8/7/2019 VPN_09

1/89

1

VPN

Olga Torstensson

IDE

Halmstad University

8/7/2019 VPN_09

2/89

2

What is a VPN?

A Virtual Private Network (VPN) isdefined as network connectivity deployed

on a shared infrastructure with the samepolicies and security as a private network.

8/7/2019 VPN_09

3/89

3

VPN Taxonomy

Overlay VPNsService providers provide virtual point-to-point links.

Peer-to-peer VPNsService providers participate in thecustomer routing.

8/7/2019 VPN_09

4/89

4

Virtual Private Networks (VPNs)

8/7/2019 VPN_09

5/89

5

Why Have VPNs?

8/7/2019 VPN_09

6/89

6

Tunneling and Encryption

8/7/2019 VPN_09

7/89

7

Plaintext, Encryption,Ciphertext, and Decryption

Network

Plaintext

Hello

Encryption

Method &

Key

Ciphertext 11011101

Encryption

Key

Ciphertext 11011101 Plaintext

Hello

Decryption

Method &

Key

Decryption

Key

Interceptor

Party A

Party B

Note:

Interceptor Cannot Read

Ciphertext Without the

Decryption Key

8/7/2019 VPN_09

8/89

8

Use VPNs with a Variety of Devices

8/7/2019 VPN_09

9/89

9

VPN Types

Remote Access VPN Solutions

8/7/2019 VPN_09

10/89

10

Site-to-Site VPN Solutions

8/7/2019 VPN_09

11/89

11

VPN Types and ApplicationsVPN Types and ApplicationsType Application As Alternative To

SiteSite--toto--SiteSite

VPNVPN

ExtranetExtranet

VPNVPN

Benefits

SiteSite--toto--SiteSite

InternalInternal

ConnectivityConnectivity

Extend ConnectivityExtend Connectivity

Increased BandwidthIncreased Bandwidth

Lower CostLower Cost

Leased LineLeased Line

Frame RelayFrame Relay

ATMATM

RemoteRemote

AccessAccess

VPNVPN

Remote DialRemote Dial

ConnectivityConnectivity

DedicatedDedicated

DialDial

ISDNISDN

Ubiquitous AccessUbiquitous Access

Lower CostLower Cost

ExternalExternal

ConnectivityConnectivity

FaxFax

MailMailFacilitatesFacilitates

EE--CommerceCommerce

8/7/2019 VPN_09

12/89

12

VPN Requirements Vary ByVPN Requirements Vary By

ApplicationApplication

Central Site

Site-to-SiteRemote Office

ExtranetBusiness Partner

POP

DSLCable

Mobile User

Home Telecommuter

VPNInternet

Extension of classic WAN

Compatibility with diversenetwork traffic types

Integration with routing

Deployment scalability

Evolution away from dial

Per-user manageability

Multi-OS (desktop) support

Deployment scalability

Site-to-Site VPNRemote Access VPN

8/7/2019 VPN_09

13/89

13

Tunneling Protocols

8/7/2019 VPN_09

14/89

14

VPN Protocols

8/7/2019 VPN_09

15/89

15

Selecting Layer 3 VPN Tunnel Options

8/7/2019 VPN_09

16/89

16

Identifying VPN and IPSec Terms

Tunnel

Encryption/Decryption

Cryptosystem

Hashing

Authentication Authorization

Key Management

Certificate of Authority Service

8/7/2019 VPN_09

17/89

17

Identifying VPN and IPSec Terms

IPSec main protocols are used to provideprotection for user data:

Authentication Header AH

Encapsulating Security Payload ESP

Internet Key Exchange IKE

Internet Security Association KeyManagement Protocol ISAKMP

8/7/2019 VPN_09

18/89

18

Cryptographic System

ConfidentialityAuthentication

Message Integrity

Anti-Replay ProtectionClient PC withCryptographic

SystemSoftware

Server withCryptographic

SystemSoftware

Secure Communication

ProvidedAutomatically

8/7/2019 VPN_09

19/89

19

Cryptosystem Overview

8/7/2019 VPN_09

20/89

20

Symmetric Encryption

8/7/2019 VPN_09

21/89

21

Asymmetric Encryption

8/7/2019 VPN_09

22/89

22

RSA

Rivest, Shamir, Adelman (1977)

patented, royalty

public key cryptosystem

variable key length (usually 512-2048 bit)

based on the (current) difficulty of factoringvery large numbers

8/7/2019 VPN_09

23/89

23

RSA

each entity has two keys

public key (can be published)

private key (must be kept secret)

it is not feasible to determine the privatekey from the public key

one key encrypts, the other key decrypts amessage

8/7/2019 VPN_09

24/89

24

RSA

100-1000 times slower than DES

used for two services

privacywith encryption (usually smallamounts such as session keys)

authenticationand non-repudiationwithelectronic signing

8/7/2019 VPN_09

25/89

25

RSA encryption (privacy)

Alice gets Bobs public key

Alice encrypts message with Bobs public key

Bob decrypts message using his private key

BobAlice

ClearEncrypted

Bobs Private KeyBobs Public Key

DecryptionDecryptionEncryptionEncryption

PriPriPub

8/7/2019 VPN_09

26/89

26

RSA signatures (authentication)

PriPri Pub

Clear ClearEncrypted

Alice encrypts message with her private key

Bob gets Alices public key

Bob decrypts message using Alices publickey

Alices Public KeyAlices Private Key

EncryptionEncryption DecryptionDecryption

BobAlice

8/7/2019 VPN_09

27/89

27

Key Exchange Diffie-Hellman

Algorithm

8/7/2019 VPN_09

28/89

28

The Diffie-Hellman algorithm

algorithm for secure key exchange overinsecure channels

based on the difficulty of finding discrete

logarithms used to establish a shared secret between

parties (usually the key for symmetricencryption or HMACs)

8/7/2019 VPN_09

29/89

29

Modular Exponentiation

Generator, gg

Modulus (prime), pp

YY = ggXX mod pp

22 237276162930753723237276162930753723mod7992739798459792657265179927397984597926572651

Both gg and pp Are Shared and Well-Known

8/7/2019 VPN_09

30/89

30

Diffie-Hellman Key ExchangePrivate Value, XXAAPublic Value, YYAA

Private Value, XXBBPublic Value, YYBB

(shared secret)

AliceAlice BobBob

YYBB mod p = g mod p =YYAA mod pXXBBXXAA XXBB

YYAA

YYBB

YYBB = g mod pXXBBYYAA =g mod p

XXAA

XXAA

8/7/2019 VPN_09

31/89

31

Hashing Hashing is a one-way function. It cannot

be reversed

From the hash, you cannot compute theoriginal message

Hashing is repeatable If two parties apply the same hashing method

to the same bit string, they will get the samehash

8/7/2019 VPN_09

32/89

32

Hashing

8/7/2019 VPN_09

33/89

33

Encryption Versus HashingEncryption

Uses a key as aninput to anencryption method

Output is similar inlength to input

Reversible; ciphertextcan be decryptedback to plaintext

Use of Key

Length ofResult

Reversibility

Hashing

Key is usually addedto text; the two arecombined, and thecombination is hashed

Output is of a fixedshort length,regardless of input

One-way function; hashcannot be de-hashed backto the original string

8/7/2019 VPN_09

34/89

34

Tunnel Versus Transport Mode

8/7/2019 VPN_09

35/89

35

IPsec Operation: Tunnel andTransport Modes

Secure Connection

Secure onthe Internet

Transport Mode

SiteNetwork

SiteNetwork

Securityin Site

Network

Securityin Site

Network

ExtraSoftwareRequired

ExtraSoftwareRequired

8/7/2019 VPN_09

36/89

36

IPsec Operation: Tunnel andTransport Modes

TunneledConnection

Secure onthe Internet

Tunnel Mode

SiteNetwork

SiteNetwork

NoSecurityin Site

Network

NoSecurityin Site

Network

NoExtra

Software

NoExtra

Software

IPsecServer

IPsecServer

8/7/2019 VPN_09

37/89

37

IPsec Operation: Tunnel andTransport Modes

Transport Mode

Orig. IPHdr

IPsecHdr

Protected PacketData Field

Destination IP AddressIs Actual Address;

Vulnerable to Scanning

Tunnel Mode

New IPHdr

IPsecHdr

ProtectedOriginal Packet

Destination IP Address isIPsec Gateway Address

Host IP AddressIs not Revealed

8/7/2019 VPN_09

38/89

38

IPsec ESP and AH Protection

IPHeader

ESPHeader

ProtectedESP

Trailer

IPHeader

AuthenticationHeader

Protected

Confidentiality

Authentication and Message Integrity

Authentication and Message IntegrityNo Confidentiality

Protocol = 50

Protocol = 51

EncapsulatingSecurityPayload

AuthenticationHeader

8/7/2019 VPN_09

39/89

39

IPSec Security Protocols

8/7/2019 VPN_09

40/89

40

Modes and Protections

PossiblePossibleTunnel Mode(IPsec Gatewayto Gateway)

PossiblePossibleTransport Mode(End-to-End)

AHAuthentication

Integrity

ESPConfidentiality

AuthenticationIntegrity

8/7/2019 VPN_09

41/89

41

IPSEC Concepts Peers

Transform sets

Security Associations

Transport and Tunnel modes

Authentication Header (AH) &Encapsulating Security Payload (ESP)

8/7/2019 VPN_09

42/89

42

Peer Authentication

Peer authenticationmethods:

Pre-shared keys

RSA signatures

HRservers

Peerauthentication

Remote officeCorporate Office

Internet

A peerof an IPSEC device is another device participating inIPSEC. A peer can be a router, firewall, server or someremote PCwith IPSEC support.

Peeringbetween two IPSEC device is usually a point to pointrelationship

Peers

8/7/2019 VPN_09

43/89

43

Transform Sets A transform set is a list of IPsec protocols and

cryptographic algorithms that a peer can accept.Because IPsec allows for the use of differentprotocols and algorithms, a peer needs to declareand negotiate with other peers what it can support.

Peers communicate the protocols and algorithmsthey support by exchanging transform sets. For twopeers to communicate successfully, they must sharea common transform set, otherwise peering fails.

8/7/2019 VPN_09

44/89

44

A Transform Set

An IPsec security protocol, AHor ESPor both

An integrity/Authentication algorithm

ie MD5 HMAC or SHA-1 HMAC

An encrypting algorithm DES, 3DES.A null encryption algorithm is also supported.

8/7/2019 VPN_09

45/89

45

Security Association

A Security Association (SA) is alogical connection that provides

data flowing from one peer to

another by using a transform set.

Security associations are likelogical tunnels between peers.

Traffic entering an SA is protectedand transported to the other side.

8/7/2019 VPN_09

46/89

46

IPsec Security Associations

IPsec Policy Server

2. Security Association (SA)for Transmissions from A to B

3. Security Association (SA)For Transmission from B to A

(Can Be Different Than

A to B SA)

Party A Party B

1. List ofAllowableSecurity

Associations

1. List ofAllowableSecurity

Associations

8/7/2019 VPN_09

47/89

47

Security Association

8/7/2019 VPN_09

48/89

48

Establishing IPsec SecurityAssociations Using IKE

Internet Key ExchangeSecurity Association

UDP Port 500

Party A Party B

IPsec SAsFirst establish IKE association andprotected session

Then create IPsec SAs within theProtection of the IKE session.

8/7/2019 VPN_09

49/89

8/7/2019 VPN_09

50/89

8/7/2019 VPN_09

51/89

51

Determine IKE (IKE Phase 1) Policy

Determine the following policy details: Key distribution method

Authentication method

IPSec peer IP addresses and hostnames

IKE phase 1 policies for all peers

Encryption algorithm Hash algorithm

IKE SA lifetime

Goal: Minimize misconfiguration

8/7/2019 VPN_09

52/89

52

IKE Phase 1 Policy Parameters

8/7/2019 VPN_09

53/89

53

Determine IPSec (IKE Phase 2) Policy

Determine the following policy details:

IPSec algorithms and parameters for optimal securityand performance

Transforms and, if necessary, transform sets

IPSec peer details

IP address and applications of hosts to be protected

Manual or IKE-initiated SAs

Goal: Minimize misconfiguration

8/7/2019 VPN_09

54/89

54

IPSec Transforms Supported in

Cisco IOS Software

8/7/2019 VPN_09

55/89

55

Authentication Header

8/7/2019 VPN_09

56/89

56

Encapsulating Security Payload

8/7/2019 VPN_09

57/89

57

IPSec Policy Example

8/7/2019 VPN_09

58/89

58

Identify IPSec Peers

8/7/2019 VPN_09

59/89

59

Check Current Configuration

8/7/2019 VPN_09

60/89

60

Ensure the Network Works

8/7/2019 VPN_09

61/89

61

Ensure ACLs are Compatible with IPSec

8/7/2019 VPN_09

62/89

62

Task Configure IKE Task 2 Configure IKE

Step 1 Enable or disable IKE. crypto isakmp enable

Step 2 Create IKE policies. crypto isakmp policy

Step 3 Configure ISAKMP.

crypto isakmp identity

Step 4 Configure pre-shared keys. crypto isakmp key

Step 5 Verify the IKE configuration. show crypto isakmp policy

8/7/2019 VPN_09

63/89

63

Enable IKE

8/7/2019 VPN_09

64/89

64

Create IKE policies

8/7/2019 VPN_09

65/89

65

Create IKE Policies with thecrypto isakmp Command

8/7/2019 VPN_09

66/89

66

IKE Policy Negotiation

8/7/2019 VPN_09

67/89

67

Configure Pre-shared Keys

8/7/2019 VPN_09

68/89

68

Verify IKE Configuration

8/7/2019 VPN_09

69/89

69

Configure IPSec Task 3 Configure IPSec

Step 1 Configure transform set suites. crypto ipsec transform-set

Step 2 Configure global IPSec SA lifetimes. crypto ipsec security-association lifetime

Step 3 Create crypto ACLs using extended access

lists Step 4 Configure IPSec crypto maps.

crypto map

Step 5 Apply crypto maps to interfaces. crypto map map-name

8/7/2019 VPN_09

70/89

70

Configure Transform Set Suites

8/7/2019 VPN_09

71/89

71

Transform Set Negotiation

8/7/2019 VPN_09

72/89

72

Configure Global IPSec Security

Association Lifetimes

8/7/2019 VPN_09

73/89

73

Configure Global IPSec Security

Association Lifetimes

8/7/2019 VPN_09

74/89

74

Purpose of Crypto ACLs

8/7/2019 VPN_09

75/89

75

Create Crypto ACLs Using Extended

Access Lists

8/7/2019 VPN_09

76/89

76

Create Crypto ACLs Using ExtendedAccess Lists

8/7/2019 VPN_09

77/89

77

Configure Symmetrical Peer Crypto

ACLs

8/7/2019 VPN_09

78/89

78

Purpose of Crypto Maps

Crypto maps pull together the various partsconfigured for IPSec, including:

The traffic to be protected by IPSec and a set of SAs

The local address to be used for the IPSec traffic

The destination location of IPSec-protected traffic

The IPSec type to be applied to this traffic

The method of establishing SAs, either manually or

by using RSA

Other parameters needed to define an IPSec SA

8/7/2019 VPN_09

79/89

79

Crypto Map Parameters

8/7/2019 VPN_09

80/89

80

Configure IPSec Crypto Maps

8/7/2019 VPN_09

81/89

81

Example Crypto Map Commands

8/7/2019 VPN_09

82/89

82

Apply Crypto Maps to Interfaces

8/7/2019 VPN_09

83/89

83

IPSec Configuration Examples

8/7/2019 VPN_09

84/89

84

Test and Verify IPSec

Display configured IKE policies.show crypto isakmp policy

(show isakmp policy on a PIX)

Display configured transform sets.show crypto ipsec transform-set

Display phase | security associations.show crypto isakmp sa

(show isakmp sa on a PIX)

8/7/2019 VPN_09

85/89

85

Generic Routing Encapsulation

GRE

GRE is an OSI Layer 3 tunneling protocol:

Encapsulates a wide variety of protocol packet types inside IPtunnels

Creates a virtual point-to-point link to Cisco routers at remotepoints over an IP internetwork

Uses IP for transport

Uses an additional header to support any other OSI Layer 3protocol as payload (for example, IP, IPX, AppleTalk)

8/7/2019 VPN_09

86/89

86

Reasons for using GRE over

IPsec

To pass multicast and broadcast traffic across

the tunnel securely

To pass non-IP traffic securely

To provide resiliency

To assist in saving memory and CPU cyclesin the router, by reducing the number of SAthat need to be set up

8/7/2019 VPN_09

87/89

87

Secure GRE TunnelsIPsec provides what GRE lacks:

Confidentiality through encryption using symmetricalgorithms

Data source authentication using HMACs Dataintegrity verification using HMACs

IPsec is not perfect at tunneling:Older IOS versions do not support IP multicast overIPsec

IPsec was designed to tunnel IP only (nomultiprotocol support)

Using crypto maps to implement IPsec does notallow the use of routing protocols across the tunnel

IPsec does not tunnel IP protocols; GRE does

8/7/2019 VPN_09

88/89

88

GRE over IPsec

GRE over IPsec is typically used to dothe following: Create a logical hub-and-spoke topology of virtual point-

to-point connections

Secure communication over an untrusted transportnetwork (e.g. the Internet)

8/7/2019 VPN_09

89/89

GRE over IPsec Encapsulation

GRE encapsulates an arbitrary payload.

IPsec encapsulates unicast IP packet (GRE):

Tunnel mode (default): IPsec creates a newtunnel IP packet

Transport mode: IPsec reuses the IP header ofthe GRE (20 bytes less overhead than tunnelmode)