Embed Size (px)
Citation preview
7/1/20
1
1 v1.1
1
2 v1.1
IPsec VPN Design WEBINAR SESSION
2
7/1/20
2
3 v1.1
• VPN Overview• What is IPsec?• IPsec Architecture• Configuring IPsec
Outline
3
4 v1.1
Virtual Private Network
Home or remote network
Main Office / On-prem / Cloud
VPN
Internet
Creates a secure tunnel over a public network
VPN ClientRouterFirewall
VPN Server RouterFirewall
4
7/1/20
3
5 v1.1
Virtual Private Network
Home or remote network
Main Office / On-prem / Cloud
REMOTE ACCESS VPN
Internet
Remote Branch / DC
SITE TO SITE VPN
5
6 v1.1
VPN ProtocolsPPTP (Point-to-Point tunneling Protocol)
o Developed by Microsoft to secure dial-up connectionso Operates in the data-link layer
L2F (Layer 2 Forwarding Protocol)o Developed by Cisco o Similar as PPTP
L2TP (Layer 2 Tunneling Protocol)o IETF standardo Combines the functionality of PPTP and L2F
IPsec (Internet Protocol Security)o Open standard for VPN implementationo Operates on the network layer
6
7/1/20
4
7 v1.1
Other VPN Types
MPLS VPN Used for large and small enterprisesPseudowire, VPLS, VPRN
GRE Tunnel Packet encapsulation protocol developed by Cisco Not encrypted Implemented with IPsec
L2TP IPsec Uses L2TP protocol Usually implemented along with IPsecIPsec provides the secure channel, while L2TP provides the tunnel
SSL VPN Uses the TLS protocol to encapsulate data
7
8 v1.1
IPsec
Refers to a suite of protocols and algorithms used to secure IP data at the network layer.
IETF standard that enables encrypted communication between peers.
It is implemented as a network layer encryption ensuring data confidentiality, integrity and authentication (that is transparent to applications).
8
7/1/20
5
9 v1.1
IPsec Standards
Security Architecture for the Internet Protocol
IP Authentication Header
IP Encapsulating Security Payload (ESP)
Internet Security Association and Key Management Protocol (ISAKMP)
Cryptographic Algorithm Implementation Requirements forEncapsulating Security Payload (ESP) and Authentication Header (AH)
Internet Key Exchange Protocol Version 2 (IKEv2)
9
10 v1.1
Benefits of IPsec
Data integrity and source authenticationData “signed” by sender and “signature” is verified by the recipientModification of data can be detected by signature “verification”Because “signature” is based on a shared secret, it gives source authentication
Anti-replay protectionProtection against duplicate packets by assigning a unique sequence numberOptional; the sender must provide, but the recipient may ignore
Key managementSessions are rekeyed or deleted automaticallySecret keys are securely established and authenticated
ConfidentialityEncrypting data
10
7/1/20
6
11 v1.1
Different Layers of Encryption
Network Layer - IPsec
Link Layer Encryption
Application Layer – SSL, PGP, SSH, HTTPS
Source Destination
11
12 v1.1
IPsec Modes
Tunnel ModeEntire IP packet is encrypted and becomes the data component of a new (and larger) IP packet.Frequently used in an IPsec site-to-site VPN
Transport ModeIPsec header is inserted into the IP packetNo new packet is createdWorks well in networks where increasing a packet’s size could cause an issueFrequently used for remote-access VPNs
12
7/1/20
7
13 v1.1
Transport vs Tunnel Mode IPsec
PayloadTCP
HeaderIP
HeaderWithout IPsec
Transport ModeIPsecPayload
TCP Header
IP Header
IPsec Header
IP Header
Tunnel ModeIPsec
PayloadTCP
HeaderIP
HeaderIPsec
HeaderNew IP Header
13
14 v1.1
Transport vs Tunnel Mode IPsec
Transport Mode: End systems are the initiator and recipient of protected traffic
Tunnel Mode: Gateways act on behalf of hosts to protect traffic
Routing UpdateTFTP
File Transfer
File Transfer
14
7/1/20
8
15 v1.1
IPsec Architecture
IPsec Architecture
ESP Protocol AH Protocol
Encryption Algorithm Combined Algorithm Integrity-Protection Algorithm
IKE Protocol
15
16 v1.1
Security Associations
Security Association DBSecurity Parameter Index (SPI)
IP destination address
Security protocol (AH or ESP) identifier
Sequence Number Counter
Anti-replay Window
Lifetime of the SA
A collection of parameters required to establish a secure session
An SA is either uni or bidirectionalISAKMP SAs are bidirectionalIPsec SAs are unidirectionalTwo SAs required for a bidirectional communication
A unique 32-bit identification number that is part of the Security Association (SA)
16
7/1/20
9
17 v1.1
IPsec Databases
Security Policies Database (SPD)Policies that determine the disposition of all inbound and outbound traffic from the host or security gateway
Security Associations Database (SAD)Parameters associated with each established SA
Peer Authorization Database (PAD)Link between the SA management protocol (such as IKE) and the SPD
17
18 v1.1
ISAKMP
Internet Security Association and Key Management Protocol
Used for establishing Security Associations (SA) and cryptographic keys
Only provides the framework for transferring key and authentication data, that is independent of the key exchange.
Key exchange protocolso Internet Key Exchange (IKE) o Kerberized Internet Negotiation of Keys (KINK)
18
7/1/20
10
19 v1.1
IPsec Security Protocols
Authentication Header (AH)Uses IP protocol 51Provides source authentication and data integrityOptional anti-replay featuresAuthentication is applied to the entire packet, with the mutable fields in the IP header zeroed out
Encapsulating Security Payload (ESP)Uses IP protocol 50Provides all that is offered by AH, plus data confidentialityMust encrypt and/or authenticate in each packetAuthentication is applied to data in the IPsec header as well as the data contained as payload
19
20 v1.1
Authentication Header (AH) Format
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Next Header Payload Length Reserved
Security Parameter Index (SPI)
Sequence Number
Authentication Data
[ Integrity Check Value (ICV) ]
20
7/1/20
11
21 v1.1
Encapsulating Security Payload (ESP) Header Format
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Next HeaderPadding Length
Payload Data (Variable)
Padding (0-255 bytes)
Initialization Vector (IV)
Sequence Number
Security Parameter Index (SPI)
Authentication Data (ICV)
ENCR
YPTE
D
21
22 v1.1
Packet Format Alteration for AH Transport Mode
OriginalIP Header TCP/UDP Data
OriginalIP Header
AHHeader TCP/UDP Data
Authentication Header
Without AH
With AH
Authenticated except formutable fields in IP header
(ToS, TTL, Header Checksum, Offset, Flags)
22
7/1/20
12
23 v1.1
Packet Format Alteration for ESP Transport Mode
23
OriginalIP Header TCP/UDP Data
OriginalIP Header
ESPHeader
Encapsulating Security Payload
Before applyingESP:
After applying ESP:
Encrypted
ESPAuthentication
Authenticated
TCP/UDP DataESP
Trailer
23
24 v1.1
Packet Format Alteration for AH Tunnel Mode
24
OriginalIP Header TCP/UDP Data
NewIP Header
AHHeader Data
Authentication Header
Before applyingAH:
After applying AH:
Authenticated except formutable fields in new IP header
OriginalIP Header
(ToS, TTL, Header Checksum, Offset, Flags)
24
7/1/20
13
25 v1.1
Packet Format Alteration for ESP Tunnel Mode
25
OriginalIP Header TCP/UDP Data
NewIP Header
ESPHeader
Encapsulating Security Payload
Before applyingESP:
After applying ESP:
Encrypted
ESPAuthentication
Authenticated
OriginalIP Header TCP/UDP Data
ESPTrailer
25
26 v1.1
Internet Key Exchange (IKE)
26
An IPsec component used for performing mutual authentication and establishing and maintaining Security Associations.
A key management protocol for IPsec
Uses UDP port 500
Two version: IKEv1 (RFC2409) and IKEv2 (RFC4306/7296)
26
7/1/20
14
27 v1.1
IKEv1 Negotiation Modes
Mode DescriptionMain mode Three exchanges of information between IPsec peers.
Initiator sends one or more proposals to the other peer (responder)Responder selects a proposal
Aggressive Mode Achieves same result as main mode using only 3 packetsFirst packet sent by initiator containing all info to establish SASecond packet by responder with all security parameters selectedThird packet finalizes authentication of the ISAKMP session
Quick Mode Negotiates the parameters for the IPsec session.Entire negotiation occurs within the protection of ISAKMP session
2727
28 v1.1
IKEv1 Negotiation
Phase IEstablish a secure channel (ISAKMP SA)Using either main mode or aggressive modeAuthenticate computer identity using certificates or pre-shared secret
Phase IIEstablishes a secure channel between computers intended for the transmission of data (IPsec SA)Using quick mode
28
7/1/20
15
29 v1.1
Overview of IKEv1
29
Traffic which needs to be protected
IPsec PeerIPsec Peer
IKE Phase 1
Secure communication channel
IKE Phase 2
IPsec Tunnel
Secured traffic exchange
12
3
4
29
30 v1.1
IKEv1 Phase 1 (Main Mode)
Main mode negotiates an ISAKMP SA which will be used to create IPsec SAs
Three steps:1. SA negotiation (encryption algorithm, hash algorithm, authentication
method, which DF group to use)2. Do a Diffie-Hellman exchange3. Provide authentication information and authenticate the peer
30
30
7/1/20
16
31 v1.1
IKEv1 Phase 1 (Main Mode)
31
ResponderInitiator
1
2
IKE Message 1 (SA proposal)
IKE Message 2 (accepted SA)
IKE Message 3 (DH public value, nonce)
IKE Message 4 (DH public value, nonce)
IKE Message 5 (Authentication material, ID)
IKE Message 6 (Authentication material, ID)4
3
NegotiateIKE Policy
AuthenticatedDH Exchange
Compute DH shared secretand derive keying material
Protect IKEPeer Identity
(Encrypted)
Internet
31
32 v1.1
IKEv1 Phase 1 (Aggressive Mode)
Uses 3 (vs 6) messages to establish IKE SANo denial of service protectionDoes not have identity protectionOptional exchange and not widely implemented
32
32
7/1/20
17
33 v1.1
IKEv1 Phase 2 (Quick Mode)
All traffic is encrypted using the ISAKMP
Each quick mode negotiation results in two IPsec Security Associations (one inbound, one outbound)
33
33
34 v1.1
IKEv1 Phase 2 (Quick Mode)
34
ResponderInitiator
3
Compute keying material
Message 1 (authentication/keying material and SA proposal)
Message 2 (authentication/keying material and accepted SA)
Message 3 (hash for proof of integrity/authentication)
1
2
5
Validatemessage 1
7
4
6Validate
message 3
Validatemessage 2 Internet
34
7/1/20
18
35 v1.1
Configuring IPsecStep 1: Configure the IKEv1 Phase 1 Policy (ISAKMP Policy)
o crypto isakmp policy [priority]
Step 2: Set the ISAKMP Identityo crypto isakmp identity {ipaddress|hostname}
Step 3: Configure the IPsec transfer set o crypto ipsec transform-set transform-set-name <transform1> <transform2>
mode [tunnel|transport]o crypto ipsec security-association lifetime seconds seconds
35
35
36 v1.1
Configuring IPsecStep 4: Creating map with name
o crypto map crypto-map-name seq-num ipsec-isakmpo match address access-list-ido set peer [ipaddress|hostname]o set transform-set transform-set-nameo set security-association lifetime seconds secondso set pfs [group1|group2]
Step 5: Apply the IPsec Policy to an Interfaceo crypto map crypto-map-name local-address interface-id
36
R1 R2Encrypted session
Public Network
36
7/1/20
19
37 v1.1
Router Configuration (IKEv1)crypto isakmp policy 1authentication pre-share encryption aeshash sha512 group 24
crypto isakmp key Training123 address 172.16.11.66!crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha512-hmac!crypto map LAB-VPN 10 ipsec-isakmpmatch address 101set transform-set ESP-AES-SHAset peer 172.16.11.66
37
Phase 1 SA
Encryption and authentication
Phase 2 SA
37
38 v1.1
Router Configuration (IKEv1)
int fa 0/1crypto map LAB-VPN
Exit!access-list 101 permit ip 172.16.16.0 0.0.0.255 172.16.20.0 0.0.0.255
38
Apply to an outbound interface
Define interesting VPN traffic
38
7/1/20
20
39 v1.1
Capture: Telnet
39
39
40 v1.1
Capture: Telnet + IPsec
40
40
7/1/20
21
41 v1.1
IKEv2incorporates "lessons learned" from implementation and operational experience with IKEv1 (RFC6071)
Feature Preservationo Most features and characteristics of baseline IKE v1 protocol are being
preserved in v2
Compilation of Features and Extensionso Quite a few features that were added on top of the baseline IKE protocol
functionality in v1 are being reconciled into the mainline v2 framework
Some New Features
41
41
42 v1.1
IKEv2: What Is Not Changing
Features in v1 that have been debated but are ultimately being preserved in v2
o Most payloads reusedo Use of nonces to ensure uniqueness of keys
v1 extensions and enhancements being merged into mainline v2 specification
o Use of a ‘configuration payload’ similar to MODECFG for address assignment
o ‘X-auth’ type functionality retained through EAPo Use of NAT Discovery and NAT Traversal techniques
42
42
7/1/20
22
43 v1.1
IKEv2: What Is Changing
Significant Changes to the Baseline Functionality of IKEo EAP adopted as the method to provide legacy authentication integration
with IKEo Public signature keys and pre-shared keys, the only methods of IKE
authenticationo Use of ‘stateless cookie’ to avoid certain types of DOS attacks on IKEo Continuous phase of negotiation
43
43
44 v1.1
How Does IKEv2 Work?
44
IKE_SA_INIT(Two Messages)
IKE_AUTH (Two Messages)
Protected Data
IKE_SA AuthenticationParameters Negotiated
IKE Authentication Occursand One CHILD_SA Created
CREATE_CHILD_SA (Two Messages) Second CHILD_SA Created
44
7/1/20
23
45 v1.1
Configuring IPsec
Step 1: Define IKEv2 keyring Step 2: Define IKEv2 proposalStep 3: Configure IKEv2 policyStep 4: Configure crypto ACL Step 5: Define transform setsStep 6: Define IKEv2 profilesStep 7: Define crypto mapStep 8: Apply crypto map to interface
45
45
46 v1.1
Router Configuration (IKEv2)crypto ikev2 keyring KEYRING-1
peer REMOTE-NW
address 192.168.2.1
pre-shared-key Tr@ining
crypto ikev2 proposal PROPOSAL-1
encryption aes-cbc-256
integrity sha512
group 24
crypto ikev2 policy POLICY-1
proposal PROPOSAL-1
46
Define proposal to use for
IKE_SA_INIT
Define keyring to hold PSK
Attach proposal to policy
46
7/1/20
24
47 v1.1
Router Configuration (IKEv2)access-list 102 permit ip 172.16.16.0 0.0.0.255 172.16.20.0 0.0.0.255
crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha512-hmac
crypto ikev2 profile PROFILE-1match identity remote address 192.168.2.1 255.255.255.255
authentication local pre-shareauthentication remote pre-sharekeyring local KEYRING-1
crypto map LAB-VPN 10 ipsec-isakmpset peer 192.168.2.1set pfs group24SI
set security-association lifetime seconds 3600set transform-set ESP-AES-SHAset ikev2-profile PROFILE-1
match address 102
Define profile and attach
keyring to use for IKE_AUTH
Define crypto-mapand apply to an
outbound interface
Define transform-set as
before
47
48 v1.1
IPsec Best Practices
Use IPsec to provide integrity in addition to encryption o Use ESP option
Use strong encryption algorithms o AES instead of DES
Use a good hashing algorithmo SHA instead of MD5
Reduce the lifetime of the Security Association (SA) by enabling Perfect Forward Secrecy (PFS)
o Increases processor burden so do this only if data is highly sensitive
48
48
7/1/20
25
49 v1.1
Thank You!END OF SESSIONThank You!
END OF SESSION
49
50 v1.1
• Any questions?
50
7/1/20
26
51 v1.1
• APNIC Helpdesk Chat
51
