IKEv2 IPsec Virtual Private Networks
Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOS
Networking Technology: Security Series

Create and manage highly-secure Ipsec VPNs with IKEv2 and Cisco FlexVPN

The IKEv2 protocol significantly improves VPN security, and Cisco?s FlexVPN offers a unified paradigm and command line interface for taking full advantage of it. Simple and modular, FlexVPN relies extensively on tunnel interfaces while maximizing compatibility with legacy VPNs. Now, two Cisco network security experts offer a complete, easy-tounderstand, and practical introduction to IKEv2, modern IPsec VPNs, and FlexVPN.

The authors explain each key concept, and then guide you through all facets of FlexVPN planning, deployment, migration, configuration, administration, troubleshooting, and optimization. You?ll discover how IKEv2 improves on IKEv1, master key IKEv2 features, and learn how to apply them with Cisco FlexVPN.

IKEv2 IPsec Virtual Private Networks offers practical design examples for many common scenarios, addressing IPv4 and IPv6, servers, clients, NAT, pre-shared keys, resiliency, overhead, and more. If you?re a network engineer, architect, security specialist, or VPN administrator, you?ll find all the knowledge you need to protect your organization with IKEv2 and FlexVPN.

• Understand IKEv2 improvements: anti-DDoS cookies, configuration payloads, acknowledged responses, and more
• Implement modern secure VPNs with Cisco IOS and IOS-XE
• Plan and deploy IKEv2 in diverse real-world environments
• Configure IKEv2 proposals, policies, profiles, keyrings, and authorization
• Use advanced IKEv2 features, including SGT transportation and IKEv2 fragmentation
• Understand FlexVPN, its tunnel interface types, and IOS AAA infrastructure
• Implement FlexVPN Server with EAP authentication, pre-shared keys, and digital signatures
• Deploy, configure, and customize FlexVPN clients
• Configure, manage, and troubleshoot the FlexVPN Load Balancer
• Improve FlexVPN resiliency with dynamic tunnel source, backup peers, and backup tunnels
• Monitor IPsec VPNs with AAA, SNMP, and Syslog
• Troubleshoot connectivity, tunnel creation, authentication, authorization, data encapsulation, data encryption, and overlay routing
• Calculate IPsec overhead and fragmentation
• Plan your IKEv2 migration: hardware, VPN technologies, routing, restrictions, capacity, PKI, authentication, availability, and more

Foreword xxvii

Introduction xxxiii

Part I Understanding IPsec VPNs

Chapter 1 Introduction to IPsec VPNs 1

The Need and Purpose of IPsec VPNs 2

Building Blocks of IPsec 2

Security Protocols 2

Security Associations 3

Key Management Protocol 3

IPsec Security Services 3

Access Control 4

Anti-replay Services 4

Confidentiality 4

Connectionless Integrity 4

Data Origin Authentication 4

Traffic Flow Confidentiality 4

Components of IPsec 5

Security Parameter Index 5

Security Policy Database 5

Security Association Database 6

Peer Authorization Database 6

Lifetime 7

Cryptography Used in IPsec VPNs 7

Symmetric Cryptography 7

Asymmetric Cryptography 8

The Diffie-Hellman Exchange 8

Public Key Infrastructure 11

Public Key Cryptography 11

Certificate Authorities 12

Digital Certificates 12

Digital Signatures Used in IKEv2 12

Pre-Shared-Keys, or Shared Secret 13

Encryption and Authentication 14

IP Authentication Header 15

Anti-Replay 16

IP Encapsulating Security Payload (ESP) 17

Authentication 18

Encryption 18

Anti-Replay 18

Encapsulation Security Payload Datagram Format 18

Encapsulating Security Payload Version 3 19

Extended Sequence Numbers 19

Traffic Flow Confidentiality 20

Dummy Packets 20

Modes of IPsec 20

IPsec Transport Mode 20

IPsec Tunnel Mode 21

Summary 22

References 22

Part II Understanding IKEv2

Chapter 2 IKEv2: The Protocol 23

IKEv2 Overview 23

The IKEv2 Exchange 24

IKE_SA_INIT 25

Diffie-Hellman Key Exchange 26

Security Association Proposals 29

Security Parameter Index (SPI) 34

Nonce 35

Cookie Notification 36

Certificate Request 38

HTTP_CERT_LOOKUP_SUPPORTED 39

Key Material Generation 39

IKE_AUTH 42

Encrypted and Authenticated Payload 42

Encrypted Payload Structure 43

Identity 44

Authentication 45

Signature-Based Authentication 46

(Pre) Shared-Key-Based Authentication 47

EAP 48

Traffic Selectors 50

Initial Contact 52

CREATE_CHILD_SA 53

IPsec Security Association Creation 53

IPsec Security Association Rekey 54

IKEv2 Security Association Rekey 54

IKEv2 Packet Structure Overview 55

The INFORMATIONAL Exchange 56

Notification 56

Deleting Security Associations 57

Configuration Payload Exchange 58

Dead Peer Detection/Keepalive/NAT Keepalive 59

IKEv2 Request – Response 61

IKEv2 and Network Address Translation 61

NAT Detection 64

Additions to RFC 7296 65

RFC 5998 An Extension for EAP-Only Authentication in IKEv2 65

RFC 5685 Redirect Mechanism for the Internet Key Exchange

Protocol Version 2 (IKEv2) 65

RFC 6989 Additional Diffie-Hellman Tests for the Internet Key

Exchange Protocol Version 2 (IKEv2) 65

RFC 6023 A Childless Initiation of the Internet

Key Exchange Version 2 (IKEv2) Security Association (SA) 66

Summary 66

References 66

Chapter 3 Comparison of IKEv1 and IKEv2 67

Brief History of IKEv1 67

Exchange Modes 69

IKEv1 70

IKEv2 71

Anti-Denial of Service 72

Lifetime 72

Authentication 73

High Availability 74

Traffic Selectors 74

Use of Identities 74

Network Address Translation 74

Configuration Payload 75

Mobility & Multi-homing 75

Matching on Identity 75

Reliability 77

Cryptographic Exchange Bloat 77

Combined Mode Ciphers 77

Continuous Channel Mode 77

Summary 77

References 78

Part III IPsec VPNs on Cisco IOS

Chapter 4 IOS IPsec Implementation 79

Modes of Encapsulation 82

GRE Encapsulation 82

GRE over IPsec 83

IPsec Transport Mode with GRE over IPsec 83

IPsec Tunnel mode with GRE over IPsec 84

Traffic 85

Multicast Traffic 85

Non-IP Protocols 86

The Demise of Crypto Maps 86

Interface Types 87

Virtual Interfaces: VTI and GRE/IPsec 87

Traffic Selection by Routing 88

Static Tunnel Interfaces 90

Dynamic Tunnel Interfaces 91

sVTI and dVTI 92

Multipoint GRE 92

Tunnel Protection and Crypto Sockets 94

Implementation Modes 96

Dual Stack 96

Mixed Mode 96

Auto Tunnel Mode 99

VRF-Aware IPsec 99

VRF in Brief 99

VRF-Aware GRE and VRF-Aware IPsec 101

VRF-Aware GRE over IPsec 102

Summary 103

Reference 104

Part IV IKEv2 Implementation

Chapter 5 IKEv2 Configuration 105

IKEv2 Configuration Overview 105

The Guiding Principle 106

Scope of IKEv2 Configuration 106

IKEv2 Configuration Constructs 106

IKEv2 Proposal 107

Configuring the IKEv2 Proposal 108

Configuring IKEv2 Encryption 111

Configuring IKEv2 Integrity 113

Configuring IKEv2 Diffie-Hellman 113

Configuring IKEv2 Pseudorandom Function 115

Default IKEv2 Proposal 115

IKEv2 Policy 117

Configuring an IKEv2 Policy 118

Configuring IKEv2 Proposals under IKEv2 Policy 119

Configuring Match Statements under IKEv2 Policy 120

Default IKEv2 Policy 121

IKEv2 Policy Selection on the Initiator 122

IKEv2 Policy Selection on Responder 124

IKEv2 Policy Configuration Examples 125

Per-peer IKEv2 Policy 125

IKEv2 Policy with Multiple Proposals 126

IKEv2 Keyring 128

Configuring IKEv2 Keyring 129

Configuring a Peer Block in Keyring 130

Key Lookup on Initiator 132

Key Lookup on Responder 133

IKEv2 Keyring Configuration Example 134

IKEv2 Keyring Key Points 136

IKEv2 Profile 136

IKEv2 Profile as Peer Authorization Database 137

Configuring IKEv2 Profile 138

Configuring Match Statements in IKEv2 Profile 139

Matching any Peer Identity 142

Defining the Scope of IKEv2 Profile 143

Defining the Local IKE Identity 143

Defining Local and Remote Authentication Methods 145

IKEv2 Dead Peer Detection 149

IKEv2 Initial Contact 151

IKEv2 SA Lifetime 151

NAT Keepalives 152

IVRF (inside VRF) 152

Virtual Template Interface 153

Disabling IKEv2 Profile 153

Displaying IKEv2 Profiles 153

IKEv2 Profile Selection on Initiator and Responder 154

IKEv2 Profile Key Points 154

IKEv2 Global Configuration 155

HTTP URL-based Certificate Lookup 156

IKEv2 Cookie Challenge 156

IKEv2 Call Admission Control 157

IKEv2 Window Size 158

Dead Peer Detection 158

NAT Keepalive 159

IKEv2 Diagnostics 159

PKI Configuration 159

Certificate Authority 160

Public-Private Key Pair 162

PKI Trustpoint 163

PKI Example 164

IPsec Configuration 166

IPsec Profile 167

IPsec Configuration Example 168

Smart Defaults 168

Summary 169

Chapter 6 Advanced IKEv2 Features 171

Introduction to IKEv2 Fragmentation 171

IP Fragmentation Overview 172

IKEv2 and Fragmentation 173

IKEv2 SGT Capability Negotiation 178

IKEv2 Session Authentication 181

IKEv2 Session Deletion on Certificate Revocation 182

IKEv2 Session Deletion on Certificate Expiry 184

IKEv2 Session Lifetime 185

Summary 187

References 188

Chapter 7 IKEv2 Deployments 189

Pre-shared-key Authentication with Smart Defaults 189

Elliptic Curve Digital Signature Algorithm Authentication 194

RSA Authentication Using HTTP URL Lookup 200

IKEv2 Cookie Challenge and Call Admission Control 207

Summary 210

Part V FlexVPN

Chapter 8 Introduction to FlexVPN 211

FlexVPN Overview 211

The Rationale 212

FlexVPN Value Proposition 213

FlexVPN Building Blocks 213

IKEv2 213

Cisco IOS Point-to-Point Tunnel Interfaces 214

Configuring Static P2P Tunnel Interfaces 214

Configuring Virtual-Template Interfaces 216

Auto-Detection of Tunnel Encapsulation and Transport 219

Benefits of Per-Peer P2P Tunnel Interfaces 221

Cisco IOS AAA Infrastructure 221

Configuring AAA for FlexVPN 222

IKEv2 Name Mangler 223

Configuring IKEv2 Name Mangler 224

Extracting Name from FQDN Identity 225

Extracting Name from Email Identity 226

Extracting Name from DN Identity 226

Extracting Name from EAP Identity 227

IKEv2 Authorization Policy 228

Default IKEv2 Authorization Policy 229

FlexVPN Authorization 231

Configuring FlexVPN Authorization 233

FlexVPN User Authorization 235

FlexVPN User Authorization, Using an External AAA Server 235

FlexVPN Group Authorization 237

FlexVPN Group Authorization, Using a Local AAA Database 238

FlexVPN Group Authorization, Using an External AAA Server 239

FlexVPN Implicit Authorization 242

FlexVPN Implicit Authorization Example 243

FlexVPN Authorization Types: Co-existence and Precedence 245

User Authorization Taking Higher Precedence 247

Group Authorization Taking Higher Precedence 249

FlexVPN Configuration Exchange 250

Enabling Configuration Exchange 250

FlexVPN Usage of Configuration Payloads 251

Configuration Attributes and Authorization 253

Configuration Exchange Examples 259

FlexVPN Routing 264

Learning Remote Subnets Locally 265

Learning Remote Subnets from Peer 266

Summary 268

Chapter 9 FlexVPN Server 269

Sequence of Events 270

EAP Authentication 271

EAP Methods 272

EAP Message Flow 273

EAP Identity 273

EAP Timeout 275

EAP Authentication Steps 275

Configuring EAP 277

EAP Configuration Example 278

AAA-based Pre-shared Keys 283

Configuring AAA-based Pre-Shared Keys 284

RADIUS Attributes for AAA-Based Pre-Shared Keys 285

AAA-Based Pre-Shared Keys Example 285

Accounting 287

Per-Session Interface 290

Deriving Virtual-Access Configuration from a Virtual Template 291

Deriving Virtual-Access Configuration from AAA Authorization 293

The interface-config AAA Attribute 293

Deriving Virtual-Access Configuration from an Incoming Session 294

Virtual-Access Cloning Example 295

Auto Detection of Tunnel Transport and Encapsulation 297

RADIUS Packet of Disconnect 299

Configuring RADIUS Packet of Disconnect 300

RADIUS Packet of Disconnect Example 301

RADIUS Change of Authorization (CoA) 303

Configuring RADIUS CoA 304

RADIUS CoA Examples 305

Updating Session QoS Policy, Using CoA 305

Updating the Session ACL, Using CoA 307

IKEv2 Auto-Reconnect 309

Auto-Reconnect Configuration Attributes 310

Smart DPD 311

Configuring IKEv2 Auto-Reconnect 313

User Authentication, Using AnyConnect-EAP 315

AnyConnect-EAP 315

AnyConnect-EAP XML Messages for User Authentication 316

Configuring User Authentication, Using AnyConnect-EAP 318

AnyConnect Configuration for Aggregate Authentication 320

Dual-factor Authentication, Using AnyConnect-EAP 320

AnyConnect-EAP XML Messages for dual-factor authentication 322

Configuring Dual-factor Authentication, Using AnyConnect-EAP 324

RADIUS Attributes Supported by the FlexVPN Server 325

Remote Access Clients Supported by FlexVPN Server 329

FlexVPN Remote Access Client 329

Microsoft Windows7 IKEv2 Client 329

Cisco IKEv2 AnyConnect Client 330

Summary 330

Reference 330

Chapter 10 FlexVPN Client 331

Introduction 331

FlexVPN Client Overview 332

FlexVPN Client Building Blocks 333

IKEv2 Configuration Exchange 334

Static Point-to-Point Tunnel Interface 334

FlexVPN Client Profile 334

Object Tracking 334

NAT 335

FlexVPN Client Features 335

Dual Stack Support 335

EAP Authentication 335

Dynamic Routing 335

Support for EzVPN Client and Network Extension Modes 336

Graham Bartlett, CCIE No. 26709, has designed a number of large scale Virtual Private Networks within the UK and worked with customers throughout the world using IKEv2 and Next Generation Encryption. Graham’s interests include Security and Virtual Private Networks. Within this space he has discovered zero-day vulnerabilities, including the higest severity security advisory in the March 2015 Cisco IOS software and IOS XE software security advisory bundled publication. He has contributed to numerous IETF RFCs, and has intellectual property published as prior art. He is a CiscoLive speaker and has developed Cisco Security exam content (CCIE/CCNP). He is a CCP (Senior) IA Architect, CCP (Practitioner) Security & Information Risk Advisor, CCNP, CISSP, Cisco Security Ninja and holds a BSc(Hons) in Computer Systems and Networks.

Amjad Inamdar CISSP 460898, is a Senior Technical Leader with Cisco IOS Security Engineering, India. He has primarily worked on design, development and deployment of Cisco IOS secure connectivity solutions including the industry leading FlexVPN, DMVPN, GETVPN and EzVPN solutions and is currently working on the Cisco next generation SD-WAN solution. He has contributed to IETF drafts, holds a Cisco patent and has prior art publications. He holds many industry certifications including CISSP, CCSK, CCNP Security, CCDP, CCNP R/S, CCNA (SP, Data Center, Wireless, Voice), Cisco Security Ninja and has presented security at conferences, internal forums and to Cisco customers and partners. He holds a degree (B.E) in Electronics and Communication Engineering.

Understand the IKEv2 protocol, and learn to configure it in Cisco FlexVPN environments

• Learn how IKEv2 improves on and fits with previous IPSec VPN and PKI technologies
• Contains design scenarios directly relevant to typical enterprise IPSec VPN requirements
• Includes detailed configuration examples you can practice in your networking lab
• Presents practical migration scenarios for transitioning from IKEv1 legacy solutions
• Will be useful to anyone who wants to implement IKEv2, regardless of solution or vendor