VPN

Olga Torstensson
IDE
Halmstad University

1
 What is a VPN?

• A Virtual Private Network (VPN) is

defined as network connectivity deployed
on a shared infrastructure with the same
policies and security as a private network.

2
 VPN Taxonomy

• Overlay VPNs—Service providers provide virtual point-to-

point links.
• Peer-to-peer VPNs—Service providers participate in the
customer routing.

3
Virtual Private Networks (VPNs)

4
Why Have VPNs?

5
Tunneling and Encryption

6
 Plaintext, Encryption,
Ciphertext, and Decryption
Encryption Note:
Key Interceptor Cannot Read
Ciphertext Without the
Decryption Key
Plaintext Encryption Ciphertext “11011101”
“Hello” Method &
Key Interceptor
Network
Decryption
Key

Party A Ciphertext “11011101” Decryption Plaintext

Method & “Hello”
Key

Party B

7
Use VPNs with a Variety of Devices

8
 VPN Types
Remote Access VPN Solutions

9
Site-to-Site VPN Solutions

10
VPN Types and Applications
Type Application As Alternative To Benefits

Remote Remote Dial Dedicated

Dial Ubiquitous Access
Access Lower Cost
Connectivity
VPN ISDN

Site-
Site-to-
to-Site Leased Line
Site-
Site-to-
to-Site Extend Connectivity
Internal Frame Relay Increased Bandwidth
VPN
Connectivity ATM Lower Cost

External Fax
Extranet Facilitates
Connectivity Mail
VPN E-Commerce

11
 VPN Requirements Vary By
Application
Extranet
Business Partner

Mobile User
POP
Internet VPN

DSL
Cable Central Site
Home Telecommuter
Site-to-Site
Remote Office

Remote Access VPN Site-to-Site VPN

• Evolution away from dial
• Per-user manageability
• Multi-OS (desktop) support
• Deployment scalability
• Extension of classic WAN
• Compatibility with diverse
network traffic types
• Integration with routing
• Deployment scalability

12
Tunneling Protocols

13
VPN Protocols

14
Selecting Layer 3 VPN Tunnel Options

15
 Identifying VPN and IPSec Terms
• Tunnel
• Encryption/Decryption
• Cryptosystem
• Hashing
• Authentication
• Authorization
• Key Management
• Certificate of Authority Service

16
 Identifying VPN and IPSec Terms
IPSec main protocols are used to provide
protection for user data:
• Authentication Header – AH
• Encapsulating Security Payload – ESP

Internet Key Exchange – IKE

Internet Security Association Key
Management Protocol – ISAKMP

17
 Cryptographic System

Secure Communication

Confidentiality
Authentication
Message Integrity
Anti-Replay Protection
Client PC with Server with
Cryptographic Cryptographic
System Provided System
Software Automatically Software

18
Cryptosystem Overview

19
Symmetric Encryption

20
Asymmetric Encryption

21
 RSA

• Rivest, Shamir, Adelman (1977)

– patented, royalty
• public key cryptosystem
• variable key length (usually 512-2048 bit)
• based on the (current) difficulty of factoring
very large numbers

22
 RSA

• each entity has two keys

– public key (can be published)
– private key (must be kept secret)
• it is not feasible to determine the private
key from the public key
• one key encrypts, the other key decrypts a
message

23
 RSA

• 100-1000 times slower than DES

• used for two services
– privacy with encryption (usually small
amounts such as session keys)
– authentication and non-repudiation with
electronic signing

24
 RSA encryption (privacy)

Alice Bob

Encrypted Clear
Encryption Decryption
Pub
Pri

Bob’s Public Key Bob’s Private Key

• Alice gets Bob’s public key

• Alice encrypts message with Bob’s public key
• Bob decrypts message using his private key

25
 RSA signatures (authentication)

Alice Bob

Clear Encryption Encrypted Decryption Clear

Pri Pub

Alice’s Private Key Alice’s Public Key

• Alice encrypts message with her private key

• Bob gets Alice’s public key
• Bob decrypts message using Alice’s public
key

26
Key Exchange – Diffie-Hellman
Algorithm

27
The Diffie-Hellman algorithm

• algorithm for secure key exchange over

insecure channels
• based on the difficulty of finding discrete
logarithms
• used to establish a shared secret between
parties (usually the key for symmetric
encryption or HMACs)

28
 Modular Exponentiation
Both g and p Are Shared and Well-Known
• Generator, g
• Modulus (prime), p
• Y = gX mod p

2^237276162930753723 mod 79927397984597926572651

29
 Diffie-Hellman Key Exchange
Private Value, XA Private Value, XB
Alice Public Value, YA Public Value, YB Bob
XA XB
YA =g mod p YB = g mod p

YA

YB

X XA XB XB
YB A mod p = g mod p = YA mod p
(shared secret)

30
 Hashing
• Hashing is a one-way function. It cannot
be reversed
– From the hash, you cannot compute the
original message
• Hashing is repeatable
– If two parties apply the same hashing method
to the same bit string, they will get the same
hash

31
Hashing

32
 Encryption Versus Hashing
Encryption Hashing

Key is usually added

Uses a key as an
to text; the two are
Use of Key input to an
combined, and the
encryption method
combination is hashed

Output is of a fixed
Length of Output is similar in
short length,
Result length to input
regardless of input

Reversible; ciphertext One-way function; hash

Reversibility can be decrypted cannot be “de-hashed” back
back to plaintext to the original string

33
Tunnel Versus Transport Mode

34
 IPsec Operation: Tunnel and
Transport Modes
Transport Mode

Site Site
Network Network
Secure Connection

Extra Security Security Extra

Software in Site in Site Software
Network Secure on Network
Required Required
the Internet

35
 IPsec Operation: Tunnel and
Transport Modes
Tunnel Mode

IPsec IPsec
Site Server Server Site
Tunneled Network
Network
Connection

No No
No No
Security Secure on Security
Extra Extra
in Site the Internet in Site
Software Software
Network Network

36
 IPsec Operation: Tunnel and
Transport Modes
Transport Mode

Destination IP Address Orig. IP IPsec Protected Packet

Is Actual Address; Hdr Hdr Data Field
Vulnerable to Scanning

Tunnel Mode

Destination IP Address is New IP IPsec Protected

IPsec Gateway Address Hdr Hdr Original Packet
Host IP Address
Is not Revealed

37
 IPsec ESP and AH Protection
Confidentiality
Encapsulating
Security IP ESP ESP
Protected
Payload Header Header Trailer

Protocol = 50 Authentication and Message Integrity

Protocol = 51

Authentication IP Authentication
Protected
Header Header Header

Authentication and Message Integrity

No Confidentiality

38
IPSec Security Protocols

39
 Modes and Protections
ESP AH
Confidentiality Authentication
Authentication Integrity
Integrity

Transport Mode Possible Possible

(End-to-End)

Tunnel Mode Possible Possible

(IPsec Gateway
to Gateway)

40
 IPSEC Concepts
• Peers
• Transform sets
• Security Associations
• Transport and Tunnel modes
• Authentication Header (AH) &
Encapsulating Security Payload (ESP)

41
 Peers
A peer of an IPSEC device is another device participating in
IPSEC. A peer can be a router, firewall, server or some
remote PC with IPSEC support.
Peering between two IPSEC device is usually a point to point
relationship
Remote office
Corporate Office

Internet
HR
servers
Peer
authentication
• Peer authentication
methods:
– Pre-shared keys Peer Authentication
– RSA signatures

42
 Transform Sets
• A transform set is a list of IPsec protocols and
cryptographic algorithms that a peer can accept.
Because IPsec allows for the use of different
protocols and algorithms, a peer needs to declare
and negotiate with other peers what it can support.

• Peers communicate the protocols and algorithms

they support by exchanging transform sets. For two
peers to communicate successfully, they must share
a common transform set, otherwise peering fails.

43
 A Transform Set
• An IPsec security protocol, AH or ESP
or both

• An integrity/Authentication algorithm
ie MD5 HMAC or SHA-1 HMAC

• An encrypting algorithm DES, 3DES.

A null encryption algorithm is also supported.

44
 Security Association
• A Security Association (SA) is a
logical connection that provides
data flowing from one peer to
another by using a transform set.
Security associations are like
logical tunnels between peers.
Traffic entering an SA is protected
and transported to the other side.

45
IPsec Security Associations
2. Security Association (SA)
for Transmissions from A to B

3. Security Association (SA)

For Transmission from B to A
Party A Party B
(Can Be Different Than
A to B SA)
1. List of 1. List of
Allowable Allowable
Security Security
Associations Associations

IPsec Policy Server

46
Security Association

47
Establishing IPsec Security
Associations Using IKE

Internet Key Exchange

Security Association
UDP Port 500
Party A Party B

First establish IKE association and

IPsec SAs
protected session

Then create IPsec SAs within the

Protection of the IKE session.

48
Five steps of IPSec

49
 Task – Prepare for IKE and IPSec

• Task 1 – Prepare for IKE and IPSec

– Determine IKE (IKE phase one) policy
– Determine IPSec (IKE phase two) policy
– Check the current configuration
• show running-configuration
• show crypto isakmp policy
• show crypto map
– Ensure the network works without encryption
• ping
– Ensure access lists are compatible with IPSec
• show access-lists

50
 Determine IKE (IKE Phase 1) Policy

• Determine the following policy details:

– Key distribution method
– Authentication method
– IPSec peer IP addresses and hostnames
– IKE phase 1 policies for all peers
• Encryption algorithm
• Hash algorithm
• IKE SA lifetime

• Goal: Minimize misconfiguration

51
IKE Phase 1 Policy Parameters

52
 Determine IPSec (IKE Phase 2) Policy
• Determine the following policy details:
– IPSec algorithms and parameters for optimal security
and performance
– Transforms and, if necessary, transform sets
– IPSec peer details
– IP address and applications of hosts to be protected
– Manual or IKE-initiated SAs

• Goal: Minimize misconfiguration

53
IPSec Transforms Supported in
Cisco IOS Software

54
Authentication Header

55
Encapsulating Security Payload

56
IPSec Policy Example

57
Identify IPSec Peers

58
Check Current Configuration

59
Ensure the Network Works

60
Ensure ACLs are Compatible with IPSec

61
 Task – Configure IKE
• Task 2 – Configure IKE
– Step 1 – Enable or disable IKE.
• crypto isakmp enable
– Step 2 – Create IKE policies.
• crypto isakmp policy
– Step 3 – Configure ISAKMP.
• crypto isakmp identity
– Step 4 – Configure pre-shared keys.
• crypto isakmp key
– Step 5 – Verify the IKE configuration.
• show crypto isakmp policy

62
Enable IKE

63
Create IKE policies

64
Create IKE Policies with the
crypto isakmp Command

65
IKE Policy Negotiation

66
Configure Pre-shared Keys

67
Verify IKE Configuration

68
 Configure IPSec
• Task 3 – Configure IPSec
– Step 1 – Configure transform set suites.
• crypto ipsec transform-set
– Step 2 – Configure global IPSec SA lifetimes.
• crypto ipsec security-association lifetime
– Step 3 – Create crypto ACLs using extended access
lists
– Step 4 – Configure IPSec crypto maps.
• crypto map
– Step 5 – Apply crypto maps to interfaces.
• crypto map map-name

69
Configure Transform Set Suites

70
Transform Set Negotiation

71
Configure Global IPSec Security
Association Lifetimes

72
Configure Global IPSec Security
Association Lifetimes

73
Purpose of Crypto ACLs

74
Create Crypto ACLs Using Extended
Access Lists

75
Create Crypto ACLs Using Extended
Access Lists

76
Configure Symmetrical Peer Crypto
ACLs

77
 Purpose of Crypto Maps
• Crypto maps pull together the various parts
configured for IPSec, including:
– The traffic to be protected by IPSec and a set of SAs
– The local address to be used for the IPSec traffic
– The destination location of IPSec-protected traffic
– The IPSec type to be applied to this traffic
– The method of establishing SAs, either manually or
by using RSA
– Other parameters needed to define an IPSec SA

78
Crypto Map Parameters

79
Configure IPSec Crypto Maps

80
Example Crypto Map Commands

81
Apply Crypto Maps to Interfaces

82
IPSec Configuration Examples

83
 Test and Verify IPSec
– Display configured IKE policies.
• show crypto isakmp policy
• (show isakmp policy on a PIX)
– Display configured transform sets.
• show crypto ipsec transform-set
– Display phase | security associations.
• show crypto isakmp sa
• (show isakmp sa on a PIX)

84
Generic Routing Encapsulation
GRE

• GRE is an OSI Layer 3 tunneling protocol:

– Encapsulates a wide variety of protocol packet types inside IP
tunnels
– Creates a virtual point-to-point link to Cisco routers at remote
points over an IP internetwork
– Uses IP for transport
– Uses an additional header to support any other OSI Layer 3
protocol as payload (for example, IP, IPX, AppleTalk)

85
Reasons for using GRE over
IPsec
– To pass multicast and broadcast traffic across
the tunnel securely
– To pass non-IP traffic securely
– To provide resiliency
– To assist in saving memory and CPU cycles
in the router, by reducing the number of SA
that need to be set up

86
 Secure GRE Tunnels
IPsec provides what GRE lacks:
•Confidentiality through encryption using symmetric
algorithms
•Data source authentication using HMACs Data
integrity verification using HMACs
IPsec is not perfect at tunneling:
•Older IOS versions do not support IP multicast over
IPsec
•IPsec was designed to tunnel IP only (no
multiprotocol support)
•Using crypto maps to implement IPsec does not
allow the use of routing protocols across the tunnel
•IPsec does not tunnel IP protocols; GRE does

87
 GRE over IPsec

• GRE over IPsec is typically used to do

the following:
– Create a logical hub-and-spoke topology of virtual point-
to-point connections
– Secure communication over an untrusted transport
network (e.g. the Internet)

88
GRE over IPsec Encapsulation

ƒ GRE encapsulates an arbitrary payload.

ƒ IPsec encapsulates unicast IP packet (GRE):
•Tunnel mode (default): IPsec creates a new
tunnel IP packet
•Transport mode: IPsec reuses the IP header of
the GRE (20 bytes less overhead than tunnel
mode)

89