[toc:faq]
Purpose of this blog post is to have one point at wchich you will find information about what is going in which packet of IKEv2 negotation.
IKEv2 establishing contains three main phases:
- IKE_SA_INIT
- IKE_AUTH
- CREATE_CHILD_SA
First two are known as Phase 1 and they usually contains for messages and CREATE_CHILD_SA is called Phase 2.
Notation used later (from RFC 4306):
AUTH Authentication
CERT Certificate
CERTREQ Certificate Request
CP Configuration
D Delete
E Encrypted
EAP Extensible Authentication
HDR IKE Header
IDi Identification - Initiator
IDr Identification - Responder
KE Key Exchange
Ni, Nr Nonce
N Notify
SA Security Association
TSi Traffic Selector - Initiator
TSr Traffic Selector - Responder
V Vendor ID
HDR, SAi1, KEi, Ni -->
From RFC 4306:
HDR contains the Security Parameter Indexes (SPIs), version numbers, and flags of various sorts. The SAi1 payload states the cryptographic algorithms the initiator supports for the IKE_SA. The KE payload sends the initiator's Diffie-Hellman value. Ni is the initiator's nonce.
We can see the difference between IKEv1 main-mode in which DH KE and Nonce were sent in packets 3 and 4.
<-- HDR, SAr1, KEr, Nr, [CERTREQ]
From RFC 4306:
The responder chooses a cryptographic suite from the initiator's offered choices and expresses that choice in the SAr1 payload, completes the Diffie-Hellman exchange with the KEr payload, and sends its nonce in the Nr payload
HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,] AUTH, SAi2, TSi, TSr} -->
SK { ... } is the indicator that data has been encrypted by keys derived from DH.
From RFC 4306:
The initiator asserts its identity with the IDi payload, proves knowledge of the secret corresponding to IDi and integrity protects the contents of the first message using the AUTH payload. It might also send its certificate(s) in CERT payload(s) and a list of its trust anchors in CERTREQ payload(s). If any CERT payloads are included, the first certificate provided MUST contain the public key used to verify the AUTH field. The optional payload IDr enables the initiator to specify which of the responder's identities it wants to talk to. This is useful when the machine on which the responder is running is hosting multiple identities at the same IP address. The initiator begins negotiation of a CHILD_SA using the SAi2 payload.
<-- HDR, SK {IDr, [CERT,] AUTH, SAr2, TSi, TSr}
From RFC 4306:
The responder asserts its identity with the IDr payload, optionally sends one or more certificates (again with the certificate containing the public key used to verify AUTH listed first), authenticates its identity and protects the integrity of the second message with the AUTH payload, and completes negotiation of a CHILD_SA with the additional fields described below in the CREATE_CHILD_SA exchange.
The recipients of messages 3 and 4 MUST verify that all signatures and MACs are computed correctly and that the names in the ID payloads correspond to the keys used to generate the AUTH payload.
Since this phase can be initiated by different side that Phase 1 please take it considaration here that initiator maybe different host that for Phase1.
Request:
HDR, SK {[N], SA, Ni, [KEi], [TSi, TSr]} -->
From RFC 4306:
The initiator sends SA offer(s) in the SA payload, a nonce in the Ni payload, optionally a Diffie-Hellman value in the KEi payload, and the proposed traffic selectors in the TSi and TSr payloads.
Response:
<-- HDR, SK {SA, Nr, [KEr], [TSi, TSr]}
From RFC 4306:
The responder replies (using the same Message ID to respond) with the accepted offer in an SA payload, and a Diffie-Hellman value in the KEr payload if KEi was included in the request and the selected cryptographic suite includes that group
Let's take a look how it looks on IOS (from initiator perspective).
I am using debug crypto ikev2 packets
*Nov 12 07:59:59.896: IKEv2:% Getting preshared key from profile keyring KEY
*Nov 12 07:59:59.896: IKEv2:% Matched peer block 'R2'
*Nov 12 07:59:59.896: IKEv2:Searching Policy with fvrf 0, local address 172.16.1.1
*Nov 12 07:59:59.896: IKEv2:Found Policy '10'
*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 2
*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):Request queued for computation of DH key
*Nov 12 07:59:59.896: IKEv2:IKEv2 initiator - no config data to send in IKE_SA_INIT exch
*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):Generating IKE_SA_INIT message
*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
3DES MD5 MD596 DH_GROUP_1024_MODP/Group 2
*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):Sending Packet [To 172.16.1.2:500/From 172.16.1.1:500/VRF i0:f0]
Initiator SPI : C34ACEF58BA75985 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
*Nov 12 07:59:59.896: IKEv2:(SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 332
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
KE Next payload: N, reserved: 0x0, length: 136
DH group: 2, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 24
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: NOTIFY, reserved: 0x0, length: 21
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NONE, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
*Nov 12 07:59:59.897: IKEv2:(SA ID = 1):Insert SA
*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Received Packet [From 172.16.1.2:500/To 172.16.1.1:500/VRF i0:f0]
Initiator SPI : C34ACEF58BA75985 - Responder SPI : 15E76A8BBE820A0C Message id: 0
IKEv2 IKE_SA_INIT Exchange RESPONSE
*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE Message id: 0, length: 445
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
KE Next payload: N, reserved: 0x0, length: 136
DH group: 2, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 24
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: NOTIFY, reserved: 0x0, length: 21
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: CERTREQ, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
CERTREQ Next payload: NOTIFY, reserved: 0x0, length: 105
Cert encoding Hash and URL of PKIX
NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: HTTP_CERT_LOOKUP_SUPPORTED
*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message
*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Verify SA init message
*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message
*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):Checking NAT discovery
*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):NAT not found
*Nov 12 07:59:59.905: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 2
*Nov 12 07:59:59.911: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Request queued for computation of DH secret
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Completed SA init exchange
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Check for EAP exchange
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Generate my authentication data
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Use preshared key for id 172.16.1.1, key len 5
*Nov 12 07:59:59.912: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
*Nov 12 07:59:59.912: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Get my authentication method
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):My authentication method is 'PSK'
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Check for EAP exchange
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Generating IKE_AUTH message
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Constructing IDi payload: '172.16.1.1' of type 'IPv4 address'
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 3
AES-CBC SHA96 Don't use ESN
*Nov 12 07:59:59.912: IKEv2:(SA ID = 1):Building packet for encryption.
Payload contents:
VID Next payload: IDi, reserved: 0x0, length: 20
IDi Next payload: AUTH, reserved: 0x0, length: 12
Id type: IPv4 address, Reserved: 0x0 0x0
AUTH Next payload: SA, reserved: 0x0, length: 24
Auth method PSK, reserved: 0x0, reserved 0x0
SA Next payload: TSi, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
TSi Next payload: TSr, reserved: 0x0, length: 40
Num of TSs: 2, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16
start port: 0, end port: 65535
start addr: 1.1.1.1, end addr: 1.1.1.1
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 1.1.1.1, end addr: 1.1.1.1
TSr Next payload: NOTIFY, reserved: 0x0, length: 40
Num of TSs: 2, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16
start port: 0, end port: 65535
start addr: 2.2.2.2, end addr: 2.2.2.2
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 2.2.2.2, end addr: 2.2.2.2
NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
NOTIFY(SET_WINDOW_SIZE) Next payload: NOTIFY, reserved: 0x0, length: 12
Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
*Nov 12 07:59:59.913: IKEv2:(SA ID = 1):Sending Packet [To 172.16.1.2:500/From 172.16.1.1:500/VRF i0:f0]
Initiator SPI : C34ACEF58BA75985 - Responder SPI : 15E76A8BBE820A0C Message id: 1
IKEv2 IKE_AUTH Exchange REQUEST
*Nov 12 07:59:59.913: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 276
Payload contents:
ENCR Next payload: VID, reserved: 0x0, length: 248
*Nov 12 07:59:59.916: IKEv2:(SA ID = 1):Received Packet [From 172.16.1.2:500/To 172.16.1.1:500/VRF i0:f0]
Initiator SPI : C34ACEF58BA75985 - Responder SPI : 15E76A8BBE820A0C Message id: 1
IKEv2 IKE_AUTH Exchange RESPONSE
*Nov 12 07:59:59.916: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 236
Payload contents:
VID Next payload: IDr, reserved: 0x0, length: 20
IDr Next payload: AUTH, reserved: 0x0, length: 12
Id type: IPv4 address, Reserved: 0x0 0x0
AUTH Next payload: SA, reserved: 0x0, length: 24
Auth method PSK, reserved: 0x0, reserved 0x0
SA Next payload: TSi, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
TSi Next payload: TSr, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 1.1.1.1, end addr: 1.1.1.1
TSr Next payload: NOTIFY, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 2.2.2.2, end addr: 2.2.2.2
NOTIFY(SET_WINDOW_SIZE) Next payload: NOTIFY, reserved: 0x0, length: 12
Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Process auth response notify
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Searching policy based on peer's identity '172.16.1.2' of type 'IPv4 address'
*Nov 12 07:59:59.920: IKEv2:Searching Policy with fvrf 0, local address 172.16.1.1
*Nov 12 07:59:59.920: IKEv2:Found Policy '10'
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Verify peer's policy
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Peer's policy verified
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Get peer's authentication method
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Peer's authentication method is 'PSK'
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Get peer's preshared key for 172.16.1.2
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Verify peer's authentication data
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Use preshared key for id 172.16.1.2, key len 5
*Nov 12 07:59:59.920: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
*Nov 12 07:59:59.920: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Verification of peer's authenctication data PASSED
*Nov 12 07:59:59.920: IKEv2:(SA ID = 1):Check for EAP exchange
*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):Processing IKE_AUTH message
*Nov 12 07:59:59.921: IKEv2:KMI/verify policy/sending to IPSec:
prot: 3 txfm: 12 hmac 2 flags 8177 keysize 128 IDB 0x0
*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):IKEV2 SA created; inserting SA into database. SA lifetime timer (86400 sec) started
*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):Session with IKE ID PAIR (172.16.1.2, 172.16.1.1) is UP
*Nov 12 07:59:59.921: IKEv2:IKEv2 MIB tunnel started, tunnel index 1
*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):Load IPSEC key material
*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):[IKEv2 -> IPsec] Create IPsec SA into IPsec database
*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):Asynchronous request queued
*Nov 12 07:59:59.921: IKEv2:(SA ID = 1):
*Nov 12 07:59:59.922: IKEv2:(SA ID = 1):[IPsec -> IKEv2] Creation of IPsec SA into IPsec database PASSED
*Nov 12 07:59:59.926: IKEv2:(SA ID = 1):Checking for duplicate IKEv2 SA
*Nov 12 07:59:59.926: IKEv2:(SA ID = 1):No duplicate IKEv2 SA found.
RFC 4306 - Internet Key Exchange (IKEv2) Protocol:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: