Solved: ASA IPSEC vpn client configuration

alan-wong · ‎01-15-2014

May I know. I have following IPSEC vpn configuration for remote client works well. I have a question. I have work well with or without "crypto dynamic-map vpn 1 set pfs group1" statement command. What is that "pfs group1" meaning and functioning when ipsec remote connection connecting or connected?

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto dynamic-map vpn 1 set pfs group1
crypto dynamic-map vpn 1 set ikev1 transform-set ESP-AES-128-SHA
crypto map vpn_map 1 ipsec-isakmp dynamic vpn
crypto map vpn_map interface outside

SOcchiogrosso · ‎01-15-2014

PFS is short for Perfect Forward Secrecy. When negotiating IPSec (Phase 2) Security Associations (SA's) the 2 endpoint will negotiate a new IKE (Phase 1) key ensuring the same key is not re-used.

If you do not enable PFS the 2 endpoints will simply re-use the keys during Phase 2/IPSec SA negotiations.

Hope this helps.

--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/

View solution in original post

SOcchiogrosso · ‎01-15-2014

PFS makes it tougher to compromise the keys used to for SA's

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Perfect Forward Secrecy (PFS)

—PFS ensures that a given IPsec SA key was not derived from any other secret, like some other keys. In other words, if someone breaks a key, PFS ensures that the attacker is not able to derive any other key. If PFS is not enabled, someone can potentially break the IKE SA secret key, copy all the IPsec protected data, and then use knowledge of the IKE SA secret in order to compromise the IPsec SAs setup by this IKE SA. With PFS, breaking IKE does not give an attacker immediate access to IPsec. The attacker needs to break each IPsec SA individually. The Cisco IOS IPsec implementation uses PFS group 1 (D-H 768 bit) by default.

PFS Groups 1, 2, 5 are different levels of encryption. I found the following table in a configuration guide

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ikevpn/configuration/15-2mt/sec-key-exch-ipsec.html

Specifies the Diffie-Hellman (DH) group identifier.

By default, DH group 1 is used.
- 1--768-bit DH (No longer recommended.)
- 2--1024-bit DH (No longer recommended)
- 5--1536-bit DH (No longer recommended)
- 14--Specifies the 2048-bit DH group.
- 15--Specifies the 3072-bit DH group.
- 16--Specifies the 4096-bit DH group.
- 19--Specifies the 256-bit elliptic curve DH (ECDH) group.
- 20--Specifies the 384-bit ECDH group.
- 24--Specifies the 2048-bit DH/DSA group.

The group chosen must be strong enough (have enough bits) to protect the IPsec keys during negotiation. A generally accepted guideline recommends the use of a 2048-bit group after 2013 (until 2030). Group 14 or higher (where possible) can be selected to meet this guideline. Even if a longer-lived security method is needed, the use of Elliptic Curve Cryptography is recommended, but group 15 and group 16 can also be considered.

--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/

View solution in original post

SOcchiogrosso · ‎01-15-2014

PFS is short for Perfect Forward Secrecy. When negotiating IPSec (Phase 2) Security Associations (SA's) the 2 endpoint will negotiate a new IKE (Phase 1) key ensuring the same key is not re-used.

If you do not enable PFS the 2 endpoints will simply re-use the keys during Phase 2/IPSec SA negotiations.

Hope this helps.

--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/

alan-wong · ‎01-15-2014

may i know what is the advantage to enable using PFS not to re-used same key ?

and PFS have group1 - 5, what is the difference ?

SOcchiogrosso · ‎01-15-2014

PFS makes it tougher to compromise the keys used to for SA's

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Perfect Forward Secrecy (PFS)

—PFS ensures that a given IPsec SA key was not derived from any other secret, like some other keys. In other words, if someone breaks a key, PFS ensures that the attacker is not able to derive any other key. If PFS is not enabled, someone can potentially break the IKE SA secret key, copy all the IPsec protected data, and then use knowledge of the IKE SA secret in order to compromise the IPsec SAs setup by this IKE SA. With PFS, breaking IKE does not give an attacker immediate access to IPsec. The attacker needs to break each IPsec SA individually. The Cisco IOS IPsec implementation uses PFS group 1 (D-H 768 bit) by default.

PFS Groups 1, 2, 5 are different levels of encryption. I found the following table in a configuration guide

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ikevpn/configuration/15-2mt/sec-key-exch-ipsec.html

Specifies the Diffie-Hellman (DH) group identifier.

By default, DH group 1 is used.
- 1--768-bit DH (No longer recommended.)
- 2--1024-bit DH (No longer recommended)
- 5--1536-bit DH (No longer recommended)
- 14--Specifies the 2048-bit DH group.
- 15--Specifies the 3072-bit DH group.
- 16--Specifies the 4096-bit DH group.
- 19--Specifies the 256-bit elliptic curve DH (ECDH) group.
- 20--Specifies the 384-bit ECDH group.
- 24--Specifies the 2048-bit DH/DSA group.

The group chosen must be strong enough (have enough bits) to protect the IPsec keys during negotiation. A generally accepted guideline recommends the use of a 2048-bit group after 2013 (until 2030). Group 14 or higher (where possible) can be selected to meet this guideline. Even if a longer-lived security method is needed, the use of Elliptic Curve Cryptography is recommended, but group 15 and group 16 can also be considered.

--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/