
1077_05F9_c1
© 1999, Cisco Systems, Inc.
98
Crypto Map Command Syntax
• Crypto map map-name seq# ipsec-isakmp
• set peer [ip-address | hostname]
• set transform-set name1 [name2 … name6]
• match address [crypto ACL#]
• exit
• (Please refer to IOS doc for additional
commands, ipsec-manual and ipsec-dynamic
options, further explanations, and examples)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
99
Crypto Map Peering
Addresses
• By default, source address of SA negotiation
will be the address of outgoing interface
(tunnel interface if GRE is used)
• Can be changed by
crypto map map-name local-address interface-id
• Change applies to the entire crypto map
• Has to match “set peer” config at the peering
router
1077_05F9_c1
© 1999, Cisco Systems, Inc.
100
Dynamic Crypto Map
• Crypto dynamic-map d-map-name d-seq#
• set transform-set name1 [name2 … name6]
• match address [crypto ACL#]
• set peer [ip-address | hostname] /optional
• exit
• crypto map [map-name] [seq#] ipsec-isakmp
dynamic d-map-name
(Please refer to Cisco IOS doc for additional
commands, ipsec-manual and ipsec-dynamic
options, further explanations, and examples)
1077_05F9_c1
© 1999, Cisco Systems, Inc.
101
Dynamic Tunnel Endpoint
Discovery
• A new IPSec feature in development
• TED simplifies IPSec configuration tasks in
large-scale VPN implementations
• Allows dynamic crypto maps to initiate SA
negotiations
• TED sends out a probe packet, and the
response triggers IKE negotiations
• crypto map [map-name] [seq#] ipsecisakmp dynamic d-map-name discover
1077_05F9_c1
© 1999, Cisco Systems, Inc.
102
Apply Crypto Map to Interface
• interface [type] [number]
• crypto map [map-name]
• exit
1077_05F9_c1
© 1999, Cisco Systems, Inc.
103
Example
crypto isakmp policy 10
authentication rsa-encr
crypto ipsec transform-set xyz007 esp-des
crypto key pubkey-chain rsa
addressed-key 100.0.0.2
key-string
12345678 ………
quit
crypto map abc123 10 ipsec-isakmp
set peer 100.0.0.2
set transform-set xyz007
match address 101
interface serial 0
ip address 100.0.0.1 255.255.0.0
crypto map abc123
access-list 101 permit ip 10.0.0.1 ………
1077_05F9_c1
© 1999, Cisco Systems, Inc.
104
Config Changes and SAs
• Established SAs are not affected by
router configuration changes
• Use “clear crypto isa” and “clear
crypto sa” to clear SAs when
making config changes
1077_05F9_c1
© 1999, Cisco Systems, Inc.
105
End of Part 1
1077_05F9_c1
© 1999, Cisco Systems, Inc.
106
1077_05F9_c1
© 1999, Cisco Systems, Inc.
107