APNIC eLearning:

IPSec VPN Design

22 MARCH 2017
13:00 PM AEST Brisbane (UTC+10)

Issue Date: 07 July 2015

Revision: 2.0
Introduction
• Presenter Tashi Phuntsho
Senior Training Officer
[email protected]

Specialties:
BGP, IS-IS/OSPF, IPv6, Securing Internet Routing (RPKI),
DWDM, Network Security

• Reminder: Please take time to fill-up the survey

2
Overview
• Virtual Private Networks
• What is IPsec?
• Benefits of IPsec
• Tunnel and Transport Mode
• IPsec Architecture and Components
• Setting up an IPsec VPN tunnel

3
Virtual Private Network
• Creates a secure tunnel over a public network
– Encapsulation agreement
• Client to firewall
• Router to router
• Firewall to firewall

• Two types:
– Remote access
– Site-to-site VPN

4
IPsec
• A set of protocols and algorithms used to secure IP data at
the network layer
– Security associations (SA)
– Authentication headers (AH)
– Encapsulating security payload (ESP)
– Internet Key Exchange (IKE)

• A security context for the VPN tunnel is established via the

ISAKMP

5
What is IPSec?

Internet

IPSec

• IETF standard that enables encrypted communication

between peers:
– Consists of open standards for securing private communications
– Network layer encryption ensuring data confidentiality, integrity, and
authentication
– Scales from small to very large networks

6
IPsec Standards
• RFC 4301 “The IP Security Architecture”
– Defines the original IPsec architecture and elements common to both AH
and ESP
• RFC 4302
– Defines authentication headers (AH)
• RFC 4303
– Defines the Encapsulating Security Payload (ESP)
• RFC 2408
– ISAKMP
• RFC 5996
– IKE v2 (Sept 2010)
• RFC 4835
– Cryptographic algorithm implementation for ESP and AH

7
Benefits of IPsec
• Confidentiality
– encrypting data

• Integrity
– each end of a tunnel calculates the checksum or hash value of the
data

• Authentication
– Signatures and certificates

8
Benefits of IPsec
• Data integrity and source authentication
– Data “signed” by sender and “signature” is verified by the recipient
– Modification of data can be detected by signature “verification”
– Because “signature” is based on a shared secret, it gives source
authentication
• Key management
– IKE – session negotiation and establishment
– Sessions are rekeyed or deleted automatically
– Secret keys are securely established and authenticated
– Remote peer is authenticated through varying options

9
IPsec Modes
• Tunnel Mode
– Entire IP packet is encapsulated and encrypted
– site-to-site VPN

New IP IPsec IP TCP

Header Header Header Header
DATA

• Transport Mode
– Encapsulates only the payload
– Works where increasing a packet’s size could cause an issue
– remote-access VPNs
IP IPsec TCP
Header Header Header
DATA

10
IPsec Architecture

AH
Security
Authentication Header Protocols

IPsec Security Policy ESP

Encapsulating Security
Payload

IKE

The Internet Key Exchange

Establishes the tunnel
Key management

11
Security Associations (SA)
• A collection of parameters required to establish a secure session
• Uniquely identified by three parameters consisting of
– Security Parameter Index (SPI)
– IP destination address
– Security protocol (AH or ESP) identifier
• An SA is either uni- or bidirectional
– IKE SAs are bidirectional
– IPsec SAs are unidirectional
• Two SAs required for a bidirectional communication

• A single SA can be used for AH or ESP, but not both

– must create two (or more) SAs for each direction if using both AH and
ESP

12
ISAKMP
• Internet Security Association and Key Management
Protocol
• Used for establishing Security Associations (SA) and
cryptographic keys
• Only provides the framework for authentication and key
exchange, but key exchange is independent
• Key exchange protocols
– Internet Key Exchange (IKE)
– Kerberized Internet Negotiation of Keys (KINK)

13
Authentication Header (AH)
• Provides source authentication and data integrity
– Protection against source spoofing and replay attacks
– Keyed hashing and sequence numbers:
• A hash of the packet with the PSK, and used as AH

• Operates on top of IP using protocol 51

• In IPv4, AH protects the payload and all header fields

except mutable fields and IP options (such as IPsec option)

14
Packet Format Alteration for AH
Transport Mode
Authentication Header

Without AH Original
IP Header TCP/UDP Data

Original AH
With AH Header TCP/UDP Data
IP Header

Authenticated except for

mutable fields in IP header
(ToS, TTL, Header Checksum, Offset, Flags)

15
Packet Format Alteration for AH
Tunnel Mode
Authentication Header

Before applying Original

AH: IP Header TCP/UDP Data

After applying New AH Original

AH: IP Header Header IP Header Data

Authenticated except for

mutable fields in new IP header
(ToS, TTL, Header Checksum, Offset, Flags)

16
Encapsulating Security Payload (ESP)
• Uses IP protocol 50
• Provides all that is offered by AH, plus data confidentiality
– uses symmetric key encryption
• 3DES/AES (DH shared secret)
• Hashes the encrypted packets with HMAC using PSK; used as ESP header

• Must encrypt and/or authenticate in each packet

– Encryption occurs before authentication

• Authentication is applied to data in the IPsec header as well

as the data contained as payload

17
Packet Format Alteration for ESP
Transport Mode
Encapsulating Security Payload

Before applying Original

ESP: IP Header TCP/UDP Data

After applying Original ESP ESP ESP

ESP: IP Header Header TCP/UDP Data Trailer Authentication

Encrypted

Authenticated

18
Packet Format Alteration for ESP
Tunnel Mode
Encapsulating Security Payload

Before applying Original

ESP: IP Header TCP/UDP Data

After applying New ESP Original ESP ESP

ESP: IP Header Header IP Header TCP/UDP Data Trailer Authentication

Encrypted

Authenticated

19
Internet Key Exchange (IKE)
• for establishing IPsec sessions
– To securely exchange cryptographic keys and encryption parameters

• Five variations of an IKE negotiation:

– Two modes (aggressive – 3 messages and main modes – 6
messages)
– authentication methods (pre-shared, public key encryption, and
public key signature)

• Uses UDP port 500

20
Internet Key Exchange (IKE)
• Phase I
– Establish a secure mgmt channel using ISAKMP
• Negotiate ISAKMP SAs
– Authenticate using certificates or psk
– Negotiates IKE policy sets (DH, DES, MD5/SHA)
– Three steps:
• SA negotiation (encryption algorithm, hash algorithm, authentication method, which DH
group to use)
• Do a Diffie-Hellman exchange
• Provide authentication information
• Authenticate the peer

• Phase II
– Creates IPsec tunnel (IPsec SA)
• Negotiate IPsec security parameters over the ISAKMP secure channel/session

21
IKE Phase 1 (Main Mode)
3
Compute DH shared secret
and derive keying material
Initiator Responder

Internet

IKE Message 1 (SA proposal)

Negotiate
1
IKE Policy IKE Message 2 (accepted SA)

IKE Message 3 (DH public value, nonce)

Authenticated
2
DH Exchange IKE Message 4 (DH public value, nonce)

IKE Message 5 (Authentication material, ID)

Protect IKE
4 (Encrypted)
Peer Identity IKE Message 6 (Authentication material, ID)

22
IKE Phase 1 (Aggressive Mode)
• Uses 3 (vs 6) messages to establish IKE SA
• No denial of service protection
• Does not have identity protection
• Optional exchange and not widely implemented

23
IKE Phase 2 (Quick Mode)
• All traffic is encrypted using the ISAKMP Security
Association
• Each quick mode negotiation results in two IPsec Security
Associations (one inbound, one outbound)
• Creates/refreshes keys

24
IKE Phase 2 (Quick Mode)
7 Compute keying material 2
Validate
Initiator message 1
Responder
4
Validate
message 2
Internet
6
Validate
message 3
Message 1 (authentication/keying material and SA proposal)
1

Message 2 (authentication/keying material and accepted SA)

3

Message 3 (hash for proof of integrity/authentication)

5

25
Overview of IKE
1 IPsec Peer IPsec Peer
Traffic which needs 2
to be protected IKE Phase 1

Secure communication channel

IKE Phase 2
3

IPsec Tunnel

Secured traffic exchange

4

26
Configuring IPsec
• Step 1: Configure the IKE Phase 1 Policy (ISAKMP Policy)
– Configure policy sets crypto isakmp policy [priority]
• Define the auth, encryption, hashing, DH group
– PSK pairing on both ends

• Step 2: Configure the IPsec (SAs) transform set

– Encryption and authentication parameters

• Step 3: Define which traffic to encrypt

– Interesting traffic

27
Configuring IPsec
• Step 5: Create crypto map
– Associates interesting traffic to an IPsec peer and the security
parameters

• Step 6: Apply the crypto map to appropriate Interface

• Verify:
– Check ISAKMP SA sh crypto isakmp sa
– check IPsec SA. sh crypto ipsec sa

28
Router Configuration
crypto isakmp policy 1
authentication pre-share Phase 1 SA
encryption aes
hash sha Encryption and
group 5 authentication
crypto isakmp key Training123 address 172.16.11.66
!
crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac
!
crypto map LAB-VPN 10 ipsec-isakmp
match address 101 Phase 2 SA
set transform-set ESP-AES-SHA
set peer 172.16.11.66

29
Router Configuration
int fa 0/1 Apply to an
outbound interface
crypto map LAB-VPN
Exit
!
access-list 101 permit ip 172.16.16.0
0.0.0.255 172.16.20.0 0.0.0.255

Define interesting
VPN traffic

30
Questions
• Please remember to fill out the
feedback form
– https://www.surveymonkey.com/r/a
pnic-20170322-eL2

– Slides are available for download

from the FTP link shared.

31
APNIC Helpdesk Chat
Thank You!
END OF SESSION

33
www.facebook.com/APNIC

www.twitter.com/apnic

www.youtube.com/apnicmultimedia

www.flickr.com/apnic

www.weibo.com/APNICrir

Issue Date:
Revision: