Ipsec vpn connection establishment (IKE) Details

Basic Process of IPSEC site-to-site connection For site-to-site sessions, the basic process of building a connection is as follows: A VPN gateway peer initiates session-triggered traffic to another remote VPN gateway peer) If no VPN connection exists, the ISAKMP/IKE Phase 1 starts and the two peers Negotiate how to protect the management connection. Diffie-hellman is used to securely share keys for encryption algorithms and HMAC functions in management connections. Perform device verification in the security management connection. ISAKMP/IKE Stage 1 ends and phase 2 begins. Peer-to-peer negotiation parameters and key information are used to protect data connections, or you can use Diffie hellman again) The data connection is established and phase 2 ends. VPN gateway can now protect user traffic through data connection. Eventually, the management connection and data connection will time out and rebuild the connection. In ISAKMP/IKE phase 1, the working mode is divided into the master mode and the active mode or the aggressive mode) ISAKMP/IKE Stage 1: 1. Management connection is established in phase 1, which is a two-way process. Both the source and target are UDP 500 2. Three things will happen in ISAKMP/IKE Phase 1: establish two-way ISAKMP SA 1. Security Association establishment and security parameter negotiation encryption algorithm, HASH algorithm, DH group, identity authentication ). 2. DH algorithm key exchange) 3. Peer-to-Peer authentication pre-shared, rsa-sig, encrypted immediately count) Iii. ISAKMP/IKE Phase 1 is basically responsible for establishing a secure management connection, and then execute this There are two modes for the three steps: 1. master mode; Main mode) 2. Positive mode, or known as the Aggressive mode) Master Mode Perform a three-step bidirectional exchange process with a total of 6 data packets Benefits of the master mode: The device verification step occurs in a secure management connection because the connection was built in the first two steps. Therefore, any entity information that the two peers need to send to each other can be protected from attacks. Default Mode for site-to-site and remote access using certificates for device authentication Connection status in master mode: Status explanation The MM_NO-STATE is in the process of Phase 1 main mode, SP has not been negotiated, SA has not been established MM_SA_SETUP is in master mode, SP negotiation is complete, and SA is initialized. The MM_KEY-EXCH is in master mode, where DH exchange occurs, the key KDH is calculated, and many keys are generated. In master mode, MM_KEY_AUTH successfully authenticates the peer. Phase 1 is complete, and phase 2 is started; 650) this. width = 650; "src = ".. /attachment/201110/140019126 .jpg" border = "0" alt = ""/> note: the first package here should be IDi rather than IDr. X and Y are the interaction public keys. N is a random number. 1: The initiator sends a cookie Ci and SA load SAI: encryption algorithm, hash algorithm, authentication method, lifetime, and so on) for parameter negotiation.   2: The responder sends a security parameter selected by the SAr.) and cookie Cr: If no parameter can be selected, the responder returns a load rejection. return a response y payload rejecting proposals) 3 and 4: exchange the material public KEY of the generated KEY and some random data), once the KEY material is exchanged, four different keys will be generated; 1: The KDH = DH algorithm uses its own private key + the other party's public key) 2: SKEYID = hash (pre-shared key, Ni | Nr) 3: SKEYIDd = hash (SKEYID, KDH | Ci | Cr | 0) as the KEY generation material of Phase 2 4: SKEYIDa = hash (SKEYID, SKEYIDd | KDH | Ci | Cr | 1) key used for ISAKMP package integrity 5: SKEYIDe = hash (SKEYID, SKEYIDa | KDH | Ci | Cr | 2) key used to encrypt the ISAKMP package 5 and 6: complete device authentication, use SKEYIDe for encryption, and SKEYIDa for HASH authentication HASH_ I, HASH_r) the algorithms involved are negotiated by the first two packages; the most important thing is that there is an ID exchange IDi, IDr) in this exchange ); 6. HASHi = hash (SKEYID, X | Y | Ci | Cr | SAr | IDi) 7. HASHr = hash (SKEYID, X | Y | Cr | Ci | SAi | IDr) Summary: master mode = 1 bidirectional isakmp sa + 2 encryption + 3 switching + 4 statuses + 5 Keys + 6 packets + 7 Operations IKE Active Mode Only three exchanges are performed for key negotiation and verification. Advantage: fast connection management; Disadvantages: the entity information sent is in plain text, compromising security; If the group pre-shared key is used for device authentication in the Cisco Remote Access VPN, the default mode is the active mode. Status explanation AG_NO_STATE is in the active mode of Phase 1. No SA is established, IKE policy parameters are successfully negotiated between the AG_INIT_EXCH peers, DH switching occurs, and shared key KDH is generated. In active mode, AG_AUTH successfully authenticates the peer. Phase 1 is complete. 650) this. width = 650; "src =" ../attachment/201110/140059984 .jpg" border = "0" alt = ""/> the third package is encrypted. 1. In the first message, an ISAKMP header, Security Association, DH public value, temporary value, and ID are initiated. 2. In the second message, the responder replies with all the selected proposed parameters and DH public values. The message is verified but not encrypted. 3. The third message is sent back to the responder by the initiator. The message is verified so that the responder can determine whether the hash value is the same as the calculated hash value, then determine whether the message is faulty. active mode is not secure in master mode, because identity is transmitted in plaintext mode and DH parameters cannot be negotiated. Conclusion: positive mode = 1 bidirectional isakmp sa + 1 encryption + 3 steps + 3 packets + 3 States + 5 Keys + 7 Operations ISAKMP/IKE Stage 2 ISAKMP/IKE Phase 2 has only one mode: quick mode. It defines how protected data connections are formed between two IPSEC peers. Quick Mode has two main functions: 1. Negotiate Security parameters to protect data connections. 2. periodically update key information for data connections. What concerns Phase 2: 1. What traffic needs to be protected? Traffic of interest) 2. What security protocols should be used to protect traffic AH and ESP) 3. How is data traffic protected based on selected security protocols? For example, what kind of HMAC function is used) 4. What kind of operation mode is used? Transmission Mode, tunnel mode) 5. When I refresh the key information, is it the key managed by ISAKMP/IKE phase 1 to share the heart or the perfect forwarding key used to refresh the key? 6. What is the lifecycle of a data connection? 650) this. width = 650; "src = ".. /attachment/201110/140131579 .jpg" border = "0" alt = ""/> Status: QM-IDLE indicates Phase 1 has been completed successfully, phase 2 starts or ends Exchange 3 messages in quick mode. These messages are protected by IKE, which means that the SKEYIDe and SKEYIDa exported from IKE phase1 will be used to encrypt and verify all groups. 1. 1st messages are sent from the initiator, including the ISAKMP header and the IPSec SA server load. The latter contains all proposals and transformations for massive data transmission. A new temporary value is exchanged between the initiator and the responder), which is used to generate new key information and prevent replay attacks. All IPSec keys are derived from SKEYIDd, So If attackers know this SKEYIDd, they will be able to export all the current and future keys used for IPSec. Until IKE is re-negotiated, to enhance the protection of the IPSec key, improve forwarding Security PFS) to remove the relationship between the future key and the current key. After PFS is enabled, a new DH public value (X and Y) is exchanged and the calculated shared key K is used. To generate key information 2. 2nd messages are sent to the initiator by the responder, including the selected proposal and ISAKMP header, temporary value Nr2) and HASH (2) 3. In the last message, the initiator uses HASH (3) for verification. This is to verify the validity of the communication channel before the IPSec data stream is transmitted. The two parties perform the following calculations to generate four keys which are horizontally identical and vertically different) First case 1. KEYMAT = HASHSKEYIDd, security protocol/n2/ Nr2/SPI) Export 2, 3, and 4 in the same way In the second case, public key exchange is required again, And KDH2 is generated using DH) KEYMAT = HASHDKEYIDd, security protocol/n2/ Nr2/SPI/KDH2) Export 2, 3, and 4 in the same way The two keys are inbound and the other two are outbound. The first method is used by default, and the PFS function must be enabled in the second method. Conclusion: Phase 2 = 1 mode + 1 State + 2 unidirectional ipsec sa + 3 packets + 4 keys

This article is from the "Mortal World" blog and will not be reproduced!