Advanced Security Technology Concepts

7/31/2019 Advanced Security Technology Concepts

1/51

Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 1

1 1999, Cisco Systems, Inc.

318

0944_05F9_c1 1 1999, Cisco Systems, Inc.

318

0944_05F9_c1


3180944_05F9_c1

Advanced SecurityAdvanced SecurityTechnology ConceptsTechnology Concepts

Session 318Session 318


2/51



318

0944_05F9_c1

What Is CryptographyWhat Is Cryptography

A way of keeping information private

Provides authentication and integrity

Nonrepudiation

Requires key management

A communications enabler

Communication with confidence


3180944_05F9_c1

AgendaAgenda

Encryption Concepts and Terminology

The PKI and CEP

A Day In the Life of an IPSec Packet

IPSec Implementation Issues


3/51



318

0944_05F9_c1

Encryption ConceptsEncryption Conceptsand Terminologyand Terminology


318

0944_05F9_c1


3180944_05F9_c1

ConfidentialityConfidentiality

Confidentialitycommunicating suchthat the intended recipients knowwhat was being sent but unintendedparties cannot determine what

was sent


4/51



318

0944_05F9_c1

PubPub

KeysKeys

Each device has three keys:

1. A private key that is kept secret and never shared.Used to sign messages

2. A public key that is shared. Used by others to verifya signature

3. A shared secret key that is used to encrypt datausing a symmetric encryption algorithm (e.g., DES)

DESDES DESDES

PriPri

PubPub

WAN

PriPri


3180944_05F9_c1

Cost 40 56 64 80 112 128

100 K 2 secs 35 hours 1 year 70,000 yrs 1014 yrs 1019 yrs

1 M .2 secs 3.5 hours 37 days 7000 years 1013 yrs 1018 yrs

10 M .02 secs 21 mins 4 days 700 years 10

12

yrs 10

17

yrs100 M 2 millisecs 2 mins 9 hours 70 years 1011 yrs 1016 yrs

1 B .2 millisec 13 secs 1 hour 7 years 1010 yrs 1015 yrs

Estimated Time for Brute-Force Attack(1995) on Symmetric Keys

Key SizesKey Sizes


5/51



318

0944_05F9_c1

Public Key

DecryptionDecryption

Private Key

NetworkersNetworkers &^$!@#l:{Q&^$!@#l:{Q NetworkersNetworkersEncryptionEncryption

Asymmetric orAsymmetric orPublic-Key EncryptionPublic-Key Encryption

Encryptor and decryptor use differentmathematical functions

Encryptor and decryptor use different keys Example: Public key algorithms

(RSA, Diffie-Hellman)

Generate a secret key


3180944_05F9_c1

YB = g mod p

Secret Value,XBPublic Value,

AliceAlice BobBobSecret Value, XAPublic Value, YA

YA

YA =g mod pXA

YB

XB

(Shared Secret)g is a large primep size is based on D-H group

YB mod p = g mod p = YA mod pXBXAXBXA

The Diffie-HellmanThe Diffie-Hellman

Public Key ExchangePublic Key Exchange


6/51



318

0944_05F9_c1

Host A

prime p = 5, primitive g = 3

Choose Xa such that

0


7/51



318

0944_05F9_c1

DecryptionDecryptionEncryptionEncryption

Clear-TextOriginal

Clear-TextCipher-Text

NetworkersNetworkers &^$!@#l:{Q&^$!@#l:{Q NetworkersNetworkers

DES EncryptionDES Encryption

Peer routers now have identical keys

DES encryption turns cleartext

into ciphertext Decryption restores cleartext

from ciphertext


3180944_05F9_c1

IV

EKEK

Ci-1

Pi+1

Ci+1

Pi

Ci

DES TransformsCFBDES TransformsCFB


8/51



318

0944_05F9_c1

IV

EK

Ci-1

Pi

EK

Ci

Pi+1

EK

Ci+1

DES TransformsCBCDES TransformsCBC


3180944_05F9_c1

64 bit block plain textInitial Permutation

32 bits 32 bits

Expansion Permutation

S-Box Substitution

CompressionPermutation

Choose 48 bits

L i-1

56 bit Key

R i-1

P-Box Permutation

L i R i

Shift 28 bits Shift 28 bits

56 bit Key

XORXOR

XORXOR

DES ExplainedDES Explained


9/51



318

0944_05F9_c1

IntegrityIntegrity

Integrityensuring that datais transmitted from source todestination withoutundetected alteration


3180944_05F9_c1

Message

SecretKey

SecretKey

HashFunction

HashFunction

Hash

Message-Digest AlgorithmsMessage-Digest Algorithms

Secret key and messageare hashed together

Recomputation of digestverifies that messageoriginated with peer andthat message was notaltered in transit

Also used indigital signatures

Examples HMAC-MD5,HMAC-SHA


10/51



318

0944_05F9_c1

Hash AlgorithmsHash Algorithms

Produces a 128 bit hashvalue

Input 512 bit block split as16 x 32 bit blocks

Output is 4 x 32 bit blocksconcatenated

4 Chaining variables

4 rounds of 16 operationswith 4 functions per round


Input 512 bit block split as16 x 32 bit blocks



4 rounds of 16 operationswith 4 functions per round


Input 512 bit block split as16 x 32 bit blocks,expanded to 80 x 32 bitblocks



4 rounds of 20 ops


Input 512 bit block split as16 x 32 bit blocks,expanded to 80 x 32 bitblocks



4 rounds of 20 ops

MD5MD5 SHASHA


3180944_05F9_c1

AuthenticationAuthentication

AuthenticationKnowing that thedata received is the same as the datathat was sent and that the claimedsender is in fact the actual sender.


11/51



318

0944_05F9_c1

Sign Hash with Private Key

Hash of Message

Signature = Encrypted

Hash of Message

AliceAlice

HashFunction

Hash

Function

Message

s74hr7sh7040236fw

7sr7ewq7ytoj56o4577sr7ewq7ytoj56o457

One-way function. Easy to

produce hash from message,impossible to produce

message from hash

Digital SignaturesDigital Signatures


3180944_05F9_c1

Message

AliceAlice

HashFunction

Hash

Function

Decrypt the

ReceivedSignature

Decrypt Using

Alices Public Key

Hash ofMessage Hash Message

Message with

AppendedSignature

If Hashes areEqual, Signature

is Authentic

Re-Hash theReceived

Message

MessageSignatureSignature

SignatureSignature

Signature VerificationSignature Verification


12/51



318

0944_05F9_c1

Message

SecretSecret

Secret

Secret

BobBob

+

Alice EncryptsMessage

with a RandomSecret Key

Encrypt the

Secret Keywith BobsPublic Key

SecretSecret

BobBob

Bob Decrypts theSecret Key with His

Private Key, thenDecrypts the

Message

Used During CA TransactionsUsed During CA Transactions

Digital EnvelopeDigital Envelope


3180944_05F9_c1

PKI and CEPPKI and CEP


3180944_05F9_c1


13/51



318

0944_05F9_c1

Certificate

Authority

Key RecoveryCertificate

Revocation

Registration and

Certification Issuance

CertificateDistribution

KeyGeneration

Support for Non-Repudiation

Trusted TimeService

Key Storage

PKI ComponentsPKI Components


3180944_05F9_c1

Certificate Life Cycle andCertificate Life Cycle and

ManagementPKIXManagementPKIX

ExpirationExpiration RevocationRevocation

Useful LifeUseful Life

CertificationCertification

InitializationInitialization


14/51



318

0944_05F9_c1

Certificates andCertificates and CAsCAs

Certificate Authority (CA) verifies identity

CA signs digital certificate containing

devices public key Verisign On-Site, Entrust PKI, Netscape

CA, Microsoft CA

InternetInternet

B A N K


3180944_05F9_c1

Certificate :: =Certificate :: =

{{

Version (v3)Version (v3)Serial NumberSerial NumberSign Algorithm IDSign Algorithm IDIssuer NameIssuer NameValidity PeriodValidity PeriodSubject NameSubject NameSubject Public KeySubject Public KeyIssuer Unique IDIssuer Unique ID

Subject Unique IDSubject Unique IDExtensionsExtensionsSignatureSignature

}}

X.509v3 CertificateX.509v3 Certificate

Binds user identity(Subject Name) to apublic key via signature

Issuer (CA) signs cert

Note cert has defined lifetime

Identifies which signaturealgorithm was used tosign cert

Extension fields allow otherinformation to be bound tocert (e.g., subjectsclearances)=


15/51



318

0944_05F9_c1

Home-gw10.1.2.3

Home-gw10.1.2.3

Enrolling a Device with a CAEnrolling a Device with a CA

Generate public/private keys

Send certificate request to CA

CA signs certificate

Retrieve certificate from CA


3180944_05F9_c1

Cert 12345Cert 12241Cert 22333

Certificate Revocation ListCertificate Revocation List

List of revokedcertificates signedby CA

Stored on CA ordirectory service

No requirement ondevices to ensureCRL is current

RevokedRevoked


16/51



318

0944_05F9_c1

Certificate Authority

Certificate User

Certificate (points issuer to subject)

Cross Certificate

Alice

Bob

Carol

CA RelationshipsHierarchyCA RelationshipsHierarchyand Cross-Certificationand Cross-Certification

CACA

CACA

CACA CACA

CACA

CACA

CACA


3180944_05F9_c1

Certificate Enrollment ProtocolCertificate Enrollment Protocol

PKCS #7 for signing and enveloping

PKCS #10 for certificate request

HTTP and LDAP for transport

Requires manual authenticationduring enrollment

CRL distribution is manual


17/51



318

0944_05F9_c1

A Day In the Life of anA Day In the Life of anIPSec PacketIPSec Packet


318

0944_05F9_c1


3180944_05F9_c1

IPHeader

IPHeader

IPSec Header(s)AH/ESP

IPData(Encrypted)

IPData(Encrypted)

IPSec OverviewIPSec Overview

Interoperable authentication,integrity and encryption


18/51



318

0944_05F9_c1

All Data in Clear TextRouter

Firewall

Authentication HeaderAuthentication Header

Data integrityno twiddling of bits

Origin authenticationdefinitelycame from Router

Uses keyed-hash mechanism

Does NOT provide confidentiality

Replay protection


3180944_05F9_c1

AHAH

Authentication

Data (00ABCDEF)

Authentication

Data (00ABCDEF)

IP Header + Data IP Header + Data

Router

Firewall

IP HDRIP HDR DataData

AH Authentication and IntegrityAH Authentication and Integrity


19/51



318

0944_05F9_c1

Next

Header

NextHeader

Payload

Length

PayloadLength

RESERVEDRESERVED

Security Parameter Index (SPI)Security Parameter Index (SPI)

Sequence Number FieldSequence Number Field

Authentication DataAuthentication Data

IPSec AuthenticationIPSec AuthenticationHeader (AH)Header (AH)

AH header isprepended to IPdatagram or toupper-layer protocol

IP datagram, part ofAH header, andmessage itself areauthenticated with akeyed hash function


3180944_05F9_c1

Encapsulating Security PayloadEncapsulating Security Payload

Data confidentiality

Limited traffic flow confidentiality

Data integrity

Data origin authentication

Anti-replay protection

Does not protect IP Header


20/51



318

0944_05F9_c1

Encryption with a Keyed-MAC

Authenticated

Firewall

Encrypted

ESPESPIP HDRIP HDR DataData

ESP Confidentiality and IntegrityESP Confidentiality and Integrity

Router


3180944_05F9_c1

IPSec Encapsulating SecurityIPSec Encapsulating Security

Payload Header (ESP)Payload Header (ESP)

ESP header isprepended toIP datagram

Confidentialitythrough encryptionof IP datagram

Integrity throughkeyed hash function

Security Parameter Index (SPI)Security Parameter Index (SPI)

Sequence Number FieldSequence Number Field

Padding (If Any)Padding (If Any)

PadLengthPadLength NextHeaderNextHeader

Initialization VectorInitialization Vector

Authentication DataAuthentication Data

Payload DataPayload Data


21/51



318

0944_05F9_c1

IP HDRIP HDR

Encrypted

IP HDRIP HDR DATADATA

IPSec HDRIPSec HDR DATADATA

IP HDRIP HDR DATADATA

IPSec HDRIPSec HDR IP HDRIP HDRNew IP HDRNew IP HDR

Encrypted

DATADATA

Tunnel Mode

Transport Mode

IPSec ModesIPSec Modes


3180944_05F9_c1

Router

Firewall

Insecure Channel

Security Association (SA)Security Association (SA)

Agreement between two entitieson method to communicate securely

Unidirectionaltwo-way communicationconsists of two SAs


22/51



318

0944_05F9_c1

Tunnel-Mode

AH-HMAC-SHAPFS 50

Tunnel-ModeAH-HMAC-SHA

PFS 50

Transport-Mode

ESP-DES-HMAC-MD5PFS 15

Transport-ModeESP-DES-HMAC-MD5

PFS 15

Security Associations EnableSecurity Associations EnableYour Chosen PolicyYour Chosen Policy


3180944_05F9_c1

Destination Address

Security Parameter Index (SPI)

IPSec Transform

Key

Additional SA Attributes(e.g., lifetime)

205.49.54.237205.49.54.237

7A390BC17A390BC1

AH, HMAC-MD5AH, HMAC-MD5

7572CA49F76329467572CA49F7632946

One Day or 100MBOne Day or 100MB

IPSec Security Association (SA)IPSec Security Association (SA)


23/51



318

0944_05F9_c1

IKEIKE

Negotiates policy toprotect communication

Authenticated Diffie-Hellmankey exchange

Negotiates (possibly multiple)security associations for IPSec

A flavor of ISAKMP/Oakley for IPSec

Provides PFS


3180944_05F9_c1

Perfect Forward Secrecy (PFS)Perfect Forward Secrecy (PFS)

Compromise of a single key willpermit access to only dataprotected by that particular key

IKE provides PFS if required by usingDiffie-Hellman for each rekey

If PFS not required, can refresh keymaterial without using Diffie-Hellman


24/51


25/51



318

0944_05F9_c1

Cisco IOS IPSec ConfigurationCisco IOS IPSec Configuration

! If certain traffic matches the rules in access-list 101, then apply! the crypto map or template. The map is called test1, it requires! SAs for both ISAKMP and IPSec. The appropriate peer is! 192.168.0.20 (Fred) and the transform-sets router and test2! should be proposed to Fred in order to find the best match to! be the basis of the IPSec SA. The ISAKMP SAs will be based! on the ISAKMP policies defined earlier in the config

crypto map test1 10 ipsec-isakmpset peer 192.168.0.20set transform-set router test2match address 101

! Apply the crypto map to an interface

interface Ethernet0ip address 192.168.0.2 255.255.255.0crypto map test1

access-list 101 permit ip host 192.168.0.2 host192.168.0.20


3180944_05F9_c1

SA Request IPSec (triggered by ACL)

FredFred WilmaWilma

IKE SA Offerdes, sha, rsa sig, D-H group 1, lifetime

Policy Match accept offer

Fred D-H exchange : KE, nonce

Wilma D-H exchange : KE, nonce

Fred Authenticate D-H apply Hash

Wilma Authenticate D-H apply Hash

ISAKMPPhase 1

Oakley Main

Mode

ISAKMPPhase 1

Oakley MainMode

IKE Bi-Directional SA EstablishedIKE Bi-Directional SA Established

In the Clear

Protected

In the Clear

Protected

Establishing the IKE SAEstablishing the IKE SA


26/51



318

0944_05F9_c1

FredFred WilmaWilma

IPSec SA Offertransform, mode,pfs, authentication,lifetime

Policy Match accept offer

Fred D-H exchange or refresh IKE key

Wilma D-H exchange or refresh IKE key

ISAKMP

Phase 2Oakley

Quick Mode

ISAKMPPhase 2

OakleyQuick Mode

IPSec Outbound SA EstablishedIPSec Inbound SA Established

IPSec Outbound SA Established

IPSec Inbound SA Established

Protectedby the

IKE SA

Protectedby theIKE SA

Establishing IPSec SAsEstablishing IPSec SAs


3180944_05F9_c1

IKE with preshared keys

Fred proposes using esp-des to Wilma,access-list 101 triggers the

IPSec requirement.

fred#telnet 192.168.0.2

Trying 192.168.0.2

A Day DebugA Day Debug


27/51



318

0944_05F9_c1


Traffic matching an ACL specification triggers a policyformulation by the sender. If more than one policyexists for a particular destination, then gather allrelevant policies.

IPSEC(sa_request): ,

(key eng. msg.) src= 192.168.0.20, dest= 192.168.0.2,

src_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1),

dest_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-des ,

lifedur= 3600s and 4608000kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004


3180944_05F9_c1


ISAKMP Phase One using Oakley Main Mode.Negotiate an ISAKMP security association(policy). This SA will protect any key and/orparameter negotiation required by other servicessuch as IPSec.

ISAKMP (26): beginning Main Mode exchangeISAKMP (26): processing SA payload. message ID = 0ISAKMP (26): Checking ISAKMP transform 1 against priority1 policy

ISAKMP: encryption DES-CBCISAKMP: hash SHAISAKMP: default group 1ISAKMP: auth pre-shareISAKMP (26): atts are acceptable. Next payload is 0


28/51


29/51



318

0944_05F9_c1


Now, negotiate an SA for IPSecThis is ISAKMP Phase 2 using Oakley Quick Mode

ISAKMP (26): beginning Quick Mode exchange, M-ID of -652741699IPSEC(key_engine): got a queue event...IPSEC(spi_response): getting spi 258023605 for SA

from 192.168.0.2 to 192.168.0.20 for prot 3ISAKMP (26): processing SA payload. message ID = -652741699ISAKMP (26): Checking IPSec proposal 1ISAKMP: transform 1, ESP_DESISAKMP: attributes in transform:ISAKMP: encaps is 1ISAKMP: SA life type in secondsISAKMP: SA life duration (basic) of 3600


3180944_05F9_c1

ISAKMP: SA life type in kilobytesISAKMP: SA life duration (VPI) of0x0 0x46 0x50 0x0

ISAKMP (26): atts are acceptable.

IPSEC(validate_proposal_request): proposal part #1,(key eng. msg.) dest= 192.168.0.2, src= 192.168.0.20,

dest_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1),src_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1),protocol= ESP, transform= esp-des ,lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4



30/51



318

0944_05F9_c1


Generate a shared key for encryption for IPSec.Generally the original D-H generated shared secretkey is refreshed via combining it with a random value(another nonce) as shown below.

ISAKMP (26): processing NONCE payload. message ID = -652741699ISAKMP (26): processing ID payload. message ID = -652741699

ISAKMP (26): processing ID payload. message ID = -652741699


3180944_05F9_c1


ISAKMP (26): Creating IPSec SAs

inbound SA from 192.168.0.2 to 192.168.0.20 (proxy192.168.0.2to 192.168.0.20 )

has spi 258023605 and conn_id 27 and flags 4lifetime of 3600 secondslifetime of 4608000 kilobytesoutbound SA from 192.168.0.20 to 192.168.0.2 (proxy

192.168.0.20to 192.168.0.2 )

has spi 251200955 and conn_id 28 and flags 4

lifetime of 3600 secondslifetime of 4608000 kilobytes

IPSEC(key_engine): got a queue event...


31/51



318

0944_05F9_c1

IPSEC(initialize_sas): ,

(key eng. msg.) dest= 192.168.0.20, src= 192.168.0.2,dest_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1),

src_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1),protocol= ESP, transform= esp-des ,

lifedur= 3600s and 4608000kb,spi= 0xF6120B5(258023605), conn_id= 27, keysize= 0,

flags= 0x4

IPSEC(initialize_sas): ,(key eng. msg.) src= 192.168.0.20, dest= 192.168.0.2,

src_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1),

dest_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1),protocol= ESP, transform= esp-des ,lifedur= 3600s and 4608000kb,spi= 0xEF905BB(251200955), conn_id= 28, keysize= 0,

flags= 0x4



3180944_05F9_c1


Each SA is unidirectional so we need to seetwo SAs created on each participating peer,one outbound and one inbound :

IPSEC(create_sa): sa created,(sa) sa_dest= 192.168.0.20, sa_prot= 50,sa_spi= 0xF6120B5(258023605),sa_trans= esp-des , sa_conn_id= 27

IPSEC(create_sa): sa created,(sa) sa_dest= 192.168.0.2, sa_prot= 50,sa_spi= 0xEF905BB(251200955),sa_trans= esp-des , sa_conn_id= 28


32/51



318

0944_05F9_c1

Using a CAUsing a CAEntrust ConfigurationEntrust Configuration

ip domain-name cisco.com

crypto isakmp policy 4

crypto ca identity cisco.com

enrollment mode ra

enrollment url http://10.0.0.2/cgi-bin

query url ldap://10.0.0.2

crl optional


3180944_05F9_c1

Step 1Generate Public/Private KeysStep 1Generate Public/Private Keys

barney(config)#crypto key gen rsa usage

The name for the keys will be: barney.cisco.comChoose the size of the key modulus in the range of 360 to 2048 for yourSignature Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]:Generating RSA keys ...[OK]Choose the size of the key modulus in the range of 360 to 2048 for your

Encryption Keys. Choosing a key modulus greater than 512 may takea few minutes.

How many bits in the modulus [512]:Generating RSA keys ...[OK]

CA and CEP ExampleCA and CEP Example


33/51



318

0944_05F9_c1


barney#sho crypto key mypublic rsa% Key pair was generated at: 01:18:43 UTC Mar 1 1999Key name: barney.cisco.comUsage: Signature KeyKey Data:305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00BEDC6C FBD327FC2AFC7521 F2DE3D04 D3239759 7908C8F1 64F0E58F 0116CF6A 897D6210 2D4BFC80CE41DF7B AA75ECAA 6680B13F 30F079BE DD361565 A325B72A 3D020301 0001

% Key pair was generated at: 01:18:45 UTC Mar 1 1993Key name: barney.cisco.comUsage: Encryption Key

Key Data:305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C06DC2 3AE2BF72CE9FD6F6 55C13A0D A3C183D5 1E7E4523 E8863DDC D852FD32 86461BBC F10EEA778A6A5AC9 AFEF6B0A 03107565 03384DB4 4E6C4A77 0C594B10 31020301 0001

Step 1Generate Public/Private KeysStep 1Generate Public/Private Keys


3180944_05F9_c1


barney(config)#cryp ca auth cisco.comCertificate has the following attributes:Fingerprint: 1A5416D6 2EEE8943 D11CCEE1 3DEE9CE7

% Do you accept this certificate? [yes/no]: y

Step 2Request the CA and RA CertificatesManually verify Fingerprint of CA



34/51



318

0944_05F9_c1





3180944_05F9_c1


barney(config)#cry ca enrol cisco.com% Start certificate enrollment ..% Create a challenge password. You will need to verbally provide this

password to the CA Administrator in order to revoke your certificate.For security reasons your password will not be saved in the configuration.

Please make a note of it.

Password:Re-enter password:

% The subject name in the certificate will be: barney.cisco.com% Include the router serial number in the subject name? [yes/no]: n

% Include an IP address in the subject name? [yes/no]: nRequest certificate from CA? [yes/no]: y

Step 3Enrol the Router with the CAStep 3Enrol the Router with the CA


35/51



318

0944_05F9_c1


barney(config)#Signing Certificate Request Fingerprint:4C6DB57D 7CAF8531 7778DDB3 CCEB1FFB

Encryption Certificate Request Fingerprint:D33447FE 71FF2F24 DA98EC73 822BE4F7

Step 3Enrol the Router with the CAFingerprints sent to CA for manual verification



3180944_05F9_c1





36/51



318

0944_05F9_c1


barney#sho cryp ca certCertificateSubject Name

Name: barney.cisco.comStatus: Pending

Key Usage: SignatureFingerprint: 4C6DB57D 7CAF8531 7778DDB3 CCEB1FFB

Certificate

Subject NameName: barney.cisco.com

Status: Pending

Key Usage: EncryptionFingerprint: D33447FE 71FF2F24 DA98EC73 822BE4F7

Step 4CA grants CertificatesStatus Pending -> Available

Step 4CA grants CertificatesStatus Pending -> Available


3180944_05F9_c1


Step 4CA grants CertificatesStep 4CA grants Certificates


37/51



318

0944_05F9_c1

00:02:29: ISAKMP (2): Checking ISAKMP transform 1 against priority

5 policy00:02:29: ISAKMP: encryption DES-CBC00:02:29: ISAKMP: hash MD5

00:02:29: ISAKMP: default group 100:02:29: ISAKMP: auth RSA sig

Certificate DebugCertificate Debug


3180944_05F9_c1

Certificate DebugCertificate Debug

00:02:29: ISAKMP (2): atts are acceptable. Next payload is 000:02:29: ISAKMP (2): SA is doing RSA signature authentication00:02:29: ISAKMP (2): processing KE payload. message ID = 0

00:02:29: ISAKMP (2): processing NONCE payload. message ID = 000:02:29: ISAKMP (2): SKEYID state generated

00:02:30: ISAKMP (2): processing ID payload. message ID = 000:02:30: ISAKMP (2): processing CERT payload. message ID = 0

00:02:30: ISAKMP (2): processing a CT_X509_SIGNATURE cert00:02:30: ISAKMP (2): cert approved with warning00:02:30: ISAKMP (2): processing CERT_REQ payload. message ID = 0

00:02:30: ISAKMP (2): peer wants a CT_X509_SIGNATURE cert00:02:30: ISAKMP (2): processing SIG payload. message ID = 0

00:02:30: ISAKMP (2): SA has been authenticated with 10.0.0.300:02:30: ISAKMP (2): processing SA payload. message ID = 1451572340


38/51


39/51



318

0944_05F9_c1

Scaling Example 1Scaling Example 1Central Site RouterCentral Site Router

crypto map HQ 10 ipsec-isakmp

set peer 172.21.115.1

set peer 172.21.116.1

set transform-set encrypt-des

match address 101


3180944_05F9_c1

Scaling Example 2Scaling Example 2

Central Site RouterCentral Site Router


set peer 172.21.115.1


match address 101


set peer 172.21.116.1set transform-set encrypt-des

match address 102


40/51



318

0944_05F9_c1

Scaling Example 3Scaling Example 3Central Site RouterCentral Site Router

crypto dynamic-map AcceptRemote 20


crypto map dynamicHQ 10 ipsec-isakmp dynamic AcceptRemote


3180944_05F9_c1

Scaling for LargeScaling for Large

Networks OptionsNetworks Options

Multihop encryption

Tunnel endpoint discovery

All-or-nothing approach

Registration server


41/51



318

0944_05F9_c1

IPSec andIKE

Layer 2TP

PPP

Enable Mobile UsersEnable Mobile Userswith Layer 2TP and IPSecwith Layer 2TP and IPSec

1. Client dials ISP uses PPP via modem

2. Client dials gateway using Layer 2TPvia VPN port

3. AAA and assign configuration by gateway

4. IPSec transport mode established betweenclient and gateway


3180944_05F9_c1

IKE SA

ISAKMP TransactionExchange

IPSec

SAsPPP

Enable Mobile UsersEnable Mobile Users

with Mode Config IKE Extensionwith Mode Config IKE Extension

1. Dial ISP using PPP via modem

2. Establish the IKE SA with gateway3. Send ISAKMP_CFG_REQUEST to gateway

4. Gateway sends ISAKMP_CFG_REPLY

5. Client has internal attributes, establish IPSec SAs


42/51



318

0944_05F9_c1

192.168.0.0

255.255.255.0

10.0.0.0

255.255.255.240

192.168.1.0255.255.255.0.1

.2

.6

.2

.1

LO0: 30.30.30.30255.255.255.0

Cisco IPSec Peer

IRE ClientWorkstationIPSec Peer

.12

.20172.17.11.0

255.255.255.0 .1

.2

IPSec, NAT andIPSec, NAT andCisco IOS FirewallCisco IOS Firewall


3180944_05F9_c1

IPSec, NAT andIPSec, NAT and

Cisco IOS FirewallCisco IOS Firewallversion 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname wilma!enable secret 5 $1$baf6$1VAnALbAuaJheCXi.u3fV0enable password cisco!ip subnet-zero! NAT Config translate all inside source addresses matching access-

! list 1 to those addresses defined in the pool outside. Also define a!static translation for the inside web server 192.168.0.20ip nat pool outside 172.17.1.30 172.17.1.50 netmask 255.255.255.0ip nat inside source list 1 pool outsideip nat inside source static 192.168.0.20 172.17.1.20


43/51



318

0944_05F9_c1


! IOS Firewall Timeout declarationsip inspect name firewall tcp timeout 3600ip inspect name firewall udp timeout 15!! Define your IKE Policies. All will be offered to the Peer and the most! secure match will be usedcrypto isakmp policy 1hash md5authentication pre-share!! If the peer can accept this policy, then it will be used as it is more! secure than Policy 1crypto isakmp policy 2

authentication pre-sharegroup 2lifetime 360!! Define the Pre-Shared Keys of your Peerscrypto isakmp key ciscosys address 10.0.0.6


3180944_05F9_c1


Cisco IOS FirewallCisco IOS Firewall

! IPSec policies are defined here. These include your AH and ESP! choices as well as the mode of operation.crypto ipsec transform-set dessha esp-des esp-sha-hmaccrypto ipsec transform-set ahmd5 ah-md5-hmaccrypto ipsec transform-set desmd5tr esp-des esp-md5-hmacmode transport

crypto ipsec transform-set desmd5 esp-des esp-md5-hmac!! When dealing with multiple clients a dynamic crypto map can be! used so that the peers identity need not be defined here. Note! that this router must still authenticate the incoming client via

! either a Pre-Shared key, or a certificate. This is the dynamic! maps template.crypto dynamic-map remotes 1set transform-set desmd5match address 120


44/51



318

0944_05F9_c1


! Regular crypto maps are defined here. The first map allows the! use of PFS such that a brand new Diffie-Hellman exchange is! performed during each IKE quick mode. The identity of this peer! is defined by its loopback address. If the loopback is used it must! be a public address, IPSec is done first, then NATcrypto map iosirepfs local-address Loopback0crypto map iosirepfs 1 ipsec-isakmpset peer 10.0.0.6set transform-set desmd5set pfs group1match address 120

! This crypto map uses the dynamic template defined above.crypto map iosirerem 1 ipsec-isakmp dynamic remotes


3180944_05F9_c1



interface Loopback0ip address 30.30.30.30 255.255.255.0no ip directed-broadcast

!! We want to use NAT and also make sure we trigger the! IOS Firewall such that conversations initiated on the! inside have a dynamic stateful (CBAC) access-list! created.interface Ethernet0

ip address 192.168.0.1 255.255.255.0

ip access-group 110 inno ip directed-broadcastip nat insideip inspect firewall in


45/51



318

0944_05F9_c1


! Inside source addresses are translated to the outside

! pool. All incoming traffic is examined by the! firewall via access-group 111. For IPSec, the crypto! map is applied.

interface Serial0ip address 192.168.1.1 255.255.255.0ip access-group 111 inno ip directed-broadcastip nat outsideno ip mroute-cache

no keepalivecrypto map iosirerem


3180944_05F9_c1



! ACL for NAT translation, any source IP from the! 192.168.0.0 subnet will be translatedaccess-list 1 permit 192.168.0.0 0.0.0.255!! ACL triggers CBAC on traffic initiated on the inside of! the firewallaccess-list 110 permit tcp any anyaccess-list 110 permit udp any anyaccess-list 110 permit icmp any any


46/51



318

0944_05F9_c1


! Before the firewall will allow traffic initiated on the outside in,

! that traffic must satisfy this listaccess-list 111 permit udp host 10.0.0.6 host 192.168.1.1access-list 111 permit esp host 10.0.0.6 host 192.168.1.1access-list 111 permit ahp host 10.0.0.6 host 192.168.1.1

access-list 111 permit tcp host 10.0.0.6 host 172.17.1.20 eq wwwaccess-list 111 permit icmp host 10.0.0.6 anyaccess-list 111 permit udp host 10.0.0.6 host 172.17.1.20 eq tftp!! Encrypt any traffic matching these conditions. Note that the

! NATd addresses are the source addresses.access-list 120 permit ip 172.17.1.0 0.0.0.255 host 10.0.0.6


3180944_05F9_c1

crypto map

my_crypto_map 10

set algorithm 40-bit-des

set peer r3-4k

match address 128

interface Tunnel0

ip address 5.5.5.3 255.255.255.0

tunnel source Loopback0

tunnel destination 1.1.6.1

crypto map my_crypto_map

interface Serial0

ip address 2.2.5.3 255.255.255.0

crypto map my_crypto_map

access-list 128 permit gre host

2.2.6.3 host 1.1.6.1

Configuring GRE TunnelsConfiguring GRE Tunnels


47/51



318

0944_05F9_c1

1750 Routername: vvpn_1

Phone Number: 1750-120 Phone Number: 1750-220

201.168.4.1 201.168.2.1

Internet

VOIP and IPSecVOIP and IPSec

IPSec ACL must specify WANendpoints/subnets to facilitate RTP, H.225

Port numbers used for VOIP may not bewell-known and may be negotiated

1750 Routername: vvpn_2


3180944_05F9_c1

VOIP and IPSec NotesVOIP and IPSec Notes

Due to additional headers and packetexpansion,an RTP frame of G.729encoded voice is 100 bytes acrossan IPSEC facility

At 50pps 100 byteframes, a 56kb linkcan only accommodate a single call

(50 x 100bytes = 40kb) RTP header compression is not

available to IPSEC frames


48/51



318

0944_05F9_c1

VOIP and IPSec NotesVOIP and IPSec Notes

RTP packets cannot be distinguishedwithin an ESP encrypted flow.So interleaving between fragmentsis not possible

Increasing bandwidth for smaller

packets sizes is good for IPSecand VOIP


3180944_05F9_c1

QOS and IPSecQOS and IPSec

Diff-serventire TOS byte is copiedto the IPSEC header so precedencecan be applied. The additional lengthmay change the packets servicecharacteristics

QOS must be implementedbefore IPSec


49/51



318

0944_05F9_c1

Model Suggested Bandwidth

1600 up to 64Kb - 128Kb

2500 up to 128Kb

2600 up to 512Kb

3640 up to 1.5Mb

4700 up to 2.0Mb

7206 up to 2.5Mb

7505 up to 6.0Mb

Model Suggested Bandwidth

1600 up to 64Kb - 128Kb

2500 up to 128Kb

2600 up to 512Kb

3640 up to 1.5Mb

4700 up to 2.0Mb

7206 up to 2.5Mb

7505 up to 6.0Mb

PerformancePerformance


3180944_05F9_c1

Encryption Performance StatsEncryption Performance Stats

Model Baseline CET Auth.only

Encryptonly

Auth. andEncrypt.

SuggestedBandwidth

2514 2.49.9 0.20.3

0.11.0 0.160.25

0.10.2 up to 128kbps

3640 9.9+ 2.04.0

0.66.1 0.72.5 0.52.1 up to 1.5Mbps

4700 9.59.9 4.95.3

1.49.1 1.53.1 1.12.6 up to 2.0Mbps

7206 9.9+ 2.95.5

1.09.1 1.13.5 0.92.9 up to 2.5Mbps

7505* 9.9+ 9.2

9.9

2.99.4 3.69.1 2.67.9 up to 6.0

Mbps* The processing of IPSec is done on the RSP.


50/51



318

0944_05F9_c1

Reference MaterialReference Material

Applied Cryptography [2nd Edition],Bruce Schneier, Addison-Wesley

Cryptography and Network Security, WilliamStallings, Prentice Hall

Web Security and Commerce, Garfinkel andSpafford, OReilly

Internet Cryptography, Richard E Smith,Addison Wesley

Internet Drafts and RFCswww.ieft.org,Public-Key Infrastructure and IP SecurityProtocol Charters


3180944_05F9_c1

Please Complete YourPlease Complete YourEvaluation FormEvaluation Form

Session 318Session 318


3180944_05F9_c1


51/51


318

0944_05F9_c1

Documents

Advanced Security Technology Concepts