Download pdf - 07.Vpns and Ipsec

8/13/2019 07.Vpns and Ipsec

1/12

The Ultimate CCNA Study Package - ICND 2

Chris Bryant, CCIE #12933 www.thebryantadvantage.com Back To Index

VPNs And IPSec

Overview

It will come as no surprise to you the protection of WAN transmissions isone of the most vital facing us today. To that end, an important part ofCisco networking is knowing when and how to configure Virtual PrivateNetworks (VPNs). It's the "private" part of VPNs that we're mostconcerned with. Configuring VPNs gives us the opportunity to applysecurity to a connection that is using a shared technology such as FrameRelay - in other words, to treat this connection as though it were on aprivate network.

What's A VPN?

You can think of a VPN as a tunnel - actually, VPNs are often referred toas tunnels. We can apply security rules and policies to this tunnelwithout applying them to other WAN communications. In the following

exhibit, a VPN has been created between two routers. Security policiescan be enforced on the VPN between those two routers without affectingany WAN communications involving other routers.

What's A VPN?

Tunneling Protocols

VPN Types

VPN Terminology

Data Encryption Schemes

Key Encryption Schemes

IPSec Architecture

Internet Key Exchange (IKE)

IPSec Process Overview


2/12

VPNs offer three vital functions, all of which are important in today'snetworks. Note that two of these occur at the receiver, and one at the

sender. Data origin authenticationallows the receiver to guarantee thesource of the packet.

Encryption is just that - the sender encrypts the packets before sendingthem. If an intruder picks them off the wire, they will have no meaning.

Integrityis the receiver's ability to ensure that the data was not affected oraltered in any fashion as it traveled across the VPN.


3/12

There are three different protocols we can use to create this tunnel.Originally defined in RFC 1701,Generic Routing Encapsulationenables aCisco router to encapsulate a packet in an IP header. When the packet

reaches the remote router, the header is stripped off. GRE's drawback isthat there's no encryption scheme, and that's a pretty big drawback.

Defined in RFC 2661, The Layer 2 Tunneling Protocol(L2TP) is actually ahybrid of Microsoft's Point-to-Point Tunneling Protocol (PPTP) and Cisco'sown Layer 2 Forwarding (L2F). Again, the major drawback is that L2TPdoesn't have an encryption scheme either.

This drawback is corrected by IP Security,generally referred to as IPSec.IPSec does offer encryption along with authentication, and that's why you'llsee more IPSec in today's networks than L2TP or GRE. That's also why

we're going to spend the majority of this section working with IPSec.

A couple of the tunneling protocols we've already mentioned - L2TP andL2F - obviously work at Layer 2 of the OSI model. Tunneling protocolscan actually run at different OSI layers:

Secure Shell (SSH) and Secure/Multipurpose Internet MailExtensions(S/MIME) both run at the Application layer.

Secure Socket Layer (SSL) runs at the Transport layer, althoughsome documentation lists it as running at the Presentation layer.

As mentioned, L2TP and L2F both run at the Data Link layer.

Since both GRE and L2TP offer no encryption, they should be avoided ifpossible. IPSec is an excellent choice since both encryption andauthentication are possible, but (there's always a "but") IPSec can onlysupport unicast IP traffic. If other protocols are in use, or multicast trafficmust go across the tunnel, GRE or L2TP may have to be used.

VPN Types

There are two general types of remote access VPNs, and the name of oneof them is a little misleading. The obvious one is client-initiated, where aremote user will use a VPN client to create a secure tunnel across an

ISP's network to the enterprise network.

The oddly-named Network Access Server-initiated VPN starts with the


4/12

remote user as well. The user will dial in to a Network Access Server,and the NAS is the device that creates a secure tunnel to the enterprisenetwork.

Both of these VPN types illustrate the major advantage that suchconnections have over more traditional point-to-point connections - theremote users can be at any remote point and still connect to theircorporate network.

VPN Terminology

Before we get to a more specific discussion of VPNs, there are somemore general terms you should know.

Data Confidentialitymeans that only the devices that shouldsee the data

in an unencrypted form will. Generally, this is achieved by one endpointencrypting the data and sending it across the link in that fashion, with thesecond endpoint unencrypting the data.

Data Integritymeans that the recipient of the data can guarantee that thereceived data is the same as the transmitted data - in short, that the datawas not altered during transport.

Data Origin Authentication guarantees that the data originated from aspecific endpoint.

Anti-replay protection(sometimes just called "replay protection") protectsagainst replay attacks, a malicious repeat and/or delay of a validtransmission.

For example, Router A requests proof of identity from RouterC. Router C responds with proof of identity. The problem is, an intruderis listening to the conversation and copies Router C's proof of identity.

After Router A and Router C are done talking, the Intruder starts aconversation with Router A, pretending to be Router C. When Router Aasks for proof of identity, the Intruder submits Router C's proof, and

Router A will accept it. The potential intruder is now officially an intruder.


5/12

Anti-replay protection can use several different methods of defeating suchan attack, including the one-time use of tokens for the proof of identity orby using sequence numbers. When a sequence number is presented asecond time as proof of identity, it will be rejected.

Data Encryption Technologies

For data to be encrypted, it follows that something's got to perform thisencryption! One such encryption tool is the Data Encryption Standard(DES). DES was developed in 1976, and a few problems have developedwith DES since then. The main issue is that the key used by DES to

encrypt data is only 56 bits in size. (A key is a random string of binarydigits.)

Thirty years ago, that was fine, but then again floppy disks used to be thelargest storage unit any of us needed! Depending on whosedocumentation you read, DES keys can be broken in any time frame from24 hours to ten minutes. That's bad, no matter how long it takes!

Triple DES (TDES) is just what it sounds like - the DES encryptionprocedure is run three times, with three different 56-bit DES keys. That's atotal of 168 bits, but the effective security provided is considered to be

only 112 bits.

TDES is sometimes referred to as 3DES, and you may see it expressedthat way on your exam; however, to avoid confusion with TDES variations2TDES and 3TDES, the "3DES" abbreviation is discouraged.

The Advanced Encryption Standard (AES) is being rapidly adopted bygovernments and organizations around the world. AES can run on anyCisco router that has IPSec DES/3DES capability. The actual function of

AES is far beyond the scope of this exam, but it really is quite fascinating.Visit www.wikipedia.org and search on "advanced encryption standard"to learn exactly how it works.

Key Encryption Schemes

Symmetric encryption is an algorithm where the key that is used forencryption is also used for decryption. Symmetric encryption issometimes called secret key encryption. Variations of symmetricencryption include stream algorithms, where one bit or byte isencrypted/decrypted at a time, and block algorithms, where blocks of dataare encrypted/decrypted as a whole. These data blocks are usually 64bits in size. Both DES and TDES use symmetric encryption.

The drawback to symmetric encryption is that the key is used for twopurposes, making it that much easier for an intruder to discover the key.Proper key management is vital (and that can be said for asymmetric


6/12

encryption as well!)

In contrast, asymmetric encryptioninvolves two keys for both the senderand receiver. This public key encryption scheme involves a public andprivate key for each user. Before starting the actual encryption process,

the public key should be certified by a third party called a CertificateAuthority (CA).

If "Dan" has a public key, the CA will make sure Dan is who he says he is,and the CA will then issue a digital certificatesaying just that. The digitalcertificate is a combination of Dan's public key and the CA's private rootkey.

The CA may be global, such as www.verisign.com, or it may be a CA inyour very own organization. The key here (no pun intended) is that youbetter trust your CA, because the entire public key encryption process isbuilt around the CA verifying users and their public keys.

Now that the CA has verified Dan and Bob, public key encryption can beput into use. In this example, Dan will send an email to Bob using PKE.Dan will actually use Bob'spublic key to encrypt the message. The emailis then sent to Bob, who will use his private key to de-encrypt the email.

RSAis a well-known public key encryption scheme. The letters stand for

the originators of this algorithm (Ron Rivest, Adi Shamir, and LenAdelman).

Exchanging Secret Keys Over A Non-Secure Connection

It seems like quite a Catch-22; to create the VPN, we need the endpointsto exchange secret keys, but since the VPN doesn't exist yet, the secretkeys must be exchanged over a non-secure connection! An algorithmyou encountered earlier in your CCNA studies will come to our rescue.

The Diffie-Hellmanalgorithm allows the exchange of secret keys over anon-secure communications channel. Referred to in some documentation

as exponential key agreement,this protocol was also designed in 1976 -but it's still in use today in networks around the world.


7/12

The IPSec Architecture

IPSec is a combination of three following protocols:

Authentication Header (AH), which defines a method for

authentication and securing data Encapsulating Security Payload (ESP), which defines a method for

authenticating, securing, and encryptingdata Internet Key Exchange (IKE), which negotiates the security

parameters and authentication keys

The IPSec Packet Format

Defined in RFC 2402,Authentication Header (AH)offers solid security -- itprovides data origin authentication as well as offering optional anti-replayprotection. The drawback with AH is that the authentication it provides forthe IP Header is not complete.

That's because some of the IP fields can't be correctly predicted by thereceiver - these are mutable fields which may change duringtransmission. AH will successfully protect the IP packet's payload,though, which is really what we're interested in.

To sum it up, AH does offer:

data origin authentication data integrity anti-replay protection (optional)

AH does notoffer data confidentiality.

The Encapsulating Security Payload (ESP) does just that - as you cansee from the IPSec packet illustration, there is an ESP Header and ESPTrailer surrounding, or encapsulating, the data. ESP offers all of thefollowing:

data origin authentication anti-replay protection data confidentiality

Comparing AH and ESP, you might be wondering why you'd ever chooseAH over ESP. Here are a few things to consider:

ESP is more processor-intensive than AH. If your data does notrequire data confidentiality, AH may meet all your requirements.

ESP requires strong cryptography, which isn't available and/orallowed everywhere. AH has no such requirement.


8/12

Both ESP and AH can be run in one of two modes - Tunnel Mode andTransport Mode. In Tunnel mode, the entire IPSec process istransparent to the end hosts; specialized IPSec gateway devices handlethe IPSec workload. The entire IP packet is encrypted, and then thatencrypted packet is placed into another IP packet. This totalencapsulation results in a kind of "virtual tunnel" being created betweenthe two endpoints.

The end hosts themselves perform the encapsulation when Transportmode is used, which naturally means that IPSec has to be running onthose hosts. No new IP header is attached when Transport mode is inuse.

A VPN In Your Web Browser?

When you're about to enter credit card information on a website, youshould see the "http" in the address bar turn to "https". That means you're

using Secure Socket Layer (SSL), which will encrypt this sensitiveinformation. SSL is now being used to create VPNs as well, allowing youto use your web browser to connect to a VPN!

Most VPN software is easy to work with, but frankly, some of it's not.Using SSL VPNs means no additional software has to be purchased orinstalled.

Cisco is hardly the only vendor pushing out SSL VPNs. To look into themany options for SSL VPNs today, just search on "SSL VPN" in yourfavorite search engine and you'll find quite a few solutions.

The following is *not* required reading for the CCENT and CCNAexams. I've included it for those who want to learn more aboutVPNs. Enjoy!

The Internet Key Exchange (IKE)

Basic IPSec operation is much like running PPP over ISDN. We're evengoing to use some of the same terms! Before we take a broad overview of

how IPSec works, there's one more term we need to discuss - the InternetKey Exchange, or IKE.

Defined in RFC 2409, IKE has a lot to do! IKE must negotiate theparameters of the communication channel, authenticate both endpoints,handle the exchange of public keys, and manage the keys afterwards.

Remember how we consider EIGRP to be a "hybrid" because it hascharacteristics of both distance vector and link state protocols? IKE is ahybrid as well, but for a much different reason - IKE is a combination ofthree protocols.

SKEME, which enables public key encryption for authentication ISAKMP, which defines how messages will be exchanged


9/12

Oakley, which defines the mechanism for key exchanges

IKE is a two-phase process, and Phase I is where two IPSec-enableddevices come to an agreement on what methods will be used to exchangedata over a secure communications channel. This can be done in eitherMain or Aggressive modes - Aggressive is a little faster, but none of theinformation exchanged in Aggressive mode is encrypted. Main mode willbe illustrated later in this section.

This phase will result in a Security Association being created for theISAKMP process itself - an IKE SA. A Security Association is simply anagreement between two hosts as to the IPSec parameters that will beused for communications between the two.

In contrast to most SAs, an IKE SA is bidirectional. Only one IKE SA isrequired for two IPSec peers to communicate, and that particular SAnegotiates the following:

The hash algorithm to use, whether that be our old friend MD5 orSHA

The authentication method The encryption algorithm The Diffie-Hellman group. (Four of these are predefined in IKE)

In turn, this IKE SA will be used in Phase II. In Phase II, the IPSec peersmust agree on the attributes to be used to create the SAs for AH andESP. The SAs created in Phase II are unidirectional.

An Overview Of IPSec Operation

We've spent quite a bit of time here looking at the individual parts ofIPsec, so let's take an overview of a basic IPSec operation. Overall, thereare five steps to IPSec:

Process Initialization IKE Phase I (IKE SA negotiation) IKE Phase II (IPSec SA negotiation) Data Transfer Tunnel Termination

IPSec doesn't just start working by itself - like ISDN, it requiresinterestingtrafficto be sent by a host. This interesting traffic initializes the IPSecprocess.

The routers will now enter IKE Phase I. Assuming we're running Main


10/12

mode, there will be three exchanges of messages overall. The initiatorwill first transmit proposals for the encryption and authentication schemesto be used.

In the second exchange of IKE Phase I, the devices will exchange Diffie-Hellman public keys; from this point on, the rest of the negotiation isencrypted.

The initiator and recipient authenticate each other in the third exchange ofPhase I, using an encrypted form of their IP addresses. The IKE SA isthen established and Phase II can begin.

If we had chosen to run IKE in Aggressive Mode, this would have been a


11/12

three-message process. The initiator packets everything needed for theSA negotiation in the first message; the recipient responds with theacceptable parameters and authentication information; the initiator thensends its authentication information in the third and final message.

IKE Phase II has one mode, Quick mode. This is also a three-messageprocess. The initiator proposes parameters for the IPSec SA, therecipient responds with a list of acceptable parameters, and the initiatorthen transmits a message that lets the responder know that message 2was received and processed. This message is calledproof of liveness.

With the IPSec SA in place, the hosts can now exchange data.


12/12

Once the data exchange is complete, the tunnel can be torn down. Thistunnel termination can be configured to occur after a certain number ofbytes have passed through the tunnel, or perhaps after the tunnel havebeen up for a certain number of seconds. But what if traffic is flowingthrough the tunnel at the same time the tunnel's supposed to be torndown? No fear - a new Security Association can be agreed upon whilethe existing one is still in place.

Back To Index

Copyright 2011 The Bryant Advantage. All Rights Reserved.