CH7

SecuringSitetoSiteConnectivity

SecurityisaconcernwhenusingthepublicInternettoconductbusiness.VirtualPrivateNetworks(VPNs)areusedto
ensurethesecurityofdataacrosstheInternet.AVPNisusedtocreateaprivatetunneloverapublicnetwork.Datacanbe
securedbyusingencryptioninthistunnelthroughtheInternetandbyusingauthenticationtoprotectdatafromunauthorized
access.
ThischapterexplainstheconceptsandprocessesrelatedtoVPNs,aswellasthebenefitsofVPNimplementationsandthe
underlyingprotocolsrequiredtoconfigureVPNs.
VPNsataGlance
Asmalltomediumsizedbusinessisgrowingandneedscustomers,teleworkers,andwired/wirelessemployeestobeable
toaccessthemainnetworkfromanylocation.Asthenetworkadministratorforthebusiness,youhavedecidedtoimplement
VPNsforsecurity,networkaccessease,andcostsavings.
ItisyourjobtoensurethatallofthenetworkadministratorsstarttheVPNplanningprocesswiththesameknowledgeset.
FourbasicVPNinformationalareasneedtoberesearchedandpresentedtothenetworkadministrativeteam:

ConcisedefinitionofVPNs

SomegeneralVPNfacts

IPsecasaVPNsecurityoption

WaysVPNsusetunneling

FundamentalsofVPNs
Organizationsneedsecure,reliable,andcosteffectivewaystointerconnectmultiplenetworks,suchasallowingbranch
officesandsupplierstoconnecttoacorporationsheadquarternetwork.Additionally,withthegrowingnumberof
teleworkers,enterpriseshaveanincreasingneedforsecure,reliable,andcosteffectivewaystoconnectemployeesworking
insmalloffice/homeoffice(SOHO)andotherremotelocations,withresourcesoncorporatesites.
Thefigureillustratesthetopologiesthatmodernnetworksusetoconnectremotelocations.Insomecases,theremote
locationsconnectonlytotheheadquarterslocation,whileinothercases,remotelocationsconnecttoadditionalsites.
OrganizationsuseVPNstocreateanendtoendprivatenetworkconnectionoverthirdpartynetworkssuchastheInternet
orextranets.Thetunneleliminatesthedistancebarrierandenablesremoteuserstoaccesscentralsitenetworkresources.
AVPNisaprivatenetworkcreatedviatunnelingoverapublicnetwork,usuallytheInternet.AVPNisacommunications
environmentinwhichaccessisstrictlycontrolledtopermitpeerconnectionswithinadefinedcommunityofinterest.
ThefirstVPNswerestrictlyIPtunnelsthatdidnotincludeauthenticationorencryptionofthedata.Forexample,Generic
RoutingEncapsulation(GRE)isatunnelingprotocoldevelopedbyCiscothatcanencapsulateawidevarietyofnetwork
layerprotocolpackettypesinsideIPtunnels.ThiscreatesavirtualpointtopointlinktoCiscoroutersatremotepointsover
anIPinternetwork.

Today,asecureimplementationofVPNwithencryption,suchasIPsecVPNs,iswhatisusuallymeantbyvirtualprivate
networking.
ToimplementVPNs,aVPNgatewayisnecessary.TheVPNgatewaycouldbearouter,afirewall,oraCiscoAdaptive
SecurityAppliance(ASA).AnASAisastandalonefirewalldevicethatcombinesfirewall,VPNconcentrator,andintrusion
preventionfunctionalityintoonesoftwareimage.
Asshowninthefigure,aVPNusesvirtualconnectionsthatareroutedthroughtheInternetfromtheprivatenetworkofan
organizationtotheremotesiteoremployeehost.Theinformationfromaprivatenetworkissecurelytransportedoverthe
publicnetwork,toformavirtualnetwork.
ThebenefitsofaVPNincludethefollowing:

CostsavingsVPNsenableorganizationstousecosteffective,thirdpartyInternettransporttoconnectremoteoffices
andremoteuserstothemainsitetherefore,eliminatingexpensive,dedicatedWANlinksandmodembanks.
Furthermore,withtheadventofcosteffective,highbandwidthtechnologies,suchasDSL,organizationscanuseVPNs
toreducetheirconnectivitycostswhilesimultaneouslyincreasingremoteconnectionbandwidth.

ScalabilityVPNsenableorganizationstousetheInternetinfrastructurewithinISPsanddevices,whichmakesit
easytoaddnewusers.Therefore,organizationsareabletoaddlargeamountsofcapacitywithoutaddingsignificant
infrastructure.

CompatibilitywithbroadbandtechnologyVPNsallowmobileworkersandtelecommuterstotakeadvantageof
highspeed,broadbandconnectivity,suchasDSLandcable,toaccesstotheirorganizationsnetworks.Broadband
connectivityprovidesflexibilityandefficiency.Highspeed,broadbandconnectionsalsoprovideacosteffectivesolution
forconnectingremoteoffices.

SecurityVPNscanincludesecuritymechanismsthatprovidethehighestlevelofsecuritybyusingadvanced
encryptionandauthenticationprotocolsthatprotectdatafromunauthorizedaccess.

TherearetwotypesofVPNnetworks:

Sitetosite

Remoteaccess

SitetoSiteVPN
AsitetositeVPNiscreatedwhendevicesonbothsidesoftheVPNconnectionareawareoftheVPNconfigurationin
advance,asshowninthefigure.TheVPNremainsstatic,andinternalhostshavenoknowledgethataVPNexists.Ina
sitetositeVPN,endhostssendandreceivenormalTCP/IPtrafficthroughaVPNgateway.TheVPNgatewayis
responsibleforencapsulatingandencryptingoutboundtrafficforalltrafficfromaparticularsite.TheVPNgatewaythen
sendsitthroughaVPNtunnelovertheInternettoapeerVPNgatewayatthetargetsite.Uponreceipt,thepeerVPN
gatewaystripstheheaders,decryptsthecontent,andrelaysthepackettowardthetargethostinsideitsprivatenetwork.
AsitetositeVPNisanextensionofaclassicWANnetwork.SitetositeVPNsconnectentirenetworkstoeachother,for
example,theycanconnectabranchofficenetworktoacompanyheadquartersnetwork.Inthepast,aleasedlineorFrame
Relayconnectionwasrequiredtoconnectsites,butbecausemostcorporationsnowhaveInternetaccess,these
connectionscanbereplacedwithsitetositeVPNs.
RemoteaccessVPNs

WhereasitetositeVPNisusedtoconnectentirenetworks,aremoteaccessVPNsupportstheneedsoftelecommuters,
mobileusers,andextranet,consumertobusinesstraffic.AremoteaccessVPNiscreatedwhenVPNinformationisnot
staticallysetup,butinsteadallowsfordynamicallychanginginformation,andcanbeenabledanddisabled.Remoteaccess
VPNssupportaclient/serverarchitecture,wheretheVPNclient(remotehost)gainssecureaccesstotheenterprise
networkviaaVPNserverdeviceatthenetworkedge.
RemoteaccessVPNsareusedtoconnectindividualhoststhatmustaccesstheircompanynetworksecurelyoverthe
Internet.Internetconnectivityusedbytelecommutersistypicallyabroadband,DSL,wireless,orcableconnection,as
indicatedinthefigure.
VPNclientsoftwaremayneedtobeinstalledonthemobileusersenddeviceforexample,eachhostmayhaveCisco
AnyConnectSecureMobilityClientsoftwareinstalled.Whenthehosttriestosendanytraffic,theCiscoAnyConnectVPN
Clientsoftwareencapsulatesandencryptsthistraffic.TheencrypteddataisthensentovertheInternettotheVPNgateway
attheedgeofthetargetnetwork.Uponreceipt,theVPNgatewaybehavesasitdoesforsitetositeVPNs.
Note:TheCiscoAnyConnectSecureMobilityClientsoftwarebuildsonpriorCiscoAnyConnectVPNClientandCiscoVPN
ClientofferingstoimprovethealwaysonVPNexperienceacrossmorelaptopandsmartphonebasedmobiledevices.This
clientsupportsIPv6.

FundamentalsofGenericRoutingEncapsulation
GenericRoutingEncapsulation(GRE)isoneexampleofabasic,nonsecure,sitetositeVPNtunnelingprotocol.GREisa
tunnelingprotocoldevelopedbyCiscothatcanencapsulateawidevarietyofprotocolpackettypesinsideIPtunnels.GRE
createsavirtualpointtopointlinktoCiscoroutersatremotepoints,overanIPinternetwork.
GREisdesignedtomanagethetransportationofmultiprotocolandIPmulticasttrafficbetweentwoormoresites,thatmay
onlyhaveIPconnectivity.ItcanencapsulatemultipleprotocolpackettypesinsideanIPtunnel.
Asshowninthefigure,atunnelinterfacesupportsaheaderforeachofthefollowing:

Anencapsulatedprotocol(orpassengerprotocol),suchasIPv4,IPv6,AppleTalk,DECnet,orIPX

Anencapsulationprotocol(orcarrier),suchasGRE

Atransportdeliveryprotocol,suchasIP,whichistheprotocolthatcarriestheencapsulatedprotocol

GREisatunnelingprotocoldevelopedbyCiscothatcanencapsulateawidevarietyofprotocolpackettypesinsideIP
tunnels,creatingavirtualpointtopointlinktoCiscoroutersatremotepointsoveranIPinternetwork.IPtunnelingusing
GREenablesnetworkexpansionacrossasingleprotocolbackboneenvironment.Itdoesthisbyconnectingmultiprotocol
subnetworksinasingleprotocolbackboneenvironment.
GREhasthesecharacteristics:

GREisdefinedasanIETFstandard(RFC2784).

IntheouterIPheader,47isusedintheprotocolfieldtoindicatethataGREheaderwillfollow.

GREencapsulationusesaprotocoltypefieldintheGREheadertosupporttheencapsulationofanyOSILayer3
protocol.ProtocolTypesaredefinedinRFC1700as"EtherTypes".

GREitselfisstatelessbydefaultitdoesnotincludeanyflowcontrolmechanisms.

GREdoesnotincludeanystrongsecuritymechanismstoprotectitspayload.

TheGREheader,togetherwiththetunnelingIPheaderindicatedinthefigure,createsatleast24bytesofadditional
overheadfortunneledpackets.

GREisusedtocreateaVPNtunnelbetweentwosites,asshowninFigure1.ToimplementaGREtunnel,thenetwork
administratormustfirstlearntheIPaddressesoftheendpoints.Afterthat,therearefivestepstoconfiguringaGREtunnel:
Step1.Createatunnelinterfaceusingtheinterfacetunnelnumbercommand.
Step2.SpecifythetunnelsourceIPaddress.
Step3.SpecifythetunneldestinationIPaddress.
Step4.ConfigureanIPaddressforthetunnelinterface.
Step5.(Optional)SpecifyGREtunnelmodeasthetunnelinterfacemode.GREtunnelmodeisthedefaulttunnelinterface
modeforCiscoIOSsoftware.
ThesampleconfigurationinFigure2illustratesabasicGREtunnelconfigurationforrouterR1.

TheconfigurationofR2inFigure3mirrorstheconfigurationofR1.
Theminimumconfigurationrequiresspecificationofthetunnelsourceanddestinationaddresses.TheIPsubnetmustalso
beconfiguredtoprovideIPconnectivityacrossthetunnellink.Bothtunnelinterfaceshavethetunnelsourcesetasthelocal
serialS0/0/0interfaceandthetunneldestinationsetasthepeerrouterserialS0/0/0interface.TheIPaddressisassigned
tothetunnelinterfacesonbothrouters.OSPFhasalsobeenconfiguredtoexchangeroutesovertheGREtunnel.
TheindividualGREtunnelcommanddescriptionsaredisplayedinFigure4.
Note:WhenconfiguringGREtunnels,itcanbedifficulttorememberwhichIPnetworksareassociatedwiththephysical
interfacesandwhichIPnetworksareassociatedwiththetunnelinterfaces.RememberthatbeforeaGREtunneliscreated,
thephysicalinterfaceshavealreadybeenconfigured.Thetunnelsourceandtunneldestinationcommands
referencetheIPaddressesofthepreconfiguredphysicalinterfaces.Theipaddresscommandonthetunnelinterfaces
referstoanIPnetworkspecificallymanufacturedforthepurposesoftheGREtunnel.

ThereareseveralcommandsthatcanbeusedtomonitorandtroubleshootGREtunnels.Todeterminewhetherthetunnel
interfaceisupordown,usetheshowipinterfacebriefcommand,asshowninFigure1.
ToverifythestateofaGREtunnel,usetheshowinterfacetunnelcommand.ThelineprotocolonaGREtunnel
interfaceisupaslongasthereisaroutetothetunneldestination.BeforeimplementingaGREtunnel,IPconnectivitymust
alreadybeineffectbetweentheIPaddressesofthephysicalinterfacesonoppositeendsofthepotentialGREtunnel.The
tunneltransportprotocolisdisplayedintheoutput,alsoshowninFigure1.
IfOSPFhasalsobeenconfiguredtoexchangeroutesovertheGREtunnel,verifythatanOSPFadjacencyhasbeen
establishedoverthetunnelinterfaceusingtheshowipospfneighborcommand.InFigure2,notethatthepeering
addressfortheOSPFneighborisontheIPnetworkcreatedfortheGREtunnel.

InFigure3,usetheSyntaxCheckertoconfigureandverifyaGREtunnelonR2followedbyR1.
GREisconsideredaVPNbecauseitisaprivatenetworkthatiscreatedbytunnelingoverapublicnetwork.Using
encapsulation,aGREtunnelcreatesavirtualpointtopointlinktoCiscoroutersatremotepointsoveranIPinternetwork.
TheadvantagesofGREarethatitcanbeusedtotunnelnonIPtrafficoveranIPnetwork,allowingfornetworkexpansionby
connectingmultiprotocolsubnetworksacrossasingleprotocolbackboneenvironment.GREalsosupportsIPmulticast
tunneling.Thismeansthatroutingprotocolscanbeusedacrossthetunnel,enablingdynamicexchangeofrouting
informationinthevirtualnetwork.Finally,itiscommonpracticetocreateIPv6overIPv4GREtunnels,whereIPv6isthe
encapsulatedprotocolandIPv4isthetransportprotocol.Inthefuture,theseroleswilllikelybereversedasIPv6takesover
asthestandardIPprotocol.
However,GREdoesnotprovideencryptionoranyothersecuritymechanisms.Therefore,datasentacrossaGREtunnelis
notsecure.Ifsecuredatacommunicationisneeded,IPsecorSSLVPNsshouldbeconfigured.
IPsecVPNsofferflexibleandscalableconnectivity.Sitetositeconnectionscanprovideasecure,fast,andreliableremote
connection.WithanIPsecVPN,theinformationfromaprivatenetworkissecurelytransportedoverapublicnetwork.This
formsavirtualnetworkinsteadofusingadedicatedLayer2connection,asshowninthefigure.Toremainprivate,thetraffic
isencryptedtokeepthedataconfidential.
IPsecisanIETFstandardthatdefineshowaVPNcanbeconfiguredinasecuremannerusingtheInternetProtocol.
IPsecisaframeworkofopenstandardsthatspellsouttherulesforsecurecommunications.IPsecisnotboundtoany
specificencryption,authentication,securityalgorithms,orkeyingtechnology.Rather,IPsecreliesonexistingalgorithmsto
implementsecurecommunications.IPsecallowsnewerandbetteralgorithmstobeimplementedwithoutamendingthe
existingIPsecstandards.
IPsecworksatthenetworklayer,protectingandauthenticatingIPpacketsbetweenparticipatingIPsecdevices,alsoknown
aspeers.IPsecsecuresapathbetweenapairofgateways,apairofhosts,oragatewayandhost.Asaresult,IPseccan
protectvirtuallyallapplicationtrafficbecausetheprotectioncanbeimplementedfromLayer4toLayer7.
AllimplementationsofIPsechaveaplaintextLayer3header,sotherearenoissueswithrouting.IPsecfunctionsoverall
Layer2protocols,suchasEthernet,ATM,orFrameRelay.
IPseccharacteristicscanbesummarizedasfollows:

IPsecisaframeworkofopenstandardsthatisalgorithmindependent.

IPsecprovidesdataconfidentiality,dataintegrity,andoriginauthentication.

IPsecactsatthenetworklayer,protectingandauthenticatingIPpackets.

IPsecsecurityservicesprovidefourcriticalfunctions,asshowninthefigure:

Confidentiality(encryption)InaVPNimplementation,privatedatatravelsoverapublicnetwork.Forthisreason,
dataconfidentialityisvital.Itcanbeattainedbyencryptingthedatabeforetransmittingitacrossthenetwork.Thisis
theprocessoftakingallthedatathatonecomputerissendingtoanotherandencodingitintoaformthatonlythe
othercomputerwillbeabletodecode.Ifthecommunicationisintercepted,itcannotbereadbyahacker.IPsec
providesenhancedsecurityfeatures,suchasstrongencryptionalgorithms.

DataIntegrityThereceivercanverifythatthedatawastransmittedthroughtheInternetwithoutbeingchangedor
alteredinanyway.Whileitisimportantthatdataisencryptedoverapublicnetwork,itisjustasimportanttoverify
thatithasnotbeenchangedwhileintransit.IPsechasamechanismtoensurethattheencryptedportionofthe

packet,ortheentireheaderanddataportionofthepacket,hasnotbeenchanged.IPsecensuresdataintegrityby
usingchecksums,whichisasimpleredundancycheck.Iftamperingisdetected,thepacketisdropped.

AuthenticationVerifytheidentityofthesourceofthedatathatissent.Thisisnecessarytoguardagainstanumber
ofattacksthatdependonspoofingtheidentityofthesender.Authenticationensuresthattheconnectionismadewith
thedesiredcommunicationpartner.Thereceivercanauthenticatethesourceofthepacketbycertifyingthesourceof
theinformation.IPsecusesInternetKeyExchange(IKE)toauthenticateusersanddevicesthatcancarryout
communicationindependently.IKEusesseveraltypesofauthentication,includingusernameandpassword,onetime
password,biometrics,presharedkey(PSK),anddigitalcertificates.

AntiReplayProtectionThisistheabilitytodetectandrejectreplayedpacketsandhelpspreventspoofing.
Antireplayprotectionverifiesthateachpacketisuniqueandnotduplicated.IPsecpacketsareprotectedby
comparingthesequencenumberofthereceivedpacketswithaslidingwindowonthedestinationhostorsecurity
gateway.Apacketthathasasequencenumberthatisbeforetheslidingwindowisconsideredtobelateora
duplicatepacket.Lateandduplicatepacketsaredropped.

TheacronymCIAisoftenusedtohelprememberthefirstthreeofthesefunctions:confidentiality,integrity,and
authentication.
Confidentiality
VPNtrafficiskeptconfidentialwithencryption.PlaintextdatathatistransportedovertheInternetcanbeinterceptedand
read.Encryptthedatetokeepitprivate.Digitallyencryptingthedatarendersitunreadableuntilitisunencryptedbythe
authorizedreceiver.
Forencryptedcommunicationtowork,boththesenderandthereceivermustknowtherulesthatareusedtotransformthe
originalmessageintoitscodedform.Rulesarebasedonalgorithmsandassociatedkeys.Inthecontextofencryption,an
algorithmisamathematicalsequenceofstepsthatcombinesamessage,text,digits,orallthreewithastringofdigitsthat
arecalledakey.Theoutputisanunreadablecipherstring.Theencryptionalgorithmalsospecifieshowanencrypted
messageisdecrypted.Decryptionisextremelydifficultorimpossiblewithoutthecorrectkey.
Inthefigure,Gailwantstosendanelectronicfundstransfer(EFT)acrosstheInternettoJeremy.Atthelocalend,the
documentiscombinedwithakeyandrunthroughanencryptionalgorithm.Theoutputisencryptedciphertext.The
ciphertextisthensentthroughtheInternet.Attheremoteend,themessageisrecombinedwithakeyandsentback
throughtheencryptionalgorithm.Theoutputistheoriginalfinancialdocument.
ConfidentialityisachievedthroughtheencryptionoftrafficasittravelsthroughaVPN.Thedegreeofsecuritydependson
thekeylengthoftheencryptionalgorithmandthesophisticationofthealgorithm.Ifahackertriestohackthekeythrougha
bruteforceattack,thenumberofpossibilitiestotryisafunctionofthekeylength.Thetimetoprocessallofthe
possibilitiesisafunctionofthecomputerpoweroftheattackingdevice.Theshorterthekey,theeasieritistobreak.For
example,wherearelativelysophisticatedcomputermaytakeapproximatelyoneyeartobreaka64bitlongkey,thesame
computermaytakeanywherefrom10to19yearstodecrypta128bitlongkey.
Thedegreeofsecuritydependsonthekeylengthoftheencryptionalgorithm.Askeylengthincreases,itbecomesmore
difficulttobreaktheencryption.However,alongerkeyrequiresmoreprocessorresourceswhenencryptinganddecrypting
data.
DESand3DESarenolongerconsideredsecuretherefore,itisrecommendedthatAESbeusedforIPsecencryption.The
greatestsecurityforIPsecencryptionofVPNsbetweenCiscodevicesisprovidedbythe256bitoptionofAES.Inaddition,

512bitand768bitRivestShamirAdleman(RSA)keyshavebeencrackedandCiscorecommendsusing2048bitkeyswith
theRSAoption,ifusedduringtheauthenticationphaseofIKE.
SymmetricEncryption
Encryptionalgorithms,suchasAES,requireasharedsecretkeytoperformencryptionanddecryption.Eachofthetwo
networkingdevicesmustknowthekeytodecodetheinformation.Withsymmetrickeyencryption,alsocalledsecretkey
encryption,eachdeviceencryptstheinformationbeforesendingitoverthenetworktotheotherdevice.Symmetrickey
encryptionrequiresknowledgeofwhichdevicestalktoeachothersothatthesamekeycanbeconfiguredoneachdevice,
asdepictedinFigure1.
Forexample,asendercreatesacodedmessagewhereeachletterissubstitutedwiththeletterthatistwolettersdownin
thealphabetAbecomesC,BbecomesD,andsoon.Inthiscase,thewordSECRETbecomesUGETGV.Thesenderhas
alreadytoldtherecipientthatthesecretkeyisshiftby2.WhentherecipientreceivesthemessageUGETGV,therecipient
computerdecodesthemessagebyshiftingbacktwolettersandcalculatingSECRET.Anyoneelsewhoseesthemessage
seesonlytheencryptedmessage,whichlookslikenonsense,unlessthepersonknowsthesecretkey.
Hereisasynopsisforsymmetricalgorithms:

Usessymmetrickeycryptography

Encryptionanddecryptionusethesamekey

Typicallyusedtoencryptthecontentofthemessage

Examples:DES,3DES,andAES

Howdotheencryptinganddecryptingdevicesbothhaveasharedsecretkey?Onecoulduseemail,courier,orovernight
expresstosendthesharedsecretkeystotheadministratorsofthedevices.Another,moresecuremethodisasymmetric
encryption.
AsymmetricEncryption
Asymmetricencryptionusesdifferentkeysforencryptionanddecryption.Knowingoneofthekeysdoesnotallowahacker
todeducethesecondkeyanddecodetheinformation.Onekeyencryptsthemessage,whileasecondkeydecryptsthe
message,asdepictedinFigure2.Itisnotpossibletoencryptanddecryptwiththesamekey.
Publickeyencryptionisavariantofasymmetricencryptionthatusesacombinationofaprivatekeyandapublickey.The
recipientgivesapublickeytoanysenderwithwhomtherecipientwantstocommunicate.Thesenderusesaprivatekey
thatiscombinedwiththepublickeyoftherecipienttoencryptthemessage.Also,thesendermustshareitspublickey
withtherecipient.Todecryptamessage,therecipientwillusethepublickeyofthesenderwithitsownprivatekey.
Hereisasynopsisforasymmetricalgorithms:

Usespublickeycryptography

Encryptionanddecryptionuseadifferentkey

Typicallyusedindigitalcertificationandkeymanagement

Examples:RSA

DataIntegrity

DiffieHellman(DH)isnotanencryptionmechanismandisnottypicallyusedtoencryptdata.Instead,itisamethodto
securelyexchangethekeysthatencryptdata.(DH)algorithmsallowtwopartiestoestablishasharedsecretkeythatis
usedbyencryptionandhashalgorithms.
IntroducedbyWhitfieldDiffieandMartinHellmanin1976,DHwasthefirstsystemtoutilizepublickeyorasymmetric
cryptographickeys.Today,DHispartoftheIPsecstandard.Also,aprotocolknownasOAKLEYusesaDHalgorithm.
OAKLEYisusedbytheIKEprotocol,whichispartoftheoverallframeworkcalledInternetSecurityAssociationandKey
ManagementProtocol.
EncryptionalgorithmssuchasDES,3DES,andAES,aswellastheMD5andSHA1hashingalgorithmsrequirea
symmetric,sharedsecretkeytoperformencryptionanddecryption.Howdotheencryptinganddecryptingdevicesgetthe
sharedsecretkey?Theeasiestkeyexchangemethodisapublickeyexchangemethodbetweentheencryptingand
decryptingdevices.
TheDHalgorithmspecifiesapublickeyexchangemethodthatprovidesawayfortwopeerstoestablishasharedsecret
keythatonlytheyknow,althoughtheyarecommunicatingoveraninsecurechannel.Likeallcryptographicalgorithms,DH
keyexchangeisbasedonamathematicalsequenceofsteps.
TheintegrityandauthenticationofVPNtrafficishandledbyhashalgorithms.Hashesprovidedataintegrityand
authenticationbyensuringthatunauthorizedpersonsdonottamperwithtransmittedmessages.Ahash,alsocalleda
messagedigest,isanumberthatisgeneratedfromastringoftext.Thehashissmallerthanthetextitself.Itisgenerated
byusingaformulainsuchawaythatitisextremelyunlikelythatsomeothertextwillproducethesamehashvalue.
Theoriginalsendergeneratesahashofthemessageandsendsitwiththemessageitself.Therecipientparsesthe
messageandthehash,producesanotherhashfromthereceivedmessage,andcomparesthetwohashes.Iftheyarethe
same,therecipientcanbereasonablysureoftheintegrityoftheoriginalmessage.
Inthefigure,GailsentAlexanEFTof$100.JeremyhasinterceptedandalteredthisEFTtoshowhimselfastherecipient
andtheamountas$1000.Inthiscase,ifadataintegrityalgorithmwereused,thehasheswouldnotmatch,andthe
transactionwouldbeinvalid.
VPNdataistransportedoverthepublicInternet.Asshown,thereispotentialforthisdatatobeinterceptedandmodified.To
guardagainstthisthreat,hostscanaddahashtothemessage.Ifthetransmittedhashmatchesthereceivedhash,the
integrityofthemessagehasbeenpreserved.However,ifthereisnomatch,themessagewasaltered.
VPNsuseamessageauthenticationcodetoverifytheintegrityandtheauthenticityofamessage,withoutusingany
additionalmechanisms.
HashbasedMessageAuthenticationCode(HMAC)isamechanismformessageauthenticationusinghashfunctions.A
keyedHMACisadataintegrityalgorithmthatguaranteestheintegrityofamessage.AnHMAChastwoparameters,a
messageinputandasecretkeythatisknownonlytothemessageoriginatorandintendedreceivers.Themessagesender
usesanHMACfunctiontoproduceavalue(themessageauthenticationcode)thatisformedbycondensingthesecretkey
andthemessageinput.Themessageauthenticationcodeissentalongwiththemessage.Thereceivercomputesthe
messageauthenticationcodeonthereceivedmessageusingthesamekeyandHMACfunctionasthesenderused.Then
thereceivercomparestheresultthatiscomputedwiththereceivedmessageauthenticationcode.Ifthetwovaluesmatch,
themessagehasbeencorrectlyreceivedandthereceiverisassuredthatthesenderisamemberofthecommunityof
usersthatsharethekey.ThecryptographicstrengthoftheHMACdependsuponthecryptographicstrengthofthe
underlyinghashfunction,onthesizeandqualityofthekey,andonthesizeofthehashoutputlengthinbits.

TherearetwocommonHMACalgorithms:

MD5Usesa128bitsharedsecretkey.Thevariablelengthmessageand128bitsharedsecretkeyarecombined
andrunthroughtheHMACMD5hashalgorithm.Theoutputisa128bithash.Thehashisappendedtotheoriginal
messageandforwardedtotheremoteend.

SHASHA1usesa160bitsecretkey.Thevariablelengthmessageandthe160bitsharedsecretkeyarecombined
andrunthroughtheHMACSHA1hashalgorithm.Theoutputisa160bithash.Thehashisappendedtotheoriginal
messageandforwardedtotheremoteend.

Note:CiscoIOSalsosupports,256bit,384bit,and512bitSHAimplementations.
Authentication
IPsecVPNssupportauthentication.Whenconductingbusinesslongdistance,itisnecessarytoknowwhoisattheother
endofthephone,email,orfax.ThesameistrueofVPNnetworks.ThedeviceontheotherendoftheVPNtunnelmustbe
authenticatedbeforethecommunicationpathisconsideredsecure,asindicatedinthefigure.Therearetwopeer
authenticationmethods:

PSKAsecretkeythatissharedbetweenthetwopartiesusingasecurechannelbeforeitneedstobeused.
Presharedkeys(PSKs)usesymmetrickeycryptographicalgorithms.APSKisenteredintoeachpeermanuallyand
isusedtoauthenticatethepeer.Ateachend,thePSKiscombinedwithotherinformationtoformtheauthentication
key.

RSAsignaturesDigitalcertificatesareexchangedtoauthenticatepeers.Thelocaldevicederivesahashand
encryptsitwithitsprivatekey.Theencryptedhash,ordigitalsignature,isattachedtothemessageandforwardedto
theremoteend.Attheremoteend,theencryptedhashisdecryptedusingthepublickeyofthelocalend.Ifthe
decryptedhashmatchestherecomputedhash,thesignatureisgenuine.

IPsecusesRSA(publickeycryptosystem)forauthenticationinthecontextofIKE.TheRSAsignaturemethodusesa
digitalsignaturesetupinwhicheachdevicedigitallysignsasetofdataandsendsittotheotherparty.RSAsignaturesuse
acertificateauthority(CA)togenerateauniqueidentitydigitalcertificatethatisassignedtoeachpeerforauthentication.
TheidentitydigitalcertificateissimilarinfunctiontoaPSK,butprovidesmuchstrongersecurity.Eachinitiatorand
respondertoanIKEsessionusingRSAsignaturessendsitsownIDvalue,itsidentitydigitalcertificate,andanRSA
signaturevalueconsistingofavarietyofIKEvalues,allencryptedbythenegotiatedIKEencryptionmethod(suchasAES).
TheDigitalSignatureAlgorithm(DSA)isanotheroptionforauthentication.
Asstatedearlier,theIPsecprotocolframeworkdescribesthemessagingtosecurethecommunications,butitrelieson
existingalgorithms.
TherearetwomainIPsecprotocolsdepictedinFigure1:

AuthenticationHeader(AH)AHistheappropriateprotocoltousewhenconfidentialityisnotrequiredorpermitted.
ItprovidesdataauthenticationandintegrityforIPpacketsthatarepassedbetweentwosystems.However,AHdoes
notprovidedataconfidentiality(encryption)ofpackets.Alltextistransportedinplaintext.Usedalone,theAHprotocol
providesweakprotection.

EncapsulatingSecurityPayload(ESP)Asecurityprotocolthatprovidesconfidentialityandauthenticationby
encryptingtheIPpacket.IPpacketencryptionconcealsthedataandtheidentitiesofthesourceanddestination.ESP
authenticatestheinnerIPpacketandESPheader.Authenticationprovidesdataoriginauthenticationanddata

integrity.AlthoughbothencryptionandauthenticationareoptionalinESP,ataminimum,oneofthemmustbe
selected.
Figure2illustratesthecomponentsofIPsecconfiguration.TherearefourbasicbuildingblocksoftheIPsecframeworkthat
mustbeselected.

IPsecframeworkprotocolWhenconfiguringanIPsecgatewaytoprovidesecurityservices,anIPsecprotocolmust
beselected.ThechoicesaresomecombinationofESPandAH.Realistically,theESPorESP+AHoptionsare
almostalwaysselectedbecauseAHitselfdoesnotprovideencryption,asshowninFigure3.

Confidentiality(IfIPsecisimplementedwithESP)Theencryptionalgorithmchosenshouldbestmeetthedesired
levelofsecurity:DES,3DES,orAES.AESisstronglyrecommended,withAESGCMprovidingthegreatestsecurity.

IntegrityGuaranteesthatthecontenthasnotbeenalteredintransit.Implementedthroughtheuseofhash
algorithms.ChoicesincludeMD5andSHA.

AuthenticationRepresentshowdevicesoneitherendoftheVPNtunnelareauthenticated.Thetwomethodsare
PSKorRSA.

DHalgorithmgroupRepresentshowasharedsecretkeyisestablishedbetweenpeers.Thereareseveraloptions,
butDH24providesthegreatestsecurity.

Itisthecombinationofthesebuildingblocksthatprovidestheconfidentiality,integrity,andauthenticationoptionsforIPsec
VPNs.
Note:ThissectionintroducedIPsectoprovideanunderstandingofhowIPsecsecuresVPNtunnels.ConfiguringIPsec
VPNsarebeyondthescopeofthiscourse.

RemoteaccessVPNSolutions
VPNshavebecomethelogicalsolutionforremoteaccess
connectivityformanyreasons.VPNsprovidesecurecommunications
withaccessrightstailoredtoindividualusers,suchasemployees,
contractors,andpartners.Theyalsoenhanceproductivityby
extendingthecorporatenetworkandapplicationssecurelywhile
reducingcommunicationcostsandincreasingflexibility.
UsingVPNtechnology,employeescanessentiallytaketheiroffice
withthem,includingaccesstoemailsandnetworkapplications.
VPNscanalsoallowcontractorsandpartnerstohavelimitedaccess
tothespecificservers,webpages,orfilesrequired.Thisnetwork
accessallowsthemtocontributetobusinessproductivitywithout
compromisingnetworksecurity.
TherearetwoprimarymethodsfordeployingremoteaccessVPNs:

SecureSocketsLayer(SSL)

IPSecurity(IPsec)

ThetypeofVPNmethodimplementedisbasedontheaccess
requirementsoftheusersandtheorganizationsITprocesses.

BothIPsecandSSLVPNtechnologiesofferaccesstovirtuallyanynetworkapplicationorresource.SSLVPNsoffersuch
featuresaseasyconnectivityfromnoncompanymanageddesktops,littleornodesktopsoftwaremaintenance,and
usercustomizedwebportalsuponlogin.
CiscoIOSSSLVPNistheindustrysfirstrouterbasedSSLVPNsolution.Itoffersanywhereconnectivitynotonlyfrom
companymanagedresource,butalsofromemployeeownedPCs,contractororbusinesspartnerdesktops,andInternet
kiosks.
TheSSLprotocolsupportsvariouscryptographicalgorithmsforoperations,suchasauthenticatingtheserverandclientto
eachother,transmittingcertificates,andestablishingsessionkeys.CiscoSSLVPNsolutionscanbecustomizedfor
businessesofanysize.Thesesolutionsdelivermanyremoteaccessconnectivityfeaturesandbenefits,including:

Webbased,clientlessaccessandcompletenetworkaccesswithoutpreinstalleddesktopsoftware.Thisfacilitates
customizedremoteaccessbasedonuserandsecurityrequirements,anditminimizesdesktopsupportcosts.

Protectionagainstviruses,worms,spyware,andhackersonaVPNconnectionbyintegratingnetworkandendpoint
securityintheCiscoSSLVPNplatform.Thisreducescostandmanagementcomplexitybyeliminatingtheneedfor
additionalsecurityequipmentandmanagementinfrastructure.

UseofasingledeviceforbothSSLVPNandIPsecVPN.Thisreducescostandmanagementcomplexityby
facilitatingrobustremoteaccessandsitetositeVPNservicesfromasingleplatformwithunifiedmanagement.

CiscoIOSSSLVPNisatechnologythatprovidesremoteaccessbyusingawebbrowserandthewebbrowsersnative
SSLencryption.Alternatively,itcanprovideremoteaccessusingtheCiscoAnyConnectSecureMobilityClientsoftware.
TheCiscoASAprovidestwomaindeploymentmodesthatarefoundinCiscoSSLVPNsolutions,asshowninthefigure:

CiscoAnyConnectSecureMobilityClientwithSSLRequirestheCiscoAnyConnectClient

CiscoSecureMobilityClientlessSSLVPNRequiresaninternetbrowser

TheCiscoASAmustbeconfiguredtosupporttheSSLVPNconnection.

CiscoAnyConnectSecureMobilityClientwithSSL
ClientBasedSSLVPNsprovideauthenticateduserswithLANlike,fullnetworkaccesstocorporateresources.However,
theremotedevicesrequireaclientapplication,suchastheCiscoVPNClientorthenewerAnyConnectclienttobeinstalled
ontheenduserdevice.
InabasicCiscoASAconfiguredforfulltunnelingandaremoteaccessSSLVPNsolution,remoteusersusetheCisco
AnyConnectSecureMobilityClient,showninFigure1,toestablishanSSLtunnelwiththeCiscoASA.AftertheCiscoASA
establishestheVPNwiththeremoteuser,theremoteusercanforwardIPtrafficintotheSSLtunnel.TheCisco
AnyConnectSecureMobilityClientcreatesavirtualnetworkinterfacetoprovidethisfunctionality.Theclientcanuseany
applicationtoaccessanyresource,subjecttoaccessrules,behindtheCiscoASAVPNgateway.
CiscoSecureMobilityClientlessSSLVPN
TheclientlessSSLVPNdeploymentmodelenablescorporationstoprovideaccesstocorporateresourcesevenwhenthe
remotedeviceisnotcorporatelymanaged.Inthisdeploymentmodel,theCiscoASAisusedasaproxydevicetonetwork
resources.Itprovidesawebportalinterfaceforremotedevicestonavigatethenetworkusingportforwardingcapabilities.
InabasicCiscoASAclientlessSSLVPNsolution,remoteusersemployastandardwebbrowsertoestablishanSSL
sessionwiththeCiscoASA,asshowninFigure2.TheCiscoASApresentstheuserwithawebportaloverwhichtheuser
canaccessinternalresources.Inthebasicclientlesssolution,theusercanaccessonlysomeservices,suchasinternal
webapplications,andbrowserbased,filesharingresources,asshowninFigure3.
ManyapplicationsrequirethesecurityofanIPsecremoteaccessVPNconnectionforauthenticationandencryptionof
data.WhendeployingVPNsfortelecommutersandsmallbranchoffices,easeofdeploymentiscriticaliftechnical
resourcesarenotavailableforVPNconfigurationonaremotesiterouter.
TheCiscoEasyVPNsolutionfeatureoffersflexibility,scalability,andeaseofuseforbothsitetositeandremoteaccess
IPsecVPNs.TheCiscoEasyVPNsolutionconsistsofthreecomponents:

CiscoEasyVPNServerACiscoIOSrouterorCiscoASAFirewallactingastheVPNheadenddeviceinsitetosite
orremoteaccessVPNs.

CiscoEasyVPNRemoteACiscoIOSrouterorCiscoASAFirewallactingasaremoteVPNclient.

CiscoVPNClientAnapplicationsupportedonaPCusedtoaccessaCiscoVPNserver.

UsingtheCiscoEasyVPNservermakesitpossibleformobileandremoteworkersusingaVPNClientontheirPCs,or
usingCiscoEasyVPNRemoteonanedgerouter,tocreatesecureIPsectunnelstoaccesstheirheadquarters'intranet,as
showninthefigure.
CiscoEasyVPNServer
TheCiscoEasyVPNServermakesitpossibleformobileandremoteworkersusingVPNClientsoftwareontheirPCsto
createsecureIPsectunnelstoaccesstheirheadquarters'intranetwherecriticaldataandapplicationsexist.Itenables
CiscoIOSroutersandCiscoASAFirewallstoactasVPNheadenddevicesinsitetositeorremoteaccessVPNs.
RemoteofficedevicesusetheCiscoEasyVPNRemotefeatureortheCiscoVPNClientapplicationtoconnecttothe
server,whichthenpushesdefinedsecuritypoliciestotheremoteVPNdevice.Thisensuresthatthoseconnectionshave
uptodatepoliciesinplacebeforetheconnectionisestablished.

CiscoEasyVPNRemote
TheCiscoEasyVPNRemoteenablesCiscoIOSroutersorsoftwareclientstoactasremoteVPNclients.Thesedevices
canreceivesecuritypoliciesfromaCiscoEasyVPNServer,minimizingVPNconfigurationrequirementsattheremote
location.ThiscosteffectivesolutionisidealforremoteofficeswithlittleITsupportorforlargecustomerpremisesequipment
(CPE)deploymentswhereitisimpracticaltoindividuallyconfiguremultipleremotedevices.
ThefigureshowsthreenetworkdeviceswithEasyVPNRemoteenabled,allconnectingtoanEasyVPNserverfor
configurationparameters.
CiscoVPNClient
TheCiscoVPNClientissimpletodeployandoperate.Itallowsorganizationstoestablishendtoend,encryptedVPN
tunnelsforsecureconnectivityformobileemployeesortelecommuters.
ToinitiateanIPsecconnectionusingtheCiscoVPNclient,alltheusermustdoisopentheCiscoVPNclientwindow,as
showninFigure1.TheCiscoVPNclientapplicationliststheavailablepreconfiguredsites.Theuserdoubleclicksasiteto
selectitandtheVPNclientinitiatestheIPsecconnection.Intheuserauthenticationdialogbox,theuserisauthenticated
withausernameandpassword,asshowninFigure2.Afterauthentication,theCiscoVPNClientdisplaysaconnected
status.
MostoftheVPNparametersaredefinedontheCiscoIOSEasyVPNServertosimplifydeployment.Afteraremoteclient
initiatesaVPNtunnelconnection,theCiscoEasyVPNServerpushestheIPsecpoliciestotheclient,minimizing
configurationrequirementsattheremotelocation.
Thissimpleandhighlyscalablesolutionisidealforlargeremoteaccessdeploymentswhereitisimpracticaltoconfigure
policiesindividuallyformultipleremotePCs.Thisarchitecturealsoensuresthatthoseconnectionsareusinguptodate
securitypoliciesandeliminatestheoperationalcostsassociatedwithmaintainingaconsistentpolicyandkeymanagement
method.
Note:ConfiguringtheCiscoVPNclientisbeyondthescopeofthiscourse.Checkwww.cisco.comformoreinformation.
BothIPsecandSSLVPNtechnologiesofferaccesstovirtuallyanynetworkapplicationorresource,asshowninthefigure.
SSLVPNsoffersuchfeaturesaseasyconnectivityfromnoncompanymanageddesktops,littleornodesktopsoftware
maintenance,andusercustomizedwebportalsuponlogin.
IPsecexceedsSSLinmanysignificantways:

Numberofapplicationsthataresupported

Strengthofencryption

Strengthofauthentication

Overallsecurity

Whensecurityisanissue,IPsecisthesuperiorchoice.Ifsupportandeaseofdeploymentaretheprimaryissues,consider
SSL.
IPsecandSSLVPNarecomplementarybecausetheysolvedifferentproblems.Dependingonitsneeds,anorganization
canimplementoneorboth.ThiscomplementaryapproachallowsasingledevicesuchasanISRrouteroranASAfirewall
appliancetoaddressallremoteaccessuserrequirements.WhilemanysolutionsoffereitherIPsecorSSL,Cisco

remoteaccessVPNsolutionsofferbothtechnologiesintegratedonasingleplatformwithunifiedmanagement.Offeringboth
IPsecandSSLtechnologiesenablesorganizationstocustomizetheirremoteaccessVPNwithoutanyadditionalhardware
ormanagementcomplexity.

VPNsareusedtocreateasecureendtoendprivatenetworkconnectionoverathirdpartynetwork,suchastheInternet.A
sitetositeVPNusesaVPNgatewaydeviceattheedgeofbothsites.TheendhostsareunawareoftheVPNandhaveno
additionalsupportingsoftware.
AremoteaccessVPNrequiressoftwaretobeinstalledontheindividualhostdevicethataccessesthenetworkfroma
remotelocation.ThetwotypesofremoteaccessVPNsareSSLandIPsec.SSLtechnologycanprovideremoteaccess
usingaclientswebbrowserandthebrowsersnativeSSLencryption.UsingCiscoAnyConnectsoftwareontheclient,
userscanhaveLANlike,fullnetworkaccessusingSSL.
GREisabasic,nonsecuresitetositeVPNtunnelingprotocolthatcanencapsulateawidevarietyofprotocolpackettypes
insideIPtunnels,thusallowinganorganizationtodeliverotherprotocolsthroughanIPbasedWAN.Todayitisprimarily
usedtodeliverIPmulticasttrafficorIPv6trafficoveranIPv4unicastonlyconnection.
IPsec,anIETFstandard,isasecuretunneloperatingatLayer3oftheOSImodelthatcanprotectandauthenticateIP
packetsbetweenIPsecpeers.Itcanprovideconfidentialitybyusingencryption,dataintegrity,authentication,and
antireplayprotection.Dataintegrityisprovidedbyusingahashalgorithm,suchasMD5orSHA.Authenticationisprovided
bythePSKorRSApeerauthenticationmethod.
Thelevelofconfidentialityprovidedbyencryptiondependsonthealgorithmusedandthekeylength.Encryptioncanbe
symmetricalorasymmetrical.DHisamethodusedtosecurelyexchangethekeystoencryptdata.