IPSEC – IKE Phase 1 ISAKMP

IPsec (Internet Protocol Security) is a framework that helps us to protect IP traffic on the network layer.
It can protect our traffic by:

• Confidentiality : It encrypts the data, so that no one can get read our information expect the sender and receiver.
• Integrity : It helps to make sure that no one changes our data in the packet. This is done by using hashing algorithm.
• Authentication : It helps to make sure that we are speaking to the correct person.
• Anti-replay : It helps to avoid any duplicate packet to be received.

• IPSEC is formed with the help of IKE (Internet Key Exchange )
• IKE : It is described as a method for exchanging keys for encryption and authentication over an unsecured medium, such as the Internet.
• IKE will be established based on 2 phases :
  
  • IKE Phase 1 (ISAKMP) –(Internet Security Association and Key Management Protocol.
  • IKE Phase 2 (IPSec)
• IKE Phase 1
  In this phase we are going to negotiate authentication, encryption and Integrity between the two peers.
• IKE Phase 2
  In this Phase Data will be transmitted. IKE Phase 2 will initiate a process only when the phase 1 is Up.

IKE Phase-1 Configuration:

Router-1(config)#crypto isakmp policy 10
Router-1(config-isakmp)# encryption aes
Router-1(config-isakmp)# hash md5
Router-1(config-isakmp)# authentication pre-share 
Router-1(config-isakmp)# group 5
žRouter-1(config)#crypto isakmp key <Authentication-Preshare-Key> address <Peer IP> 

Authentication : Pre-share key is used. To make sure we are speaking to the correct person. It has to match on both sides.
Encryption : Encryption algorithm is AES / 3DES or DES.

• DES (Data Encryption Standard) – 56-bit key
• 3DES (Triple Data Encryption Standard) – 168-bit key
• AES (Advanced Encryption Standard) - 128, 192, or 256-bit key

Encryption is based on keys. Keys are the ones that helps to encrypt the data.
There are two types of keys:

• Symmetric keys – Same key will be used at both peer ends to Encrypt and Decrypt data.
• Asymmetric Keys – It uses different Keys for Encryption and Decryption of data (Private and Public key)

DH Group will generate two keys (Private and Public Key) on each peer.
Public and Private Keys:

• Each Peer will have its own Public and Private Keys.
• Public key will be shared between each peer.
• Private key will not be shared
• Neighbors Public key will be used for Encrypting the traffic.
• Our own Private key will be used to decrypt the Encrypted traffic.
• The strength of a key is determined by the D-H group used  to generate that key
  • Group 1 – 768 bits
  • Group 2 – 1024 bits
  • Group 5 – 2048 bits

IPSec Overview:

SA (Security Association) – It is a collection of all the information, that consists of what type of encryption, authentication, integrity is used.
You can also look into my Video Tutorial: