cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14143
Views
35
Helpful
1
Comments
pkupisie
Cisco Employee
Cisco Employee

[toc:faq]

1. Introduction

Purpose of this blog post is to have one point at wchich you will find information about what is going in which packet of IKEv2 negotation.

IKEv2 establishing contains three main phases:

- IKE_SA_INIT

- IKE_AUTH

- CREATE_CHILD_SA

First two are known as Phase 1 and they usually contains for messages and CREATE_CHILD_SA is called Phase 2.

Notation used later (from RFC 4306):

   AUTH      Authentication

   CERT      Certificate

   CERTREQ   Certificate Request

   CP        Configuration

   D         Delete

   E         Encrypted

   EAP       Extensible Authentication

   HDR       IKE Header

   IDi       Identification - Initiator

   IDr       Identification - Responder

   KE        Key Exchange

   Ni, Nr    Nonce

   N         Notify

   SA        Security Association

   TSi       Traffic Selector - Initiator

   TSr       Traffic Selector - Responder

   V         Vendor ID

Phase 1

Message 1

HDR, SAi1, KEi, Ni   -->

From RFC 4306:

HDR contains the Security Parameter Indexes (SPIs), version numbers, and flags of various sorts.  The SAi1 payload states the cryptographic algorithms the initiator supports for the IKE_SA.  The KE payload sends the initiator's Diffie-Hellman value.  Ni is the initiator's nonce.

We can see the difference between IKEv1 main-mode in which DH KE and Nonce were sent in packets 3 and 4.

Message 2

                            <--    HDR, SAr1, KEr, Nr, [CERTREQ]

From RFC 4306:

The responder chooses a cryptographic suite from the initiator's offered choices and expresses that choice in the SAr1 payload, completes the Diffie-Hellman exchange with the KEr payload, and sends its nonce in the Nr payload

Message 3

  HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,] AUTH, SAi2, TSi, TSr}     -->

SK { ... } is the indicator that data has been encrypted by keys derived from DH.

From RFC 4306:

 The initiator asserts its identity with the IDi payload, proves knowledge of the secret corresponding to IDi and integrity protects the contents of the first message using the AUTH payload. It might also send its certificate(s) in CERT payload(s) and a list of its trust anchors in CERTREQ payload(s).  If any CERT payloads are included, the first certificate provided MUST contain the public key used to verify the AUTH field.  The optional payload IDr enables the initiator to specify which of the responder's identities it wants to talk to.  This is useful when the machine on which the responder is running is hosting multiple identities at the same IP address.  The initiator begins negotiation of a CHILD_SA using the SAi2 payload.

Message 4

<--    HDR, SK {IDr, [CERT,] AUTH, SAr2, TSi, TSr}

From RFC 4306:

The responder asserts its identity with the IDr payload, optionally sends one or more certificates (again with the certificate containing the public key used to verify AUTH listed first), authenticates its identity and protects the integrity of the second message with the AUTH payload, and completes negotiation of a CHILD_SA with the additional fields described below in the CREATE_CHILD_SA exchange.

The recipients of messages 3 and 4 MUST verify that all signatures and MACs are computed correctly and that the names in the ID payloads correspond to the keys used to generate the AUTH payload.

Phase 2

Since this phase can be initiated by different side that Phase 1 please take it considaration here that initiator maybe different host that for Phase1.

Request:

   HDR, SK {[N], SA, Ni, [KEi], [TSi, TSr]}             -->

From RFC 4306:

The initiator sends SA offer(s) in the SA payload, a nonce in the Ni payload, optionally a Diffie-Hellman value in the KEi payload, and the proposed traffic selectors in the TSi and TSr payloads. 

Response:

   <--    HDR, SK {SA, Nr, [KEr], [TSi, TSr]}

From RFC 4306:

The responder replies (using the same Message ID to respond) with the accepted offer in an SA payload, and a Diffie-Hellman value in the KEr payload if KEi was included in the request and the selected cryptographic suite includes that group

IOS Debugs

Let's take a look how it looks on IOS (from initiator perspective).

I am using debug crypto ikev2 packets

Message1

*Nov 12 07:59:59.896: IKEv2:% Getting preshared key from profile keyring KEY

*Nov 12 07:59:59.896: IKEv2:% Matched peer block 'R2'

*Nov 12 07:59:59.896: IKEv2:Searching Policy with fvrf 0, local address 172.16.1.1

*Nov 12 07:59:59.896: IKEv2:Found Policy '10'

*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 2

*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED

*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):Request queued for computation of DH key

*Nov 12 07:59:59.896: IKEv2:IKEv2 initiator - no config data to send in IKE_SA_INIT exch

*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):Generating IKE_SA_INIT message

*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation),

Num. transforms: 4

   3DES   MD5   MD596   DH_GROUP_1024_MODP/Group 2

*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):Sending Packet [To 172.16.1.2:500/From 172.16.1.1:500/VRF i0:f0]

Initiator SPI : C34ACEF58BA75985 - Responder SPI : 0000000000000000 Message id: 0

IKEv2 IKE_SA_INIT Exchange REQUEST

*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 332

Payload contents:

SA  Next payload: KE, reserved: 0x0, length: 44

  last proposal: 0x0, reserved: 0x0, length: 40

  Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4    last transform: 0x3, reserved: 0x0: length: 8

    type: 1, reserved: 0x0, id: 3DES

    last transform: 0x3, reserved: 0x0: length: 8

    type: 2, reserved: 0x0, id: MD5

    last transform: 0x3, reserved: 0x0: length: 8

    type: 3, reserved: 0x0, id: MD596

    last transform: 0x0, reserved: 0x0: length: 8

    type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2

KE  Next payload: N, reserved: 0x0, length: 136

    DH group: 2, Reserved: 0x0

N  Next payload: VID, reserved: 0x0, length: 24

VID  Next payload: VID, reserved: 0x0, length: 23

VID  Next payload: NOTIFY, reserved: 0x0, length: 21

NOTIFY(NAT_DETECTION_SOURCE_IP)  Next payload: NOTIFY, reserved: 0x0, length: 28

    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP

NOTIFY(NAT_DETECTION_DESTINATION_IP)  Next payload: NONE, reserved: 0x0, length: 28

    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP

*Nov 12 07:59:59.897: IKEv2:(SA ID = 1):Insert SA

Message2

*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Received Packet [From 172.16.1.2:500/To 172.16.1.1:500/VRF i0:f0]

Initiator SPI : C34ACEF58BA75985 - Responder SPI : 15E76A8BBE820A0C Message id: 0

IKEv2 IKE_SA_INIT Exchange RESPONSE

*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE Message id: 0, length: 445

Payload contents:

SA  Next payload: KE, reserved: 0x0, length: 44

  last proposal: 0x0, reserved: 0x0, length: 40

  Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4    last transform: 0x3, reserved: 0x0: length: 8

    type: 1, reserved: 0x0, id: 3DES

    last transform: 0x3, reserved: 0x0: length: 8

    type: 2, reserved: 0x0, id: MD5

    last transform: 0x3, reserved: 0x0: length: 8

    type: 3, reserved: 0x0, id: MD596

    last transform: 0x0, reserved: 0x0: length: 8

    type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2

KE  Next payload: N, reserved: 0x0, length: 136

    DH group: 2, Reserved: 0x0

N  Next payload: VID, reserved: 0x0, length: 24

VID  Next payload: VID, reserved: 0x0, length: 23

VID  Next payload: NOTIFY, reserved: 0x0, length: 21

NOTIFY(NAT_DETECTION_SOURCE_IP)  Next payload: NOTIFY, reserved: 0x0, length: 28

    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP

NOTIFY(NAT_DETECTION_DESTINATION_IP)  Next payload: CERTREQ, reserved: 0x0, length: 28

    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP

CERTREQ  Next payload: NOTIFY, reserved: 0x0, length: 105

    Cert encoding Hash and URL of PKIX

NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED)  Next payload: NONE, reserved: 0x0, length: 8

    Security protocol id: IKE, spi size: 0, type: HTTP_CERT_LOOKUP_SUPPORTED

*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message

*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Verify SA init message

*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message

*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Checking NAT discovery

*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):NAT not found

*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 2

*Nov 12 07:59:59.911: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Request queued for computation of DH secret

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Completed SA init exchange

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Check for EAP exchange

Message 3

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Generate my authentication data

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Use preshared key for id 172.16.1.1, key len 5

*Nov 12 07:59:59.912: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data

*Nov 12 07:59:59.912: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Get my authentication method

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):My authentication method is 'PSK'

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Check for EAP exchange

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Generating IKE_AUTH message

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Constructing IDi payload: '172.16.1.1' of type 'IPv4 address'

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):ESP Proposal: 1, SPI size: 4 (IPSec negotiation),

Num. transforms: 3

   AES-CBC   SHA96   Don't use ESN

*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Building packet for encryption. 

Payload contents:

VID  Next payload: IDi, reserved: 0x0, length: 20

IDi  Next payload: AUTH, reserved: 0x0, length: 12

    Id type: IPv4 address, Reserved: 0x0 0x0

AUTH  Next payload: SA, reserved: 0x0, length: 24

    Auth method PSK, reserved: 0x0, reserved 0x0

SA  Next payload: TSi, reserved: 0x0, length: 44

  last proposal: 0x0, reserved: 0x0, length: 40

  Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3    last transform: 0x3, reserved: 0x0: length: 12

    type: 1, reserved: 0x0, id: AES-CBC

    last transform: 0x3, reserved: 0x0: length: 8

    type: 3, reserved: 0x0, id: SHA96

    last transform: 0x0, reserved: 0x0: length: 8

    type: 5, reserved: 0x0, id: Don't use ESN

TSi  Next payload: TSr, reserved: 0x0, length: 40

    Num of TSs: 2, reserved 0x0, reserved 0x0

    TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16

    start port: 0, end port: 65535

    start addr: 1.1.1.1, end addr: 1.1.1.1

    TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16

    start port: 0, end port: 65535

    start addr: 1.1.1.1, end addr: 1.1.1.1

TSr  Next payload: NOTIFY, reserved: 0x0, length: 40

    Num of TSs: 2, reserved 0x0, reserved 0x0

    TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16

    start port: 0, end port: 65535

    start addr: 2.2.2.2, end addr: 2.2.2.2

    TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16

    start port: 0, end port: 65535

    start addr: 2.2.2.2, end addr: 2.2.2.2

NOTIFY(INITIAL_CONTACT)  Next payload: NOTIFY, reserved: 0x0, length: 8

    Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT

NOTIFY(SET_WINDOW_SIZE)  Next payload: NOTIFY, reserved: 0x0, length: 12

    Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE

NOTIFY(ESP_TFC_NO_SUPPORT)  Next payload: NOTIFY, reserved: 0x0, length: 8

    Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT

NOTIFY(NON_FIRST_FRAGS)  Next payload: NONE, reserved: 0x0, length: 8

    Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS

*Nov 12 07:59:59.913: IKEv2:(SA ID = 1):Sending Packet [To 172.16.1.2:500/From 172.16.1.1:500/VRF i0:f0]

Initiator SPI : C34ACEF58BA75985 - Responder SPI : 15E76A8BBE820A0C Message id: 1

IKEv2 IKE_AUTH Exchange REQUEST

*Nov 12 07:59:59.913: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 276

Payload contents:

ENCR  Next payload: VID, reserved: 0x0, length: 248

Message 4

*Nov 12 07:59:59.916: IKEv2:(SA ID = 1):Received Packet [From 172.16.1.2:500/To 172.16.1.1:500/VRF i0:f0]

Initiator SPI : C34ACEF58BA75985 - Responder SPI : 15E76A8BBE820A0C Message id: 1

IKEv2 IKE_AUTH Exchange RESPONSE

*Nov 12 07:59:59.916: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 236

Payload contents:

VID  Next payload: IDr, reserved: 0x0, length: 20

IDr  Next payload: AUTH, reserved: 0x0, length: 12

    Id type: IPv4 address, Reserved: 0x0 0x0

AUTH  Next payload: SA, reserved: 0x0, length: 24

    Auth method PSK, reserved: 0x0, reserved 0x0

SA  Next payload: TSi, reserved: 0x0, length: 44

  last proposal: 0x0, reserved: 0x0, length: 40

  Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3    last transform: 0x3, reserved: 0x0: length: 12

    type: 1, reserved: 0x0, id: AES-CBC

    last transform: 0x3, reserved: 0x0: length: 8

    type: 3, reserved: 0x0, id: SHA96

    last transform: 0x0, reserved: 0x0: length: 8

    type: 5, reserved: 0x0, id: Don't use ESN

TSi  Next payload: TSr, reserved: 0x0, length: 24

    Num of TSs: 1, reserved 0x0, reserved 0x0

    TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16

    start port: 0, end port: 65535

    start addr: 1.1.1.1, end addr: 1.1.1.1

TSr  Next payload: NOTIFY, reserved: 0x0, length: 24

    Num of TSs: 1, reserved 0x0, reserved 0x0

    TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16

    start port: 0, end port: 65535

    start addr: 2.2.2.2, end addr: 2.2.2.2

NOTIFY(SET_WINDOW_SIZE)  Next payload: NOTIFY, reserved: 0x0, length: 12

    Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE

NOTIFY(ESP_TFC_NO_SUPPORT)  Next payload: NOTIFY, reserved: 0x0, length: 8

    Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT

NOTIFY(NON_FIRST_FRAGS)  Next payload: NONE, reserved: 0x0, length: 8

    Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Process auth response notify

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Searching policy based on peer's identity '172.16.1.2' of type 'IPv4 address'

*Nov 12 07:59:59.920: IKEv2:Searching Policy with fvrf 0, local address 172.16.1.1

*Nov 12 07:59:59.920: IKEv2:Found Policy '10'

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Verify peer's policy

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Peer's policy verified

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Get peer's authentication method

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Peer's authentication method is 'PSK'

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Get peer's preshared key for 172.16.1.2

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Verify peer's authentication data

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Use preshared key for id 172.16.1.2, key len 5

*Nov 12 07:59:59.920: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data

*Nov 12 07:59:59.920: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Verification of peer's authenctication data PASSED

*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Check for EAP exchange

*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):Processing IKE_AUTH message

*Nov 12 07:59:59.921: IKEv2:KMI/verify policy/sending to IPSec:

     prot: 3 txfm: 12 hmac 2 flags 8177 keysize 128 IDB 0x0

*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):IKEV2 SA created; inserting SA into database. SA lifetime timer (86400 sec) started

*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):Session with IKE ID PAIR (172.16.1.2, 172.16.1.1) is UP

*Nov 12 07:59:59.921: IKEv2:IKEv2 MIB tunnel started, tunnel index 1

*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):Load IPSEC key material

*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):[IKEv2 -> IPsec] Create IPsec SA into IPsec database

*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):Asynchronous request queued

*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):

*Nov 12 07:59:59.922: IKEv2:(SA ID = 1):[IPsec -> IKEv2] Creation of IPsec SA into IPsec database PASSED

*Nov 12 07:59:59.926: IKEv2:(SA ID = 1):Checking for duplicate IKEv2 SA

*Nov 12 07:59:59.926: IKEv2:(SA ID = 1):No duplicate IKEv2 SA found.

References

RFC 4306 - Internet Key Exchange (IKEv2) Protocol:

http://tools.ietf.org/html/rfc4306

1 Comment
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: