1. Building IPSEC VPNS Using Cisco Routers
Chapter 9
Building IPSEC VPNS Using Cisco Routers

2. Objectives

3. Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Define two types Cisco router VPN solutions.
Describe the Cisco VPN router product family.
Identify the IPSec and other open standards supported by Cisco VPN routers.
Identify the component technologies of IPSec.
Explain how IPSec works.

4. Objectives (cont.)
Configure a Cisco router for IKE using pre-shared keys.
Configure a Cisco router for IPSec using pre-shared keys.
Verify the IKE and IPSec configuration.
Explain the issues regarding configuring IPSec manually and using RSA encrypted nonces.

5. Cisco Routers Enable Secure VPNs

6. VPN Definition
Mobile
user
Central site
Analog
ISDN
Cable
DSL
Remote
site
Server
Remote
site
Internet
Cisco Systems defines VPN as “ an encrypted connection between private networks over a public network such as the Internet”. The “V” and “N” stand for virtual network. The information from a private network is transported over a public network, Internet, to form a virtual network. The “P” stands for private. To remain private, the traffic is encrypted to keep the data confidential. VPN is a private virtual network.
There are three types of VPN networks, remote access, site-to-site, and Firewall based VPN. In this section, we’ll discuss the three VPN solutions and then we’ll cover the related Cisco products.
VPN—An encrypted connection between private networks over a public network such as the Internet

7. Remote Access VPNs Remote access VPN—Extension/evolution of dial
Central site
Remote access client
Internet
DSL
cable
POP
Telecommuter
Router
POP
Mobile
The first VPN solution is remote access. Remote access is targeted to mobile user and Home telecommuters. Most people have access to the Internet from there homes, why not take advantage of it. In the past, corporations supported remote users via dial-in networks. This typically necessitated a toll, or 1-800, call to access the corporation. With the advent of VPNs, a mobile user can make a local call to their ISP to access corporation via Internet wherever they may be. It is an evolution of dial networks. Remote access VPN can support the needs of telecommuters, mobile users, extranet consumer-to-business, and so on.
Extranet
Consumer-to-business
Remote access VPN—Extension/evolution of dial

8. Site-to-Site VPNs Internet Remote office 1700/2600 Series Main office
7100/7200/7400
Series
Regional
office
3600/3700
Series
Internet
Site-to-site VPNs provide cost benefits relative to private WANs and also enable new applications like extranets. However, site-to-site VPNs are still an end-to-end network and are subject to the same scalability, reliability, security, multi-protocol, etc. requirements that exist in the private WAN. In fact, since VPN are built on a public network infrastructure, they have additional requirements such as heightened security, advanced QoS capabilities, and a set of policy management tools to manage these additional features.
Cisco provides a suite of VPN-optimized routers. Cisco IOS software running in Cisco routers combines rich VPN services with industry-leading routing, thus delivering a comprehensive solution. Cisco routing software adds scalability, reliability, multi-protocol, multi-service, management, Service Level Agreement monitoring, and QoS to site-to-site applications. The Cisco VPN software adds strong security via encryption and authentication. This Cisco VPN-based products provide high performance for site-to-site, intranet and extranet, VPN solutions.
Small office/
home office
800/900 Series

9. Cisco VPN Router Portfolio
Cisco 2600XM/2691
This slide depicts the broad range of Cisco access router product portfolio.
With this announcement, Cisco is enhancing its access router portfolio to offer enterprise customers with a broadest range of routers to meet the needs of enterprise teleworkers, small offices, branch offices, regional offices, all the way to enterprise HQ.
This provides customers with the benefit of standardizing on a single operating environment which they are familiar with across all varying office sizes to simplify deployment, maintenance, and lowering support costs and training.
In the small office space, with the Cisco SOHO & 800 Series, Cisco has introduced new models such as the SOHO 71 which brings affordable multi-user access and Internet security for Small Businesses as well as new DSL models with an integrated 4 port hub.
Cisco 1760
Cisco 1700
Cisco 800
Teleworker/SOHO
SMB/Small Branch
Enterprise Branch
Large Branch
Enterprise HQ
And Beyond

10. Cisco VPN Router Portfolio—Large Enterprise
Cat 6500
Cisco 7200/400
Cisco 7400
This slide depicts the broad range of Cisco access router product portfolio.
With this announcement, Cisco is enhancing its access router portfolio to offer enterprise customers with a broadest range of routers to meet the needs of enterprise teleworkers, small offices, branch offices, regional offices, all the way to enterprise HQ.
This provides customers with the benefit of standardizing on a single operating environment which they are familiar with across all varying office sizes to simplify deployment, maintenance, and lowering support costs and training.
In the small office space, with the Cisco SOHO & 800 Series, Cisco has introduced new models such as the SOHO 71 which brings affordable multi-user access and Internet security for Small Businesses as well as new DSL models with an integrated 4 port hub.
Cisco 7204/225
Cisco 7140
Cisco 7120
Large Enterprise

11. Small to Mid-Size—Cisco VPN Routers
The Small to mid-sized Cisco VPN routers table can be used to determine which model is best for your environment. The chart above identifies router platforms, their related hardware accelerator card, and maximum throughput. Lab performance numbers are based on the following configuration: 3DES with HMAC-SHA-1, 100% CPU utilization, and no other services running such as QoS, NAT, GRE, and so on. Actual network performance will vary depending on the services running in each router.
Hardware Encryption accelerator cards provide high-performance, hardware-assisted encryption, key generation suitable for VPN applications. Hardware encryption accelerators improves overall system performance by offloading encryption decryption processing, thus freeing main system resources for other tasks such as route processing, QoS and other network services. In mid sized routers, there are four modules available.
AIM-VPN/BP (Base Performance) This advanced integration module can be added to all Cisco 2600 platforms
AIM-VPN/EP (Enhanced Performance) This AIM can be added to all current 2600 models but is specifically designed to take advantage of the 2650 series high performance routers.
NM-VPN/MP (Mid Performance) This network module is supported on all 3620 and 3640 platforms
AIM-VPN/HP (High Performance) This AIM can be added to all current 3660 models.
Hardware accelerators deliver enhanced encryption performance

12. Enterprise Size—Cisco VPN Routers
7120
7140
7200
7400
CAT
6500
Maximum tunnels
2000
3000
5000
8000
Performance
(Mbps) 50 85
145 90
120
1.9G
Hardware
encryption
ISM
VAM
ISA
Yes
The Enterprise Cisco VPN routers table can be used to determine which enterprise model is best for your environment. The chart above identifies router platforms, their related hardware accelerator card, and maximum throughput. Lab performance numbers are based on the following configuration: 3DES with HMAC-SHA-1, 100% CPU utilization, and no other services running such as QoS, NAT, GRE, and so on. Actual network performance will vary depending on the services running in each router.
Hardware Encryption accelerator cards provide high-performance, hardware-assisted encryption, key generation suitable for VPN applications. For the enterprise routers, there are three versions:
VPN Acceleration Module (VAM) – The VAM for 7200 and 7100 series routers provides high-performance, hardware assisted encryption, and key generation. VAM also supports IP payload (LZS) compression services for VPN applications. There are two versions: VAM Service Adapter and VAM Service Module.
Integrated Service Module (ISM) – ISM uses a special slot created for offloading encryption and key generating services within the Cisco 7100 series. Maximum of one ISM per 71XX.
Integrated Service Adapter (ISA) – ISA is a service adapter that inserts in any open port adapter slot in any Cisco 7200 and can be used within the single port adapter of the Up to one ISA per 7140 or two per 72XX. Not available on 7120.
Hardware accelerators deliver enhanced encryption performance

13. IPSec Overview

14. What Is IPSec? Main site IPSec Corporate
Business partner
with a Cisco router
IPSec
Perimeter router
PIX Firewall
Concentrator
POP
Regional office with a PIX Firewall
Mobile worker with a
Cisco VPN Client on a laptop computer
Corporate
SOHO with a Cisco ISDN/DSL router
IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices (peers), such as other PIX Firewalls, Cisco routers, VPN 3000 Concentrator Series, Cisco Secure VPN Client, and other IPSec-compliant products. IPSec is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers at the IP layer. IPSec encompasses a suite of protocols. It is not bound to any specific encryption or authentication algorithms, key generation technique, or security association. IPSec supplies the rules while existing algorithms provide the encryption, authentication, key management, and so on. In this way, IPSec can allow the use of updated algorithms and key techniques without patching the IPSec protocol. In this section, we’ll discuss how those open standards provide data confidentiality, integrity, and authentication.
IPSec acts at the network layer protecting and authenticating IP packets
Framework of open standards - algorithm independent
Provides data confidentiality, data integrity, and origin authentication

15. IPSec Security Services
Confidentiality
Data integrity
Origin authentication
Anti-replay protection
In VPN, the framework of open standards provides three critical functions: confidentiality, data integrity, and authentication.
Confidentiality (Encryption)
The sender can encrypt the packets before transmitting them across a network. By doing so, no one can eavesdrop on the communication If intercepted, the communications can not be read.
Data Integrity
The receiver can verify the data was transmitted through the Internet without being changed or altered in anyway.
Origin Authentication
The receiver can authenticate the source of the packet. Can guarantee, certify, the source of the information

16. Confidentiality (Encryption)
This quarterly report does not look so good. Hmmm
Internet
Earnings off by 15%
Server
Confidentiality
The good news is the Internet is a public network. The bad news is the Internet is a public network. Clear text data transported over the public Internet can be intercepted and read. In order to keep the data “private”, the data can be encrypted. By digitally scrambling, the data is rendered unreadable.

17. Types of Encryption Encryption Encryption algorithm algorithm Internet
Hmmm
I cannot read a thing.
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
What is Encryption
For encryption to work, both the sender and receiver need to know the rules used to transform the original message into its coded form. Rules are based on an algorithm and a key(s). An algorithm is a mathematical function which combines a message, text and/or digits, with a string of digits called a key. The output is a unreadable cipher string. Decryption is extremely difficult or impossible without the correct key.
In this example, someone wants to send a financial document across the Internet. At the local end, the document is combined with a key and run through an encryption algorithm. The output is undecipherable cyber text. The cyber text is sent through the Internet. At the remote end, the message is recombined with a key and sent back through the encryption algorithm. The output is the original financial document.
There are two types of encryption keys, symmetric and asymmetric. In both cases, the sender and receiver generate a public and private key pair. The private key is held by the sender and kept very private. The public keys are exchanged between the peers. With symmetric key encryption, the private and public keys are combined via the Diffie-Hellman algorithm to form a third shared key. This shared key is used at both ends to encrypt/decrypt messages. Asymmetric key encryption uses one key to encrypt and the other key to decrypt. Both will be discussed shortly.
4ehIDx67NMop9eR
U78IOPotVBn45TR
Internet
4ehIDx67NMop9eR
U78IOPotVBn45TR

18. DH Key Exchange = Terry Alex public key B public key A + private key A
+ private key B
shared secret key (BA)
shared secret
key (AB) =
Key
Key
Protocol Messages
Protocol Messages
Data Traffic
Data Traffic
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Decrypt
Decrypt
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
DES, 3DES, HMAC-MD5, and HMAC-SHA require a symmetric shared secret key to perform encryption and decryption. The question is how does the encrypting/decrypting devices get the shared secret key. The keys could be sent by , courier, overnight express, or public key exchange. The easiest method is Diffie-Hellman public key exchange. The Diffie-Hellman key agreement (DH) is a public key encryption method that provides a way for two peers to establish a shared secret key that only they know, although they are communicating over an insecure channel.
Public Key cryptosystems rely on a two key system. Public key which is exchanged between end users. Private key which is kept secret by the original owners. Diffie-Hellman public key algorithm states that if user A and user B exchange public keys and a calculation is performed on their individual private key and one another’s public key, the end result of the process is an identical shared key. The shared key will be used to encrypt and decrypt the data.
Security is not a issue with the DH key exchange. Although someone may know a users Public key, the shared secret can’t be generated because the private key never becomes public knowledge.
4ehIDx67NMop9eR
U78IOPotVBn45TR
4ehIDx67NMop9eR
U78IOPotVBn45TR
Internet

19. 2. Generate private key XA 2. Generate private key XB
DH Key Exchange
Peer A
Peer B
1. Generate large integer p. Send p to Peer B. Receive q. Generate g.
1. Generate large integer q. Send q to Peer A. Receive p. Generate g.
2. Generate private key XA
2. Generate private key XB
3. Generate public key YA = g ^ XA mod p
3. Generate public key YB = g ^ XB mod p
4. Send public key YA
4. Send public key YB
5. Generate shared secret number ZZ = YB^ XA mod p
5. Generate shared secret number ZZ = YA^ XB mod p
6. Generate shared secret key from ZZ (DES, 3DES, or AES)
6. Generate shared secret key from ZZ (DES, 3DES, or AES)

20. RSA Encryption Local Remote Remote’s Remote’s public key private key
Decrypt
Remote’s
public key
Remote’s
private key
Encrypt
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
RSA encryption uses asymmetric keys for encryption and decryption. Each end, local and remote, generates two encryption keys, a private and public key. They keep their private key and exchange their public key with people they wish to communicate. To send an encrypted message to the remote end, the local end encrypts the message using the remote’s public key and the RSA encryption algorithm. The result is a unreadable cyber text. This message is sent through the Internet. At the remote end, the remote end uses it’s private key and the RSA algorithm to decrypt the cyber text. The result is the original message. The only one who can decrypt the message is the destination who owns the private key.
With RSA encryption, the opposite also holds true. The remote end can encrypt a message using their own private key. The receiver can decrypt the message using the sender’s public key. This RSA encryption technique is used for digital signatures. We’ll talk about this later in this section.
KJklzeAidJfdlwiej47
DlItfd578MNSbXoE

21. Encryption Algorithms
Key
Encryption key
Encrypt
Key
Decrypt
Decryption key
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
4ehIDx67NMop9eR
U78IOPotVBn45TR
Degree of security is dependent on the length of the key. If one were to try and hack the key through a brute force attack, guessing every possible combination, the number of possibilities is a function of the length of the key. The time to process all the possibilities is a function of the computing power of the computer. Therefore, the shorter the key, the easier it is to break. A 64 bit key with a relatively sophisticated computer can take approximately 1 year to break. A 128 bit key with the same machine can take roughly 10e19 years to decrypt.
Some of the encryption algorithms are as follows:
DES Algorithm –DES was developed by IBM. DES uses a 56-bit key, ensuring high performance encryption. DES is a symmetric key cryptosystem.
Triple DES Algorithm (3DES) - The 3DES algorithm is a variant of the 56-bit DES. 3DES operates similarly to DES, in that data is broken into 64-bit blocks. 3DES then processes each block three times, each time with an independent 56-bit key. 3DES effectively doubles encryption strength over 56-bit DES. DES is a symmetric key cryptosystem
RSA – RSA is a asymmetrical key cryptosystem. It uses a key length of 512, 768, 1024, or larger. RSA is used for encryption or digital signatures. In software, DES is up to 100 times faster than RSA. We’ll talk about digital signatures later in this section.
Encryption algorithms
DES
3DES
AES
RSA

22. Data Integrity Internet Yes, I am Alex Jones
The next VPN critical function is data integrity. VPN data is transported over the public Internet. Potentially, this data could be intercepted, and modified. To guard against this from happening, each message has a hash attached to the message. A hash guarantees the integrity of the original message. If the transmitted hash matches the received hash, the message has not been tampered with. However, if there is no match, the message was altered.
In the example above, someone is trying to send John Smith a check for $100. At the remote end, John Jones is trying to cash the check for $ As the check progressed through the Internet, it was altered. Both the recipient and dollar amounts were changed. In this case, the hashes did not match. The transaction is no longer valid. We’ll talk about hash algorithms in the next few slides.
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Pay to Alex Jones $
One Thousand and xx/100 Dollars
4ehIDx67NMop9
12ehqPx67NMoX
Match = No changes
No match = Alterations

23. HMAC Local Remote Shared secret key Received
Variable-length input message
Received
message
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Shared secret key
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars 1
Hash function
Hash function
Hashing guarantees the integrity of the message. At the local end, the message and a shared secret key are sent through a hash algorithm which produces a hash value. Basically, a hash algorithm is a formula used to convert a variable length message into a single string of digits of a fixed length. It is a one-way algorithm. A message can produce a hash but a hash can’t produce the original message. It is analogous to dropping a plate on the floor. The plate can produce a multitude of pieces, but the pieces can not be recombined to reproduce the plate in it’s original form. The message and hash are sent over the network.
At the remote end, there is a two step process. First, the received message and shared secret key are sent through the hash algorithm. Result is a re-calculated hash value. Secondly, the receiver compares the re-calculated hash with the hash that was attached to the message. If the original hash and re-calculated hash match, the integrity of the message is guaranteed. If any of the original message is changed while in transit, the hash values will be different.
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars 2
4ehIDx67NMop9
4ehIDx67NMop9
4ehIDx67NMop9
Message + hash

24. HMAC Algorithms HMAC algorithms Hash function HMAC-MD5 HMAC-SHA-1
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Hash function
HMAC algorithms
HMAC-MD5
HMAC-SHA-1
There are two common hashing algorithms, HMAC-MD5 and HMAC-SHA-1.
HMAC-MD5 - The HMAC-MD5 uses a 128 bit shared secret key. The variable length message and 128 bit shared secret key are combined and run through the HMAC-MD5 hash algorithm. The output is a 128-bit hash. The hash is appended to the original message and forwarded to the remote end.
HMAC-SHA-1- HMAC-SHA-1 uses a 160-bit secret key. The variable length message and the 160 bit shared secret key are combined and run through the HMAC-SHA-1 hash algorithm. The output is a 160-bit hash. The hash is appended to the original message and forwarded to the remote end.
HMAC-SHA-1 is considered cryptographically stronger that HMAC- MD5. HMAC-SHA-1 is recommended where the slightly superior security of HMAC- SHA-1 over HMAC- MD5 is important.
A hash can also be used to verify the source of the message. This is known as a data origin authentication. We’ll talk more about this later.
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
4ehIDx67NMop9
4ehIDx67NMop9

25. Digital Signatures Local Remote Internet Match Private key Public Hash
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Internet
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Hash
4ehIDx67NMop9
4ehIDx67NMop9
Match
Encryption
algorithm
Decryption
algorithm
Hash
Private
key
Public
key
Hash
The last critical function is origin authentication. In the middle ages, a seal guaranteed the authenticity of an edict. In modern times, a signed document is notarized with a seal and a signature. In the electronic era, a document is signed using the sender’s private encryption key, a digital signature. A signature is authenticated by decrypting the signature with the sender’s public key.
In the above example, the local device encrypts a hash with their private key. The encrypted hash, digital signature, is attached to the message and forwarded to the remote end. At the remote end, the encrypted hash is decrypted using the local end’s public key. If the decrypted hash matches the re-computed hash, the signature is genuine. The sender is authenticated. A digital signature ties a message to a sender.
There are two common digital signature algorithms, RSA and DSA. RSA is used commercially and is the most common. DSA is used by U.S. Government agencies and is not as common.
Hash
algorithm
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars

26. Peer Authentication Peer authentication methods: Pre-shared keys
Remote office
Corporate Office
Internet
HR servers
Peer
authentication
Peer authentication methods:
Pre-shared keys
RSA signatures
RSA encrypted nonces
When conducting business long distance, its necessary to know who is at the other end of the phone, , or FAX. The same is true of VPN networking. The device on the other end of the VPN tunnel must be authenticated before the communications path is considered secure. There are three data origin authentication methods:
Pre-shared Keys – A secret key value entered into each peer manually used to authenticate the peer.
RSA Signatures – Use the exchange of digital certificates to authenticate the peers
RSA Encrypted Nonces – Nonces ( a random number generated by each peer) are encrypted then exchanged between peers. The two nonces are used during peer authentication process.

27. Pre-Shared Keys Local Peer Remote Router + ID Information + ID
Auth. Key
+ ID
Information
Auth. Key
+ ID
Information
Internet
Hash
Hash
Authenticating hash
(Hash_L)
With pre-shared keys, the same pre-shared key is configured on each IPSec peer. At each end, the pre-shared key is combined with other information to form the authentication key. Starting at the local end, the authentication key and the ID information, device-specific information, are sent through a hash algorithm to form hash_L. The local IKE peer provides one-way authentication by sending hash_L to the remote peer. If the remote peer is able to independently create the same hash from stored information, the local peer is authenticated (shown above).
Once the local peer is authenticated by the remote end, authentication process begins in the opposite direction. The remote peer combines its ID information with the authentication key and sends them through a hash algorithm to form hash_R. Hash_R is sent to the local peer. If the local peer is able to independently create the same hash from stored information, the remote peer is authenticated. Each peer must authenticate its opposite peer before the tunnel is considered secure.
Computed
hash
(Hash) =
Received
hash
(Hash_L)

28. RSA Signatures Local Remote + + ID + ID Internet Information
Auth. key
+ ID
Information
Auth. key
+ ID
Information
Hash
Hash
Digital
signature 2
Private
key
Hash_I
Hash 1
Encryption
algorithm
Internet =
Decryption
algorithm
Hash_I
With RSA signatures, hash_L and hash_R are not only authenticated, but they are also digitally signed. Starting at the local end, the authentication key and ID information (device-specific information) are sent through a hash algorithm to form hash_L. The hash_L is then encrypted using the local peer’s private encryption key. The result is a digital signature. The digital signature and a digital certificate are forwarded to the remote peer. The public encryption key for decrypting the signature is included in the digital certificate exchanged between peers.
At the remote peer, local peer authentication is a two step process. First, the remote peer verifies the digital signature by decrypting the digital signature using the public encryption key enclosed in the digital certificate. The result is hash_L. Next, the remote peer independently creates hash_L from stored information. If the calculated hash_L equals the decrypted hash_L, the local peer is authenticated (shown above). Digital signatures and certificates are discussed in more detail later in the digital certificate chapter.
Once the local peer is authenticated by the remote peer, authentication process begins in the opposite direction. The remote peer combines its ID information with the authentication key and sends them through a hash algorithm to form hash_R. Hash_R is encrypted using the remote peer’s private encryption key (a digital signature). The digital signature and certificate are sent to the local peer. The local peer performs two tasks. It creates the hash_R from stored information, and then decrypt the digital signature. If the calculated hash_R and the decrypted hash_R match, the remote peer is authenticated. Each peer must authenticate its opposite peer before the tunnel is considered to be secure.
Digital
cert
Digital
cert
Public
key
Digital
signature +

29. RSA Encrypted Nonces Local Remote + ID Information + ID Information
Auth. key
+ ID
Information
Auth. key
+ ID
Information
Hash
Internet
Hash
Authenticating hash
(Hash_I)
Computed
hash
(Hash_I)
RSA encrypted nonces require that each party generate a nonce (a pseudorandom number). The nonces are encrypted and then exchanged. Upon receipt of the peer’s nonce, each end formulates an authentication key made up of the initiator and responders nonces, the DH key, and the initiator and responder’s cookies. The authentication key is combined with device-specific information and run through a hash algorithm. Where the output becomes hash_L. The local IKE peer provides one-way authentication by sending hash_L to the remote peer. If the remote peer is able to independently create the same hash from stored information and its nonce-based authentication key, the local peer is authenticated (shown above).
Once the local peer is authenticated by the remote end, the authentication process begins in the opposite direction. The remote peer combines its ID information with the nonce-based authentication key and sends them through a hash algorithm to form hash_R. Hash_R is sent to the local peer. If the local peer is able to independently create the same hash from stored information and the nonce-based key, the remote peer is authenticated. Each peer must authenticate its opposite peer before the tunnel is considered to be secure. =
Received
hash
(Hash_I)

30. IPSec Protocol Framework

31. IPSec Security Protocols
Authentication Header
Router A
Router B
All data in clear text
The Authentication Header provides the following:
Authentication
Integrity
Encapsulating Security Payload
Router A
Router B
Data payload is encrypted
IPSec consists of the following two main protocols:
Authentication Header (AH) provides data authentication and integrity for IP packets passed between two systems. It is a means of verifying any message passed from Router A to B has not been modified during transit. All text is transported in the clear. AH does not provide data confidentiality (encryption) of packets.
Encapsulating Security Payload (ESP) is a security protocol used to provide confidentiality (encryption), data origin authentication, integrity, and optional anti-replay service. ESP provides confidentiality by performing encryption at the IP packet layer. All ESP traffic is encrypted between Router A and B.
The Encapsulating Security Payload provides the following:
Encryption
Authentication
Integrity

32. Authentication Header
Router A
Router B
All data in clear text
Ensures data integrity
Provides origin authentication (ensures packets definitely came from peer router)
Uses keyed-hash mechanism
Does not provide confidentiality (no encryption)
Provides anti-replay protection
Authentication is achieved by applying a keyed one-way hash function to the packet to create a hash, or message digest. The hash is combined with the text and transmitted. Changes in any part of the packet that occur during transit are detected by the receiver when it performs the same one-way hash function on received packet and compares the value of the message digest that the sender has supplied. The fact that the one-way hash also involves the use of a secret shared between the two systems means that authenticity is guaranteed.

33. AH Authentication and Integrity
IP header + data + key
Router B
Hash
Authentication data
(00ABCDEF)
Data AH
IP HDR
IP header + data + key
Internet
Data AH
IP HDR
Hash
The AH function is applied to the entire datagram except for any mutable IP header fields that change in transit; for example, Time To Live (TTL) fields that are modified by the routers along the transmission path. AH works as follows:
The IP header and data payload is hashed.
The hash is used to build a new AH header, which is appended to the original packet.
The new packet is transmitted to the IPSec peer router.
The peer router hashes the IP header and data payload, extracts the transmitted hash from the AH header, and compares the two hashes. The hashes must exactly match. Even if one bit is changed in the transmitted packet, the hash output on the received packet will change and the AH header will not match.
AH supports HMAC-MD5 and HMAC-SHA-1 algorithms.
Received
hash
(00ABCDEF)
Re-computed
hash
(00ABCDEF)
Router A =

34. Data payload is encrypted
ESP
Router A
Router B
Data payload is encrypted
Data confidentiality (encryption)
Data integrity
Data origin authentication
Anti-replay protection
ESP provides confidentiality by encrypting the payload. It supports a variety of symmetric encryption algorithms. The default algorithm for IPSec is 56-bit DES. Cisco products also support use of 3DES for stronger encryption.
ESP can also provide integrity and authentication of the data grams. First the payload is encrypted. Next, the encrypted payload is sent through a hash algorithm, HMAC-MD5 or HMAC-SHA-1. The hash provides authentication and data integrity for the data payload.
Optionally, ESP may also enforce anti-replay protection by requiring that a receiving host set the replay bit in the header to indicate that the packet has been seen.

35. ESP Protocol Provides confidentiality with encryption
Internet
Router
Router
IP HDR
Data
IP HDR
Data
ESP
Trailer
ESP
Auth
New IP HDR
ESP HDR
IP HDR
Data
Encrypted
The original is well protected because the entire original IP data gram is encrypted. An ESP header and trailer are added to the encrypted payload. With ESP authentication, the encrypted IP data gram and the ESP header/trailer are included in the hashing process. Lastly, a new IP header is appended to the front of the authenticated payload. The new IP address is used to route the packet through the Internet.
When both authentication and encryption are selected, encryption is performed first, before authentication. One reason for this order of processing is that it facilitates rapid detection and rejection of replayed or bogus packets by the receiving node. Prior to decrypting the packet, the receiver can authenticate inbound packets. By doing this, it can detect the problems and potentially reduce the impact of denial-of-service attacks.
Authenticated
Provides confidentiality with encryption
Provides integrity with authentication

36. Modes of Use—Tunnel versus Transport Mode
IP HDR
Data
Transport mode
ESP
Trailer
ESP
Auth
IP HDR
ESP HDR
Data
Encrypted
Authenticated
ESP and AH can be applied to IP packets in two different ways referred to as modes. The two supported modes are transport and tunnel.
In transport mode, security is provided for the upper protocol layers, transport layer and above only. Transport mode protects the payload of the packet but leaves the original IP address in the clear. The original IP address is used to route the packet through the Internet. ESP transport mode is used between hosts.
Tunnel mode provides security for the whole original IP packet. The original IP packet is encrypted. Next, the encrypted packet is encapsulated in another IP packet. The outside IP address is used to route the packet through the internet.
Tunnel mode
New IP HDR
ESP HDR
IP HDR
Data
ESP
Trailer
ESP
Auth
Encrypted
Authenticated

37. Tunnel Mode Remote office Corporate office Internet Tunnel mode
HR servers
Tunnel mode
Home office
Corporate office
ESP tunnel mode is used between a host and a security gateway or between two security gateways. For gateway-to-gateway applications, rather than load IPSec on all the computers at the remote and corporate offices, it is easier to have the security gateways perform the IP-in-IP encryption and encapsulation.
In the IPSec remote access application, ESP tunnel mode is used. At a home office, there may be no router to perform the IPSec encapsulation and encryption. In this case, IPSec client running on the PC will perform the IPSec IP-in IP encapsulation and encryption. At the Corporate office, the router will de-encapsulate and decrypt the packet.
Internet
HR servers
Tunnel mode

38. IPSec Protocol—Framework
Choices:
ESP
IPSec Protocol AH
DES 3
DES
AES
Encryption
Authentication
MD5
SHA
DH1
DH2
Diffie-Hellman

39. How IPSec Works

40. Five Steps of IPSec
Host A
Host B
Router A
Router B
Interesting Traffic—The VPN devices recognize the traffic to protect.
IKE Phase 1—The VPN devices negotiate an IKE security policy and establish a secure channel.
IKE Phase 2—The VPN devices negotiate an IPSec security policy used to protect IPSec data.
Data transfer—The VPN devices apply security services to traffic and then transmit the traffic.
Tunnel terminated—The tunnel is torn down.
The goal of IPSec is protect the data that you want with the security and algorithms you need. IPSec’s operation can be broken down into five main steps. The five steps are summarized as follows:
Interesting traffic initiates the IPSec process—Traffic is deemed interesting when the VPN device recognizes that traffic you want to send needs to be protected.
IKE phase one—IKE authenticates IPSec peers and negotiates IKE SAs during this phase, setting up a secure communications channel for negotiating IPSec SAs in phase two.
IKE phase two —IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers. These security parameters are used to protect data and messages exchanged between endpoints.
Data transfer—Data is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database.
IPSec tunnel termination—IPSec SAs terminate through deletion or by timing out.

41. Step 1—Interesting Traffic
Host A
Host B
Router A
Router B
Apply IPSec
Bypass IPSec
Determining what traffic needs to be protected is done as part of formulating a security policy for use of a VPN. The policy is used to determine which traffic needs to be protected and which traffic can be sent in the clear. The policy is then implemented in the configuration interface for each particular IPSec peer. For example, in Cisco routers and PIX Firewalls, extended access lists are used to determine the traffic to encrypt. The access lists are defined such that permit statements indicate the selected traffic must be encrypted, and deny statements can be use to indicate the selected traffic must be sent unencrypted. With the Cisco Secure VPN Client, you use menu windows to select connections to be secured by IPSec. When interesting traffic is generated or transits the IPSec client, the client initiates the next step in the process, negotiating an IKE phase one exchange.
Send in cleartext

42. Step 2—IKE Phase 1 Negotiate the policy Negotiate the policy
Host A
Host B
Router A
Router B
IKE Phase 1:
main mode exchange
Negotiate the policy
DH exchange
Verify the peer
identity
Negotiate the policy
DH exchange
Verify the peer
identity
The basic purpose of IKE phase one is to negotiate IKE policy sets, authenticate the peers, and to set up a secure channel between the peers. IKE phase one occurs in two modes: main mode and aggressive mode.
Main mode has three two-way exchanges between the initiator and receiver:
First exchange—The algorithms and hashes used to secure the IKE communications are negotiated and agreed upon between peers.
Second exchange—Uses a Diffie-Hellman exchange used to generate shared secret keys, and to pass nonces, which are random numbers sent to the other party, signed and returned to prove their identity. The shared secret key is used to generate all the other encryption and authentication keys.
Third exchange—Verifies the other sides’ identity. Authenticate the remote peer. The main outcome of main mode is a secure communications path for subsequent exchanges between the peers.
In the aggressive mode, fewer exchanges are done and with fewer packets. On the first exchange, almost everything is squeezed in: the IKE policy set negotiation, the Diffie-Hellman public key generation, a nonce which the other party signs, and an identity packet, which can be used to verify their identity via a third party. The receiver sends everything back that is needed to complete the exchange. The only thing left is for the initiator to confirm the exchange.

43. IKE Transform Sets
Host A
Host B
Router A
Router B
Negotiate IKE Proposals
Transform 10
DES
MD5
pre-share
DH1
lifetime
Transform 15
DES
MD5
pre-share
DH1
lifetime
IKE Policy Sets
When trying to make a secure connection between Host A and B through the Internet, a secure path, a tunnel, is established between Router A and B. Through the tunnel, the encryption, authentication, and other protocols are negotiated. Rather than negotiate each protocol individually, the protocols are grouped into sets, an IKE policy set. IKE policy sets are exchanged during the IKE main mode, first exchange phase. If a policy match is found between peers, main mode continues. If no match is found, the tunnel is torn down. In the example, Router A sends IKE policy sets 10 and 20 to Router B. Router B compares its set, policy set 15, with those received from Router A. In this instance, there’s a policy match. Router A’s policy set 10 matches Router B’s policy set 15.
In a point-to-point application, each end may only need a single IKE policy set defined. However, in a hub and spoke environment, the central site may require multiple IKE policy sets to satisfy all the remote peers.
Transform 20
3DES
SHA
pre-share
DH1
lifetime
Negotiates matching IKE transform sets to protect IKE exchange

44. DH Key Exchange = Terry Alex public key B public key A + private key A
+ private key B
shared secret key (BA)
shared secret
key (AB) =
Key
Key
Encrypt
Decrypt
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Pay to Terry Smith $100.00
One Hundred and xx/ Dollars
Diffie-Hellman key exchange is a public key encryption method that provides a way for two peers to establish a shared secret key over insecure communications path. With Diffie-Hellman, there are several different Diffie-Hellman algorithms, or groups defined, Diffie-Hellman groups 1-7. A group number defines and an algorithm and unique values. For instance, group 1 defines a MODP algorithm with a 768 bit prime number. Group 2 defines a MODP algorithm with a 1024 bit prime number. During IKE phase 1, the group is negotiated between peers. Between Cisco VPN devices, either group 1 or 2 is supported.
Once the group negotiations are completed, the shared secret key is calculated, SKEYID. The shared secret key, SKEYID, is used in the derivation of three other keys, SKEYID_a, SKEYID_e, and SKEYID_d. Each key has a separate purpose. SKEYID_a is the keying material used during the authentication process. SKEYID_e key is the keying material used in the encryption process. SKEY_d is keying material used to derive keys for non-ISAKMP Security associations. All four keys are calculated during IKE phase 1.
4ehIDx67NMop9eR
U78IOPotVBn45TR
4ehIDx67NMop9eR
U78IOPotVBn45TR
Internet

45. Authenticate Peer Identity
Remote office
Corporate office
Internet
HR servers
Peer
authentication
Peer authentication methods
Pre-shared keys
RSA signatures
RSA encrypted nonces
When conducting business over the internet, its necessary to know who is at the other end of the tunnel. The device on the other end of the VPN tunnel must be authenticated before the communications path is considered secure. The last exchange of IKE phase one is used to authenticate the remote peer.
There are three data origin authentication methods:
Pre-shared Keys – A secret key value entered into each peer manually used to authenticate the peer.
RSA Signatures – Use the exchange of digital certificates to authenticate the peers
RSA Encrypted Nonces – Nonces ( a random number generated by each peer) are encrypted then exchanged between peers. The two nonces are used during peer authentication process.

46. Step 3—IKE Phase 2 Host A Host B Router A Router B 10.0.1.3
Negotiate IPSec
security parameters
The purpose of IKE phase two is to negotiate the IPSec security parameters used to secure the IPSec tunnel. IKE phase two performs the following functions:
Negotiates IPSec security parameters, IPSec transform sets
Establishes IPSec security associations
Periodically renegotiates IPSec SAs to ensure security
Optionally performs an additional Diffie-Hellman exchange
IKE phase 2 has one mode, called quick mode. Quick mode occurs after IKE has established the secure tunnel in phase one. It negotiates a shared IPSec transform, derives shared secret keying material used for the IPSec security algorithms, and establishes IPSec SAs. Quick mode exchanges nonces that are used to generate new shared secret key material and prevent replay attacks from generating bogus SAs.
Quick mode is also used to renegotiate a new IPSec SA when the IPSec SA lifetime expires. Base quick mode is used to refresh the keying material used to create the shared secret key based on the keying material derived from the Diffie-Hellman exchange in phase one.

47. IPSec Transform Sets
Host A
Host B
Router A
Router B
Negotiate transform sets
Transform set 30
ESP
3DES
SHA
Tunnel
Lifetime
Transform set 55
ESP
3DES
SHA
Tunnel
Lifetime
IPSec Transform Sets
The ultimate goal of IKE phase two is to establish a secure IPSec session between endpoints. Before that can happen, each pair of endpoints negotiate the level of security required, e.g. encryption and authentication algorithms, for the session. Rather than negotiate each protocol individually, the protocols are grouped into sets, an IPSec transform set. IPSec transform set are exchanged between peers during Quick mode. If a match is found between sets, IPSec session establishment continues. If no match is found, the session is torn down. In the example, Router A sends IPSec transform set 30 and 40 to Router B. Router B compares its set, transform set 55, with those received from Router A. In this instance, there’s a match. Router A’s transform set 30 matches Router B’s transform set 55. These encryption and authentication algorithms form a security association (SA). More on SAs on the next page.
Transform set 40
ESP
DES
MD5
Tunnel
Lifetime
A transform set is a combination of algorithms and protocols that enact a security policy for traffic.

48. Security Associations (SA)
SA Db
Destination IP address
SPI
Protocol (ESP or AH)
Security Policy Db
Encryption Algorithm
Authentication Algorithm
Mode
Key lifetime
B A N K
SPI–12
ESP/3DES/SHA
tunnel
28800
Internet
Once a transform set is agreed upon between peers, each VPN peer device databases the information. The information includes the encryption and authentication algorithm, peer address, transport mode, key lifetime, and so on. This information is referred to as the security association (SA) The VPN device then indexes the SA with a number, a Security Parameter Index (SPI). Rather than send the individual parameters of the SA across the tunnel, the peer will insert the SPI into the ESP header. When the IPSec peer receives the packet, it looks up the destination address and SPI in its database, and then processes the packet according to the protocols listed under the SPI.
The IPSec SA is a compilation of the peer address, SPI number, encryption and authentication algorithms, mode, and key lifetime. network for s. For example in the corporate to bank connection, a very secure tunnel using 3DES, SHA, tunnel mode, and a key lifetime of is negotiated between the peer endpoints, SPI-12. For the remote user accessing s, a less secure tunnel is negotiated using DES, MD5, tunnel mode, and a key lifetime of 28800, SPI-39.
SPI–39
ESP/DES/MD5
tunnel
28800

49. SA Lifetime Data-based Time-based
Like passwords on your company PC, the longer you keep it, the more vulnerable it becomes. The same thing is true of keys and security associations (SA). For good security, the SA and keys should be changed periodically. There are two parameters, lifetime type and duration. The first parameter is lifetime type. How is the lifetime measured. Is it measured by the number bytes transmitted or the amount of time transpired? The second parameter is the unit of measure, kilobytes of data or seconds of time. Some examples are as follows: lifetime based on 10,000 kilobytes of data transmitted or seconds of time expired. The keys and SAs remain active until their lifetime expires or until some external event – client drops the tunnel – causes the them to be deleted.

50. Step 4—IPSec Session SAs are exchanged between peers.
Host A
Host B
Router A
Router B
IPSec session
After IKE phase two is complete and quick mode has established IPSec SAs, traffic is exchanged between Host A and B via a secure tunnel. Interesting traffic is encrypted and decrypted using the encryption specified in the IPSec SA.
SAs are exchanged between peers.
The negotiated security services are applied to the traffic.

51. Step 5—Tunnel Termination
Host A
Host B
Router A
Router B
IPSec tunnel
A tunnel is terminated
By an SA lifetime timeout
If the packet counter is exceeded
Removes IPSec SA
IPSec SAs terminate through deletion or by timing out. An SA can time out when a specified number of seconds have elapsed or when a specified number of bytes have passed through the tunnel. When the SAs terminate, the keys are also discarded. When subsequent IPSec SAs are needed for a flow, IKE performs a new phase two and, if necessary, a new phase one negotiation. A successful negotiation results in new SAs and new keys. New SAs is established before the existing SAs expire, so that a given flow can continue uninterrupted.

52. Configuring IPSec Encryption

53. Tasks to Configure IPSec Encryption
Task 1—Prepare for IKE and IPSec.
Task 2—Configure IKE.
Task 3—Configure IPSec.
Task 4—Test and Verify IPSec.

54. Task 1—Prepare for IKE and IPSec

55. Task 1—Prepare for IKE and IPSec
Step 1—Determine IKE (IKE phase one) policy.
Step 2—Determine IPSec (IKE phase two) policy.
Step 3—Check the current configuration.
show running-configuration
show crypto isakmp policy
show crypto map
Step 4—Ensure the network works without encryption.
ping
Step 5—Ensure access lists are compatible with IPSec.
show access-lists

56. Step 1—Determine IKE (IKE Phase One) Policy
Determine the following policy details:
Key distribution method
Authentication method
IPSec peer IP addresses and hostnames
IKE phase 1 policies for all peers
Encryption algorithm
Hash algorithm
IKE SA lifetime
Goal: Minimize misconfiguration.

57. IKE Phase One Policy Parameters
< seconds
86400 seconds
IKE SA lifetime
DH Group 2
DH Group 1
Key exchange
RSA encryption
RSA signature
Pre-shared
Authentication method
SHA-1
MD5
Hash algorithm
3-DES
DES
Encryption algorithm
Stronger
Strong
Parameter
Before you begin configuring IKE and IPSec, you should determine the following details which make up an IKE policy:
IKE encryption algorithm
IKE message hash algorithm
Authentication method
Key Exchange method
IKE SA Lifetime. The default is 86,400 seconds.
This information should have been gathered during the planning process. It is recommended that you confirm the details to minimize the number of configuration errors.

58. IKE Policy Example Site 1 Site 2 Internet RouterA RouterB 10.0.1.3
E0/
E0/
Parameter
Site 1
Site 2
Encryption algorithm
DES
DES
Hash algorithm
MD5
MD5
Authentication method
Pre-shared keys
Pre-shared keys
Key exchange
DH Group 1
DH Group 1
Before you begin configuring IKE and IPSec, you should determine the following details which make up an IKE policy:
IKE encryption algorithm
IKE message hash algorithm
Authentication method
Key Exchange method
IKE SA Lifetime. The default is 86,400 seconds.
This information should have been gathered during the planning process. It is recommended that you confirm the details to minimize the number of configuration errors.
IKE SA lifetime
86400 seconds
86400 seconds
Peer IP address

59. Step 2—Determine IPSec (IKE Phase Two) Policy
Determine the following policy details:
IPSec algorithms and parameters for optimal security and performance
Transforms and, if necessary, transform sets
IPSec peer details
IP address and applications of hosts to be protected
Manual or IKE-initiated SAs
Goal: Minimize misconfiguration.

60. IPSec Transforms Supported in Cisco IOS Software
Cisco IOS software supports the following IPSec transforms:
RouterA(config)# crypto ipsec transform-set
transform-set-name ?
ah-md5-hmac AH-HMAC-MD5 transform
ah-sha-hmac AH-HMAC-SHA transform
esp-3des ESP transform using 3DES(EDE) cipher ( bits)
esp-des ESP transform using DES cipher (56 bits)
esp-md5-hmac ESP transform using HMAC-MD5 auth
esp-sha-hmac ESP transform using HMAC-SHA auth
esp-null ESP transform w/o cipher
A transform set is an acceptable combination of security protocols, algorithms and other settings to apply to IPSec protected traffic. During the IPSec security association negotiation, the peers agree to use a particular transform set when protecting a particular data flow.
You can configure multiple transform sets, and then specify one or more of these transform sets in a crypto map entry. The transform set defined in the crypto map entry is used in the IPSec security association negotiation to protect the data flows specified by that crypto map entry's access list.
During the negotiation, the peers search for a transform set that is the same at both peers. When such a transform set is found, it is selected and will be applied to the protected traffic as part of both peer's IPSec security associations.
When IKE is not used to establish security associations, a single transform set must be used. The transform set is not negotiated.
Before a transform set can be included in a crypto map entry it must be defined using this command.
A transform set specifies one or two IPSec security protocols (either ESP or AH or both) and specifies which algorithms to use with the selected security protocol.
To define a transform set, you specify one to three "transforms"---each transform represents an IPSec security protocol (ESP or AH) plus the algorithm you want to use. When the particular transform set is used during negotiations for IPSec security associations, the entire transform set (the combination of protocols, algorithms, and other settings) must match a transform set at the remote peer.

61. IPSec Policy Example Site 1 Site 2 Internet RouterA RouterB 10.0.1.3
E0/
E0/
Policy
Site 1
Site 2
Transform set
ESP-DES, tunnel
ESP-DES, tunnel
Peer hostname
RouterB
RouterA
Peer IP address
Hosts to be encrypted
Traffic (packet) type to be encrypted
TCP
TCP
SA establishment
Ipsec-isakmp
Ipsec-isakmp

62. Other vendor’s IPSec peers
Identify IPSec Peers
Cisco router
Remote user with
Cisco VPN Client
Cisco
PIX Firewall
Cisco router
Other vendor’s IPSec peers
CA server

63. Step 3—Check Current Configuration
Site 1
Site 2
RouterA
Internet
RouterB A B
router#
show running-config
View router configuration for existing IPSec policies.
router#
show crypto isakmp policy
View default and any configured IKE phase one policies.
RouterA# show crypto isakmp policy
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys)
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman Group: #1 (768 bit)
lifetime: seconds, no volume limit

64. Step 3—Check Current Configuration (cont.)
Site 1
Site 2
RouterA
Internet
RouterB A B
router#
show crypto map
View any configured crypto maps.
RouterA# show crypto map
Crypto Map "mymap" 10 ipsec-isakmp
Peer =
Extended IP access list 102
access-list 102 permit ip host host
Current peer:
Security association lifetime: kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={ mine, }

65. Step 3—Check Current Configuration (cont.)
Site 1
Site 2
RouterA
RouterB
Internet A B
router#
show crypto ipsec transform-set
View any configured transform sets.
RouterA# show crypto ipsec transform-set mine
Transform set mine: { esp-des }
will negotiate = { Tunnel, },

66. Step 4—Ensure the Network Works
Cisco RouterB
Remote user with
Cisco Unified VPN client
Cisco PIX Firewall
Cisco router
Cisco RouterA
Basic connectivity must be checked before any VPN configuration can begin.
Once VPN security is activated basic connectivity troubleshooting can be difficult due to possible security misconfigurations.
Previous security settings could result in no connectivity.
The IPSEC show command can be used to see existing security configurations.
Other vendor’s IPSec peers
CA server
RouterA# ping

67. Step 5—Ensure Access Lists are Compatible with IPSec
IKE AH
ESP
Site 1
Site 2
RouterA
Internet
RouterB A B
E0/
E0/
RouterA# show access-lists
access-list 102 permit ahp host host
access-list 102 permit esp host host
access-list 102 permit udp host host eq isakmp
Perimeter routers typically implement a restrictive security policy with access lists where only specific traffic is permitted, and all other traffic is denied. Such a restrictive policy would block IPSec traffic. You may need to add specific permit statements to the access list to allow IPSec traffic.
Ensure that your access lists are configured so that protocol 50, 51, and UDP port 500 traffic is not blocked at interfaces used by IPSec. ISAKMP uses UDP port 500. The IPSec Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols use protocol numbers 50 and 51. In some cases, you might need to add a statement to router access lists to explicitly permit this traffic. You may need to add the access list statements to the perimeter router by performing the following steps:
1. Examine the current access list configuration at the perimeter router and determine if it will block IPSec traffic:
RouterA#show access-lists
2. Add access list entries to permit IPSec traffic. The easiest way to do this is to copy the existing access list configuration and paste it into a text editor, add the access list entries to the top of the list, delete the existing access list with the no access-list access-list number command, enter configuration mode, copy and paste the new access list into the router, then verify the access list is correct with the show access-lists command.
A concatenated example showing access list entries permitting IPSec traffic for RouterA is as follows:
RouterA# show running-config !
interface Serial0
ip address
ip access-group 102 in
access-list 102 permit ahp host host
access-list 102 permit esp host host
access-list 102 permit udp host host eq isakmp
Note that the protocol keyword of esp equals the ESP protocol (number 50) and the keyword of ahp equals the AH protocol (number 51), and the isakmp keyword equals UDP port 500.
Ensure protocols 50 and 51, and UDP port 500 traffic are not blocked at interfaces used by IPSec.

68. Task 2—Configure IKE

69. Step 1—Enable or disable IKE. Step 2—Create IKE policies.
Task 2—Configure IKE
Step 1—Enable or disable IKE.
crypto isakmp enable
Step 2—Create IKE policies.
crypto isakmp policy
Step 3—Configure pre-shared keys.
crypto isakmp key
Step 4—Verify the IKE configuration.
show crypto isakmp policy

70. Step 1—Enable or Disable IKE
Site 1
Site 2
RouterA
Internet
RouterB A B
router(config)#
[no] crypto isakmp enable
RouterA(config)# no crypto isakmp enable
RouterA(config)# crypto isakmp enable
Globally enables or disables IKE at your router.
IKE is enabled by default.
IKE is enabled globally for all interfaces at the router.
Use the no form of the command to disable IKE.
An ACL can be used to block IKE on a particular interface.

71. Step 2—Create IKE Policies
Site 1
Site 2 A B
Internet
RouterA
RouterB
router(config)#
crypto isakmp policy priority
Defines an IKE policy, which is a set of parameters used during IKE negotiation.
Invokes the config-isakmp command mode.
crypto isakmp policy priority
Syntax Description
priority
Uniquely identifies the IKE policy and assigns a priority to the policy. Use an integer from 1 to 10,000, with 1 being the highest priority and 10,000 the lowest.
RouterA(config)# crypto isakmp policy 110

72. Create IKE Policies with the crypto isakmp Command
Site 1
Site 2
RouterA
Internet
RouterB A B
Policy 110
DES
MD5
Pre-Share
86400
Tunnel
router(config)#
crypto isakmp policy priority
Defines the parameters within the IKE policy 110.
ISAKMP commands:
authentication Set authentication method for protection suite
default Set a command to its defaults
encryption Set encryption algorithm for protection suite
exit Exit from ISAKMP configuration mode
group Set the Diffie-Hellman group
hash Set hash algorithm for protection suite
lifetime Set lifetime for ISAKMP security association
no Negate a command or set its defaults
Syntax Description
authentication {rsa-sig | rsa-encr | pre-share}
rsa-sig
Specifies RSA signatures as the authentication method.
rsa-encr
Specifies RSA encrypted nonces as the authentication method.
pre-share
Specifies pre-shared keys as the authentication method.
encryption des
des
Specifies 56-bit DES-CBC as the encryption algorithm.
RouterA(config)# crypto isakmp policy 110
RouterA(config-isakmp)# authentication pre-share
RouterA(config-isakmp)# encryption des
RouterA(config-isakmp)# group 1
RouterA(config-isakmp)# hash md5
RouterA(config-isakmp)# lifetime 86400

73. IKE Policy Negotiation
Site 1
Site 2 A B
Internet
RouterA
RouterB
RouterA(config)#
RouterB(config)#
crypto isakmp policy 100
hash md5
authentication pre-share
crypto isakmp policy 200
authentication rsa-sig
hash sha
crypto isakmp policy 300
crypto isakmp policy 100
hash md5
authentication pre-share
crypto isakmp policy 200
authentication rsa-sig
hash sha
crypto isakmp policy 300
Syntax Description (con’t)
hash {sha | md5}
sha
Specifies SHA-1 (HMAC variant) as the hash algorithm.
md5
Specifies MD5 (HMAC variant) as the hash algorithm.
group {1 | 2} 1
Specifies the 768-bit Diffie-Hellman group. 2
Specifies the 1024-bit Diffie-Hellman group.
lifetime seconds
seconds
Specifies how many seconds each SA should exist before expiring. Use an integer from 60 to 86,400 seconds.
Default
encryption (IKE policy); default = 56-bit DES-CBC
hash (IKE policy); default = SHA-1
authentication (IKE policy); default = RSA signatures
group (IKE policy); default = 768-bit Diffie-Hellman
lifetime (IKE policy); default = 86,400 seconds (one day)
The first two policies in each router can be successfully negotiated while the last one can not.

74. Step 3—Configure ISAKMP Identity
Site 1
Site 2 A B
Internet
RouterA
RouterB
router(config)#
crypto isakmp identity {address | hostname}
Defines whether ISAKMP identity is done by IP address or hostname.
Use consistently across ISAKMP peers.
To define the identity the router uses when participating in the IKE protocol, use the crypto isakmp identity global configuration command. Set an ISAKMP identity whenever you specify pre-shared keys. Use the no form of this command to reset the ISAKMP identity to the default value (address).
Note:
If the crypto isakmp identity command had not been performed, the ISAKMP identities would have still been set to IP address, the default identity.

75. Step 3—Configure Pre-Shared Keys
Site 1
Site 2
RouterA
Internet
RouterB A B
Pre-shared key
Cisco1234
router(config)#
crypto isakmp key keystring address peer-address
router(config)#
crypto isakmp key keystring hostname hostname
Syntax Description
keystring
Specify the pre-shared key. Use any combination of alphanumeric characters up to 128 bytes. This pre-shared key must be identical at both peers.
peer-address.
Specify the IP address of the remote peer.
hostname
Specify the host name of the remote peer. This is the peer's host name concatenated with its domain name (for example, myhost.domain.com).
Default
There is no default pre-shared authentication key.
RouterA(config)# crypto isakmp key cisco1234 address
Assigns a keystring and the peer address.
The peer’s IP address or host name can be used.

76. Step 4—Verify the IKE Configuration
Site 1
Site 2
RouterA
Internet
RouterB A B
RouterA# show crypto isakmp policy
Protection suite of priority 110
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Message Digest 5
authentication method: Pre-Shared Key
Diffie-Hellman group: #1 (768 bit)
lifetime: seconds, no volume limit
Default protection suite
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
show crypto key ?
mypubkey Show public keys associated with this
pubkey-chain Show peer public keys
show crypto isakmp ?
policy Show ISAKMP protection suite policy
sa Show ISAKMP Security Associations
Displays configured and default IKE policies.

77. Task 3—Configure IPSec

78. Step 1—Configure transform set suites.
Task 3—Configure IPSec
Step 1—Configure transform set suites.
crypto ipsec transform-set
Step 2—Configure global IPSec SA lifetimes.
crypto ipsec security-association lifetime
Step 3—Create crypto access lists.
access-list

79. Task 3—Configure IPSec (cont.)
Step 4—Create crypto maps.
crypto map
Step 5—Apply crypto maps to interfaces.
interface serial0

80. Step 1—Configure Transform Set Suites

81. Configure Transform Sets
Site 1
Site 2
RouterA
Internet
RouterB A B
Mine
esp-des
Tunnel
router(config)#
crypto ipsec transform-set transform-set-name transform1 [transform2 [transform3]]
router(cfg-crypto-trans)#
(Get syntax text from MCNS 2.0 chapter 12.)
Syntax Description
transform-set-name
Specify the name of the transform set to create (or modify).
transform1
transform2
transform3
Specify up to three "transforms." These transforms define the IPSec security protocol(s) and algorithm(s).
Keep the following and make complete sentences:
A transform set is combination of IPSec transforms that enact a security policy for traffic
Up to three transforms can be in a set
Sets are limited to up to one AH and up to two ESP transforms
The crypto ipsec tranform-set command puts you in cfg-crypto-trans configuration mode
Default mode is tunnel
RouterA(config)# crypto ipsec transform-set mine des
A transform set is a combination of IPSec transforms that enact a security policy for traffic.
Sets are limited to up to one AH and up to two ESP transforms.

82. Transform Set Negotiation
Site 1
Site 2
RouterA
Internet
RouterB A B
transform-set 10
esp-3des
tunnel
transform-set 20
esp-des, esp-md5-hmac
transform-set 30
esp-3des, esp-sha-hmac
transform-set 40
esp-des
tunnel
transform-set 50
esp-des, ah-sha-hmac
transform-set 60
esp-3des, esp-sha-hmac
Transform sets are negotiated during IKE phase 2
You can configure multiple transform sets, and then specify one or more of these transform sets in a crypto map entry. The transform set defined in the crypto map entry is used in the IPSec security association negotiation during IKE phase 2 to protect the data flows specified by that crypto map entry's access list.
During the negotiation, the peers search for a transform set that is the same at both peers. When such a transform set is found, it is selected and will be applied to the protected traffic as part of both peer's IPSec security associations. IPSec peers agree on one transform proposal per SA (unidirectional)
Match
Transform sets are negotiated during IKE phase two.

83. Step 2—Configure Global IPSec Security Association Lifetimes

84. crypto ipsec security-association lifetime Command
Site 1
Site 2
RouterA
Internet
RouterB A B
router(config)#
crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes}
RouterA(config)# crypto ipsec security-association lifetime 86400
If you change a global lifetime, the change is only applied when the crypto map entry does not have a lifetime value specified. The change will not be applied to existing security associations, but will be used in subsequent negotiations to establish new security associations.
You can clear all or part of the security association database by using the clear crypto sa command. Refer to the clear crypto sa command for more detail.
Syntax Description
seconds seconds
Specifies the number of seconds a security association will live before expiring. The default is 3600 seconds (one hour).
kilobytes kilobytes
Specifies the volume of traffic (in kilobytes) that can pass between IPSec peers using a given security association before that security association expires. The default is 4,608,000 kilobytes.
Default
3600 seconds (one hour) and 4,608,000 kilobytes (10 Mbytes per second for one hour)
Configures global IPSec SA lifetime values used when negotiating IPSec security associations.
IPSec SA lifetimes are negotiated during IKE phase two.
Can optionally configure interface specific IPSec SA lifetimes in crypto maps.
IPSec SA lifetimes in crypto maps override global IPSec SA lifetimes.

85. Global Security Association Lifetime Examples
RouterA(config)# crypto ipsec security-association lifetime kilobytes
RouterA(config)# crypto ipsec security-association lifetime seconds 2700
The security association (and corresponding keys) will expire according to whichever occurs sooner, either after the number of seconds has passed (specified by the seconds keyword) or after the amount of traffic in kilobytes has passed (specified by the kilobytes keyword).
A new security association is negotiated before the lifetime threshold of the existing security association is reached, to ensure that a new security association is ready for use when the old one expires. The new security association is negotiated either 30 seconds before the seconds lifetime expires or when the volume of traffic through the tunnel reaches 256 kilobytes less than the kilobytes lifetime (whichever occurs first).
If no traffic has passed through the tunnel during the entire life of the security association, a new security association is not negotiated when the lifetime expires. Instead, a new security association will be negotiated only when IPSec sees another packet that should be protected.
Related Commands
set security-association lifetime
show crypto ipsec security-association lifetime
When a security association expires, a new one is negotiated without interrupting the data flow.

86. Step 3—Create Crypto ACLs

87. Purpose of Crypto Access Lists
Site 1
RouterA
Internet A
Outbound
traffic
Encrypt
Bypass (clear text)
Inbound
traffic
Permit
Bypass (clear text)
Crypto map entries group IPSec polices into a crypto map set.
Later, you will apply these crypto map sets to interfaces; then, all IP traffic passing through the interface is evaluated against the applied crypto map set.
If a crypto map entry sees outbound IP traffic that should be protected and the crypto map specifies the use of IKE, a security association is negotiated with the peer according to the parameters included in the crypto map entry; otherwise, if the crypto map entry specifies the use of manual security associations, a security association should have already been established via configuration. (If a dynamic crypto map entry sees outbound traffic that should be protected and no security association exists, the packet is dropped.)
Outbound—Indicate the data flow to be protected by IPSec.
Inbound—filter out and discard traffic that should have been protected by IPSec.

88. Extended IP Access Lists for Crypto Access Lists
Site 1
Site 2 A B
Internet
RouterA
RouterB
Encrypt
router(config)#
access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence][tos tos] [log]
Syntax Description
access-list-number
Number of an access list. This is a decimal number from 100 to 199 or from 2000 to
dynamic dynamic-name
(Optional) Identifies this access list as a dynamic access list. Refer to lock-and-key access documented in the "Configuring Lock-and-Key Security
(Dynamic Access Lists)" chapter in the Security Configuration Guide.
timeout minutes
(Optional) Specifies the absolute length of time (in minutes) that a temporary access list entry can remain in a dynamic access list. The default is an ` infinite length of time and allows an entry to remain permanently.
deny
Denies access if the conditions are matched.
permit
Permits access if the conditions are matched.
protocol
Name or number of an IP protocol. It can be one of the keywords eigrp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range 0 to representing an IP protocol number. To match any Internet protocol (including ICMP, TCP, and UDP) use the keyword ip. Some protocols allow further qualifiers described below.
source
Number of the network or host from which the packet is being sent.
source-wildcard
Wildcard bits to be applied to source.
RouterA(config)# access-list 110 permit tcp
Define which IP traffic will be protected by crypto.
Permit = encrypt / Deny = do not encrypt.

89. Configure Symmetrical Peer Crypto Access Lists
Site 1
Site 2
E0/ A B
Internet
RouterA
RouterB
RouterA(config)# access-list 110 permit tcp
RouterB(config)# access-list 101 permit tcp
destination
Number of the network or host to which the packet is being sent.
destination-wildcard
Wildcard bits to be applied to the destination.
___________________________________________________________________________ Note: Although the ACL syntax is unchanged, the meanings are slightly different—permit specifies that matching packets must be encrypted; deny specifies that matching packets need not be encrypted.
Crypto access-lists are applied later using Crypto Maps
You must configure mirror image ACLs.

90. Step 4—Create Crypto Maps

91. Purpose of Crypto Maps
Crypto maps pull together the various parts configured for IPSec, including
Which traffic should be protected by IPSec.
The granularity of the traffic to be protected by a set of SAs.
Where IPSec-protected traffic should be sent.
The local address to be used for the IPSec traffic.
What IPSec type should be applied to this traffic.
Whether SAs are established (manually or via IKE).
Other parameters needed to define an IPSec SA.
Crypto map entries group IPSec polices into a crypto map set.
Later, you will apply these crypto map sets to interfaces; then, all IP traffic passing through the interface is evaluated against the applied crypto map set.
If a crypto map entry sees outbound IP traffic that should be protected and the crypto map specifies the use of IKE, a security association is negotiated with the peer according to the parameters included in the crypto map entry; otherwise, if the crypto map entry specifies the use of manual security associations, a security association should have already been established via configuration. (If a dynamic crypto map entry sees outbound traffic that should be protected and no security association exists, the packet is dropped.)

92. Crypto Map Parameters Crypto maps define the following:
Site 1
Site 2
RouterA
Internet
RouterB A B
Crypto maps define the following:
The access list to be used.
Remote VPN peers.
Transform-set to be used.
Key management method.
Security-association lifetimes.
IPSEC Policies are implemented using transform sets on Cisco Routers
Crypto
map
Encrypted traffic
Router
interface

93. Configure IPSec Crypto Maps
Site 1
Site 2
RouterA
Internet
RouterB A B
router(config)#
crypto map map-name seq-num ipsec-manual
crypto map map-name seq-num ipsec-isakmp [dynamic dynamic-map-name]
Syntax Description
cisco
(Default value) Indicates that CET will be used instead of IPSec for protecting the traffic specified by this newly specified crypto map entry. If you use this keyword, none of the IPSec-specific crypto map configuration commands will be available. Instead, the CET-specific commands will be available.
map-name
The name you assign to the crypto map set.
seq-num
The number you assign to the crypto map entry.
ipsec-manual
Indicates that IKE will not be used to establish the IPSec security associations for protecting the traffic specified by this crypto map entry.
ipsec-isakmp
Indicates that IKE will be used to establish the IPSec security associations for protecting the traffic specified by this crypto map entry.
dynamic
(Optional) Specifies that this crypto map entry is to reference a preexisting dynamic crypto map. Dynamic crypto maps are policy templates used in processing negotiation requests from a peer IPSec device. If you use this keyword, none of the crypto map configuration commands will be available.
dynamic-map-name
(Optional) Specifies the name of the dynamic crypto map set that should be used as the policy template.
Default
No crypto maps exist.
RouterA(config)# crypto map mymap 110 ipsec-isakmp
Use a different sequence number for each peer.
Multiple peers can be specified in a single crypto map for redundancy.
One crypto map per interface

94. Example Crypto Map Commands
Site 1
Site 2
RouterA
RouterB A B
Internet
RouterC B
RouterA(config)# crypto map mymap 110 ipsec-isakmp
RouterA(config-crypto-map)# match address 110
RouterA(config-crypto-map)# set peer
RouterA(config-crypto-map)# set peer
RouterA(config-crypto-map)# set pfs group1
RouterA(config-crypto-map)# set transform-set mine
RouterA(config-crypto-map)# set security-association lifetime 86400
Multiple peers can be specified for redundancy.

95. Step 5—Apply Crypto Maps to Interfaces

96. Applying Crypto Maps to Interfaces
Site 1
Site 2
RouterA
Internet
RouterB A B
E0/
E0/
mymap
router(config-if)#
crypto map map-name
RouterA(config)# interface ethernet0/1
RouterA(config-if)# crypto map mymap
Apply the crypto map to outgoing interface
Activates the IPSec policy

97. IPSec Configuration Examples
Site 1
Site 2
RouterA
Internet
RouterB A B
E0/
E0/
RouterA# show running config
crypto ipsec transform-set mine esp-des !
crypto map mymap 10 ipsec-isakmp
set peer
set transform-set mine
match address 110
interface Ethernet 0/1
ip address
no ip directed-broadcast
crypto map mymap
access-list 110 permit tcp
RouterB# show running config
crypto ipsec transform-set mine esp-des !
crypto map mymap 10 ipsec-isakmp
set peer
set transform-set mine
match address 101
interface Ethernet 0/1
ip address
no ip directed-broadcast
crypto map mymap
access-list 101 permit tcp

98. Task 4—Test and Verify IPSec

99. Task 4—Test and Verify IPSec
Display your configured IKE policies.
show crypto isakmp policy
Display your configured transform sets.
show crypto ipsec transform set
Display the current state of your IPSec SAs.
show crypto ipsec sa

100. Task 4—Test and Verify IPSec (cont.)
Display your configured crypto maps.
show crypto map
Enable debug output for IPSec events.
debug crypto ipsec
Enable debug output for ISAKMP events.
debug crypto isakmp

101. show crypto isakmp policy Command
Site 1
Site 2
RouterA
Internet
RouterB A B
router#
show crypto isakmp policy
RouterA# show crypto isakmp policy
Protection suite of priority 110
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Message Digest 5
authentication method: Rivest-Shamir-Adleman Encryption
Diffie-Hellman group: #1 (768 bit)
lifetime: seconds, no volume limit
Default protection suite
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature

102. show crypto ipsec transform-set Command
Site 1
Site 2
E0/ A B
Internet
RouterA
RouterB
router#
show crypto ipsec transform-set
RouterA# show crypto ipsec transform-set Transform set mine: { esp-des }
will negotiate = { Tunnel, },
View the currently defined transform sets.

103. show crypto ipsec sa Command
Site 1
Site 2
RouterA
Internet
RouterB A B
E0/
E0/
router#
show crypto ipsec sa
RouterA# show crypto ipsec sa
interface: Ethernet0/1
Crypto map tag: mymap, local addr
local ident (addr/mask/prot/port): ( / /0/0)
remote ident (addr/mask/prot/port): ( / /0/0)
current_peer:
PERMIT, flags={origin_is_acl,}
#pkts encaps: 21, #pkts encrypt: 21, #pkts digest 0
#pkts decaps: 21, #pkts decrypt: 21, #pkts verify 0
#send errors 0, #recv errors 0
local crypto endpt.: , remote crypto endpt.:
path mtu 1500, media mtu 1500
current outbound spi: 8AE1C9C

104. show crypto map Command
E0/
Site 1
Site 2
E0/ A B
Internet
RouterA
RouterB
show crypto map
View the currently configured crypto maps.
router#
RouterA# show crypto map
Crypto Map "mymap" 10 ipsec-isakmp
Peer =
Extended IP access list 102
access-list 102 permit ip host host
Current peer:
Security association lifetime: kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={ mine, }

105. debug crypto Commands Displays debug messages about all IPSec actions.
router#
debug crypto ipsec
Displays debug messages about all IPSec actions.
router#
debug crypto isakmp
Displays debug messages about all ISAKMP actions.

106. Crypto System Error Messages for ISAKMP
%CRYPTO-6-IKMP_SA_NOT_AUTH: Cannot accept Quick Mode exchange from %15i if SA is not authenticated!
ISAKMP SA with the remote peer was not authenticated.
%CRYPTO-6-IKMP_SA_NOT_OFFERED: Remote peer %15i responded with attribute [chars] not offered or changed
ISAKMP peers failed protection suite negotiation for ISAKMP.
Purpose: Describe the two main error messages that can output from the debug command.
Emphasize: In the first message, the remote peer did not prove its authentication.
In the second message, the two peers could not negotiate a mutually agreeable authentication policy.
Transition: Answer any final questions about your presentation then proceed to the lab exercises for this chapter.

107. Overview of Configuring IPSec Manually

108. Setting Manual Keys with security-association Commands
router(config-crypto-map)#
set security-association inbound|outbound ah spi
hex-key-string
set security-association inbound|outbound esp spi cipher
hex-key-string [authenticator hex-key-string]
Specifies inbound or outbound SA.
Sets Security Parameter Index (SPI) for the SA.
Sets manual AH and ESP keys:
ESP key length is 56 bits with DES, 168 with 3DES.
AH HMAC key length is 128 bits with MD5, 160 bits with SHA.
SPIs should be reciprocal for IPsec peer.
Purpose: This provides some information about manual SA keying
Emphasize: The manual-key method is not used for this course. The hexadecimal number that identifies an SA can quite a long string of numbers that is subject to typing errors. This method does not scale very well.
The manual-key method will not work unless the hex number used into the remote peer must be reciprocal to the hex number out of the local peer.
Transition: The next topic applies the map sets to one or more interfaces.

109. Overview of Configuring IPSec for RSA Encrypted Nonces

110. Tasks to Configure IPSec for RSA Encryption
Task 1—Prepare for IPSec.
Task 2—Configure RSA keys.
Task 3—Configure IKE.
Task 4—Configure IPSec.
Task 5—Test and verify IPSec.

111. Task 2—Configure RSA Keys
Step 1—Plan for RSA keys.
Step 2—Configure the router’s host name and domain name.
hostname name
ip domain-name name
Step 3—Generate RSA keys.
crypto key generate rsa usage keys

112. Task 2—Configure RSA Keys (cont.)
Step 4—Enter peer RSA public keys.
crypto key pubkey-chain
crypto key pubkey-chain rsa
addressed-key key address
named-key key name
key-string

113. Task 2—Configure RSA Keys (cont.)
Step 5—Verify key configuration.
show crypto key mypubkey rsa
show crypto key pubkey-chain rsa
Step 6—Manage RSA keys.
crypto key zeroize rsa

114. Summary

115. Summary
Cisco supports the following IPSec standards: AH, ESP, DES, 3DES, MD5, SHA, RSA signatures, IKE (also known as ISAKMP), DH, and CAs.
There are five steps to IPSec: interesting traffic, IKE phase 1, IKE phase 2, IPSec encrypted traffic, and tunnel termination.
IPSec SAs consist of a destination address, SPI, IPSec transform, mode, and SA lifetime value.
Define the detailed crypto IKE and IPSec security policy before beginning configuration.
Ensure router access lists permit IPSec traffic.

116. Summary (cont.)
IKE policies define the set of parameters used during IKE negotiation.
Transform sets determine IPSec transform and mode.
Crypto access lists determine traffic to be encrypted.
Crypto maps pull together all IPSec details and are applied to interfaces.
Use show and debug commands to test and troubleshoot.
IPSec can also be configured manually or using encrypted nonces.

117. Lab Exercise

118. Lab Visual Objective PODS 1-5 PODS 6-10 .50 172.26.26.0 .150 .1 .1
WEB FTP
.50
.150
PODS 1-5
PODS 6-10 .1 .1
RBB
P.0
Q.0 .2 .2
ROUTER
ROUTER .2 .2
RTS
RTS
.100
10.0.P.0
10.0.Q.0
.100
.10
.10
WEB FTP
WEB FTP
WEB/FTP CSACS
WEB/FTP CSACS
STUDENT PC
STUDENT PC
REMOTE: 10.1.P.12 LOCAL: 10.0.P.12
REMOTE: 10.1.Q.12 LOCAL: 10.0.Q.12