Internet Protocol Security is an open standard protocol suite defined in RFC 2401 and RFC2412, that authenticates and encrypts each IP packet. IPSec provides network peers and data origin authentication, data integrity and confidentiality, and replay protection.
IPSec provides end-to-end protection. It relies on:
Cisco IOS commands:
! IKE Phase 1 - negotiating gateway-to-gateway secure control tunnel for key exchanges and negotiation of phase 2 UDP port 500 config# crypto isakmp policy <number> config-isakmp# authentication pre-shared | rsa-sig config-isakmp# encr <enc_algo> <bits> config-isakmp# hash <hashing_algo> config-isakmp# group <DH_group> config-isakmp# lifetime <sec> config-isakmp# exit config# crypto isakmp key <pre-shared-key> address <peer_ip>
If authentication is rsa-sig, then a gateway must have a certificate installed:
config# ip domain name <domain-name> config# crypto key generate rsa confgi# crypto PKI trustpoint CA ca-trustpoint# enrollment URL <http://fqdn> ca-trustpoint# exit config# crypto PKI authenticate CA config# crypto pki enroll CA <-- request an Identity certificate for this router via SCEP
config# end # show crypto isakmp policy
AH operates on top of IP and has its protocol number 51. It protects non-mutable IP header fields and IP payload. Mutable fields, those that may change in transit (ToS, ECN, Flags, Fragment Offset, TTL and Header Checksum) are not protected. The format of the AH is:
| Next Header (8 bits) | Payload Length (8 bits) | Reserved (16 bits) | SPI (32 bits) | Seq Number (32 bits) | Integrity Check Value (ICV, variable length) | … |
Next Header is set to the encapsulated protocol number.
Security Parameters Index (SPI) is used together with the destination IP address to identify the SA of the receiving end.
Sequence numbers, if enabled, are monotonic and never reused. SA must be renegotiated when it reaches its limit. They are used for anti-replay protection.
ICV is calculated using the secret key as oppose to a checksum used in IP packets, which can be reproduced at will by anyone modifying the packet. Therefore, ICV provides not just data integrity but also origin authentication.
It supports two modes: transport and tunnel, the same as ESP.
ESP operates on top of IP and uses protocol number 50. It has two modes of operation:
For more details, see RFC 4303.
Here is the format of ESP packet:
| SPI (32 bits) | Seq Number (32 bits) | Payload Data | Padding (0-255 bytes) | Padding Length (8 bits) | Next Header (8 bits) | ICV |
! IKE Phase 2 - negotiating IPsec data tunnel for end nodes AH protocol 51 or ESP protocol 50 config# crypto ipsec transform-set <name> <transforms> config-crypto-trans# mode tunnel config-crypto-trans# exit
For IPsec end points behind a NAT device, NAT-Traversal (NAT-T) is used that works by encapsulating IPsec packets into regular UDP packets. For more details, see RFC 3947 and RFC 3948.
ISAKMP is used to establish SA. It may have been configured with pre-shared secrets, IKE or IKEv2 protocols to exchange the secrets (over UDP port 500), or Kerberized Internet Negotiation of Keys (KINK), or the use of IPSECKEY DNS records. SAs are kept in a Security Association Database (SADB). A particular SA is identified by its SPI.
For details about IKEv2 see RFC 4301 and RFC 4309.
To initiate IPsec SA in Cisco IOS:
! What traffic to secure config# access-list <ext_acl> permit ip <src> <src_wildcard_mask> <dst> <dst_wildcard_mask> ! How to secure config# crypto map <map_name> <num> ipsec-isakmp config-crypto-map# match <ext_acl> config-crypto-map# set transform-set <name> config-crypto-map# set peer <peer_ip> config-crypto-map# set pfs <pfs> config-crypto-map# end # show crypto map
config# interface <if_name> config-if# crypto map <map_name> config-if# end