01-15-2014 07:11 PM - edited 03-11-2019 08:30 PM
May I know. I have following IPSEC vpn configuration for remote client works well. I have a question. I have work well with or without "crypto dynamic-map vpn 1 set pfs group1" statement command. What is that "pfs group1" meaning and functioning when ipsec remote connection connecting or connected?
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto dynamic-map vpn 1 set pfs group1
crypto dynamic-map vpn 1 set ikev1 transform-set ESP-AES-128-SHA
crypto map vpn_map 1 ipsec-isakmp dynamic vpn
crypto map vpn_map interface outside
Solved! Go to Solution.
01-15-2014 07:47 PM
PFS is short for Perfect Forward Secrecy. When negotiating IPSec (Phase 2) Security Associations (SA's) the 2 endpoint will negotiate a new IKE (Phase 1) key ensuring the same key is not re-used.
If you do not enable PFS the 2 endpoints will simply re-use the keys during Phase 2/IPSec SA negotiations.
Hope this helps.
--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/
01-15-2014 08:05 PM
PFS makes it tougher to compromise the keys used to for SA's
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
Perfect Forward Secrecy (PFS)
—PFS ensures that a given IPsec SA key was not derived from any other secret, like some other keys. In other words, if someone breaks a key, PFS ensures that the attacker is not able to derive any other key. If PFS is not enabled, someone can potentially break the IKE SA secret key, copy all the IPsec protected data, and then use knowledge of the IKE SA secret in order to compromise the IPsec SAs setup by this IKE SA. With PFS, breaking IKE does not give an attacker immediate access to IPsec. The attacker needs to break each IPsec SA individually. The Cisco IOS IPsec implementation uses PFS group 1 (D-H 768 bit) by default.
PFS Groups 1, 2, 5 are different levels of encryption. I found the following table in a configuration guide
Specifies the Diffie-Hellman (DH) group identifier.
The group chosen must be strong enough (have enough bits) to protect the IPsec keys during negotiation. A generally accepted guideline recommends the use of a 2048-bit group after 2013 (until 2030). Group 14 or higher (where possible) can be selected to meet this guideline. Even if a longer-lived security method is needed, the use of Elliptic Curve Cryptography is recommended, but group 15 and group 16 can also be considered.
--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/
01-15-2014 07:47 PM
PFS is short for Perfect Forward Secrecy. When negotiating IPSec (Phase 2) Security Associations (SA's) the 2 endpoint will negotiate a new IKE (Phase 1) key ensuring the same key is not re-used.
If you do not enable PFS the 2 endpoints will simply re-use the keys during Phase 2/IPSec SA negotiations.
Hope this helps.
--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/
01-15-2014 07:57 PM
may i know what is the advantage to enable using PFS not to re-used same key ?
and PFS have group1 - 5, what is the difference ?
01-15-2014 08:05 PM
PFS makes it tougher to compromise the keys used to for SA's
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
Perfect Forward Secrecy (PFS)
—PFS ensures that a given IPsec SA key was not derived from any other secret, like some other keys. In other words, if someone breaks a key, PFS ensures that the attacker is not able to derive any other key. If PFS is not enabled, someone can potentially break the IKE SA secret key, copy all the IPsec protected data, and then use knowledge of the IKE SA secret in order to compromise the IPsec SAs setup by this IKE SA. With PFS, breaking IKE does not give an attacker immediate access to IPsec. The attacker needs to break each IPsec SA individually. The Cisco IOS IPsec implementation uses PFS group 1 (D-H 768 bit) by default.
PFS Groups 1, 2, 5 are different levels of encryption. I found the following table in a configuration guide
Specifies the Diffie-Hellman (DH) group identifier.
The group chosen must be strong enough (have enough bits) to protect the IPsec keys during negotiation. A generally accepted guideline recommends the use of a 2048-bit group after 2013 (until 2030). Group 14 or higher (where possible) can be selected to meet this guideline. Even if a longer-lived security method is needed, the use of Elliptic Curve Cryptography is recommended, but group 15 and group 16 can also be considered.
--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide