Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

What is Nonce in IPSec?

Hi,

I would like to know, what actually is Nonce?

Why do peers have to exchange the Nonce? What is the purpose of Nonce.

Thank you

4 REPLIES

What is Nonce in IPSec?

Hello,

Nonce : a randomly generated number that the initiator sends. This nonce is hashed along with the other items using the agreed key and is sent back. The initiator checks the cookie including the nonce, and rejects any messages which do not have the right nonce. This helps prevent replay since no third party can predict what the randomly generated nonce is going to be.

So that being said I can tell you that the peers exchange this nonce as a authentication method ( to authenticate the remote peer)

So as an example lets say you have a L2L tunnel and the innitiator site sends the isakamp policies previusly configured an a nonce already hashed.

That site will expect to receive a message with the same nonce, if he does not receive  the right one well he will know this is not the right host.

As you can see it also helps for anti-replay purposes.

Regards,

Julio

Do rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

What is Nonce in IPSec?

Thank you.. very much..

Please help me with anti-replay as well

What exactly is anti-replay?

Hall of Fame Super Silver

What is Nonce in IPSec?

Anti-replay means that since the secure exchange used a hashed value of the unique randomly generated nonce, that a later attempt to establish a secure connection derived from having captured (like a man in the middle attack with packet sniffer) and replaying the session establishment would fail since it would not have the (unhashed) nonce value embedded.

Community Member

What is Nonce in IPSec?

The word "Nonce" literally means that it does not recur

The initiator generates a random Nonce and sends a message hashed with that nonce

Initiator will not use that nonce again

5667
Views
5
Helpful
4
Replies
CreatePlease to create content