7. IKE main mode more details, explanation
So in this lecture we want to talk about some concepts. To make sure we clear on, we need to be familiar with the Diffie Hellman groups. Diffie Hillman is a method allowing two parties to exchange numbers to each other and arrive to a common shared secret key. And the way they do that is using Public Number and a generator. The Public Number and the generator is well known in Advanced. This is based on the RFC. If you look at the RFC here, there’s like group One, the numbers are pretty known in Advanced. Group ID is assigned 14. This is group 14, this is group 515. 36 bits you see here the Public Number is known, it’s a pretty large number and this generator also is known in advance.
So this is defined in the RFC. But the secret sauce here is those two parties that want to talk to each other, they agree on what group they’re going to be using, which dictates what the Public Number is and the generator. And basically each side come up with its own private number and then create a public key, send it to the other side, this side Private Number and create the Public key and then send it to the other side. The outcome is the calculation of the two sides is equal and it creates a shared secret key. So shared secret key is equal between the two sides. So this is one key function that allows two VPN devices to talk to each other and arrive to a shared secret key and continue on to communicate secret information like details of the details needed to start the encryption process.
And IC version one, the main mode. Here we have an Initiator and responder VPN device. The Initiator sends the beginning of the conversation, sends its preferred encryption hashing and Diffihillman Group sends a list. So for example, the insured would say hey, I want to use Triple Des MD Five, group Two and that’s my first option. Next option. I would like to use Aeschao group five. The responder would look at that message and pick one of the encryption hashing and group that it prefers and it sends back the initiator. This is the encryption hash and DH that I would like to use, that I agree on, or it picks one so it says that I agree on. So now the initiator knows that what the responder Dphelman group is. And it can do the next step can generate its own Dfihelman public key based on the group that both sides agreed upon.
And then it will send its own identification so that the other side can know which preshared key to use and then other key material information that’s used in creating the shared secret key. It sends this to the other side and now the responder can do the same, create the film and public key. And now that it knows the other side public key, it can create its own shared secret key. And now that it has its own shared secret key, it’s going to send its own public key to the initiator. So here the initiator sends its public key to the respond. Public key initiator. The responder would respond with public key responder the diffusion public key responder. Now the initiator knows the defeatment public key of the responder. It has its own defeatment key. It can generate its own shared secret key.
Now that the two shared secret keys are agreed upon and they are the same on both sides, they can proceed to the next step which is authenticating each other, sending the authentication information. So now that the shared secret key is known for both sides spawner initiator. They will create a key seed. The key seed does a serial random function and a silver random function. In the case of act version one is the same as the hashing function selected and they take the preset key as input for this formula. So this is the first key that gets created. They’re going to create the phase two key out of the seed key and then they’re going to use that same key seed. They’re going to feed that key seed. So they select the phase two key based on that sitronum function.
They feed it in with additional information to get the phase two key which is called keyd decryption key, and take that key and feed it in to another end function to get the authentication key and then take that authentication key and feed it into another function to come up with the encryption key. So both sides are doing the same operation. They are after the same keys. The initiator needs to authenticate itself so it creates a hash. This hash includes the hash for initiator. This hash includes the key seed plus DPM and public key initiator, responder, key responder and other information. And then it’s going to take that entire hash message and encrypted with key encryption key with the encryption key and it’s going to send it to the responder.
The responder when it gets this message because it did the same calculation, it can now decrypt that message. So let’s go ahead and decrypt that message because it has the same encryption key, it’s going to decrypt that message and then it’s going to run the same hash function, extract the hash function, run the same hash function and validate the identity of the initiator. And the opposite occurs on the responder side. It creates a hash R which includes the sydronome function that includes the key seat, defeat and public key for the responder. It’s basically a flip defeat, public key for responder, then defeat public key for initiator, create that hash and then send it out to the initiator and encrypt it and then send it out to the initiator and the initiator should be able to encrypt it, validate it. And if it validates, then phase one is complete.There are six messages.
Message. One mm. One proposal. Mm two agreement. Mm three key exchange. Mm, four key exchange. And this is the initiator side. This is the responder side. Then both sides here will calculate the shared secret key encryption key, hash of password, encrypt the hash of the password, sorry, encryption key, hashing key and then authenticate themselves by putting, creating a hash and then encrypting that hash with the key encryption key, sending it to the other side. This is message five, this is authentication. And then message six, the responder would do the same thing and then send it to the initiator. And then this is authentication.
So the first two phases are just agreeing on the proposals. Second two phases are key exchanges.The last two phases are the authentication. So phase one, give us the encryption key, the hashing key, and the phase two key as well. And those are going to get used in the next step, which is phase two. In phase two, there’s two ways of doing phase two and act V one with PFS and without PFS, we’re going to start talking by with PFS you have two VPN appliances responder. They want to encrypt traffic sent between each other. Typically they would have a list of network, let’s say network A to network B, network Eight to network C. And the initiator would send the responder.
For each one of those pairs we would send a request which is called Outbound SPI. SPI this outbound SPI has the network pair that it wants to encrypt, what type of encryption and hashing to be used, and some additional numbering stuff that it will use in the key keying material.And it takes this entire message and hash it with the Skida, which is the key, the authentication key that was. So on phase one, we had the authentication key, we had the encryption key and phase two key created. So and then text this information, hash it and then encrypt it and send it to the responder. So this is quick mode message one. The responder gets this information and when it gets this information that’s considered the inbound SPI, it checks to make sure that it has the corresponding pair and it’s interesting traffic.
So to say, it says, okay, yeah, I have a corresponding pair. Now I’m going to be doing the same. I’m going to be sending you a message telling you what encryption, the natural pair, what encryption I selected, selected encryption and hashing. And it’s going to take this message, hash it with the hashing key and then encrypt it with the encryption key. So hash net encrypt, okay, initiator. Now we’ll get it. So this is quick mode message two, the initiator. Now we get that message, it will use now key ski ID D or the phase II key that was created on phase based on phase one, to calculate something called the keying material or key mat.
This is the key that’s going to get used to encrypt the traffic. And it basically takes that sort of random function as the hashing function agreed upon in phase one and then puts the encryption, the key for phase two which is key D called and then the protocol selected and some additional information and it calculates its creates its encryption key. Okay, so this is the encryption key for this side of the conversation. The encryption key for this side of conversation. It will be done also the same way but using an opposite numbers. The numbers are known to both sides based on the communication that was negotiated. But this side creates an encryption key. Okay, so let’s call this encryption key Responder encryption key. Initiator the encryption key responder and initiator are known to each other because they know what formula they use to calculate this key.
But the encryption from the initiator is different than the encryption from the responder. And this is the symmetric key phase. But before we go into the symmetric key phase, what happens is there’s a third message, this QM three. Basically it’s a message validation, message validation. This way they close the loop on the conversation. So after phase two is done, we have the initiator. It has an outbound SPI and it has an inbound SPI and the responder have an inbound SPI and an outbound SPI. So those are equal. So whatever is an outbound SPI is the same as the inbound SPI on the other side and vice versa. So when it wants to send traffic to initiator sends traffic to responder, it encrypts with key A, send it to responder. The responder would decrypt using key B.
This is the initiator key and this responder key using key I. So it encrypts with key I and then the decryption on the other side would be done with key I. So they use symmetric encryption. So this is symmetric phase of the encryption and from the responder to the initiator, the responder encrypts with Tr and initiator decrypts with Cr. So the quick mode is done for each pair of networks. The two sides want to communicate to each other and encrypt traffic for here’s A to B, here’s B to A to C to A. So there’s a quick mode for this and a quick mode for this. The keys that are used here are not the same the keys that I use here. So before we jump into more details, let’s see this in action. The quick modes happening for different network AB pair. And then we’re going to talk about beautiful.
8. Understanding IPSec Quick mode with PFS
Now in the case of phase two with PFS, there’s a different diffihillman key exchange that happens in phase two. So in phase one we had a diffiehammen key exchange and that was used to negotiate hide the communication between the two pairs, the initiator and responder. It was used to identify across and come up with a shared secret key with a shared key which gave you the authentication key, phase two key and encryption key. And both sides came up with the same conclusion on what keys they are. It’s equal on both sides. Now in the case of phase two with PFS, the Quick mode message one includes another devihaman key that is used to negotiate a new shared secret key for the keying material.
On Quick Mode, phase one initiator would send the responder, the pair AB pair transform set, what encryption hashing it will be using and it would send the diffihelman key and the responder would respond back with its own diffihelman key. You have the initiative and responder. In the case of Quick Mode with PFS, the first message included which pair of network to encrypt AB a what transform set which is what encryption and hashing it would like to use. And it’s going to send at this time a diffi hellman public key and a group in the transform set, it has the what encryption and hashing it’s want to use and which group.
And the other side basically what it does is it’s going to hash the message with the hashing key and then encrypt the message with the encryption key and it’s going to send this to the other side. This is the outbound SPI and this is the inbound SPI. The other side would get this message and it’s going to select its preferred encryption and hashing and it’s going to hash the message and then encrypt it hash with the phase one hash key and encrypt with the phase one encryption key and it’s going to send it to the other side. So this is Quick mode message too. So what’s the difference between this is the outbound SPI and this is inbound SPI? If we see here from the outbound SPI, I want to show you this from the previous lecture. It’s opposite. We see here the inbound SPI and alban SPI.
If we look at the other side, it should be the opposite. So Ae 5685 should have this here, 6657 Ce, this is here, outbound here it’s inbound, outbound and inbound. Okay, so what happens the difference then? From that point they calculate the new set of keys for IPsec. How do they calculate this? They come up with the diffihelman shared secret key, exactly like we describe phase one, shared secret key. So diffihelman shared secret key and then they’re going to create the key material and the key material is going to now include the set random function is going to include the shared secret key since both sides have the shared secret key they would know how to encrypt. And you have different encryption key here. So this is encryption initiator and this is encryption responder. The initiator would encrypt with the keynote that was calculated and send a message to the responder. Responder would decrypt with encryption I with the encryption key i.
And then the responder would encrypt with encryption key R. The initiator would decrypt with R. Of course, the same quick mode message three is the same. So the only difference here between PFS and no PFS is the fact that they exchange a different set of diffusion on public key in the quick mode phase. Clear the session, clear the tunnel. Clear. VPN IPsec SA on this side. Clear. VPN IPsec SA show VPN IPsec SA There should be no Ipsecase. Show VPN IPsec SA no. Show VPN. IPsec. S A. There’s no IPsec as a Now I’m going to change my phase two to include PFS. If I look here, phase one is still up, but phase two is down.So this is phase one. This is phase two. On the other side, the same thing.
And the IPsec crypto I’m going to introduce here what’s the crypto that was used, the IPsec crypto that was used was phase two. Side B. Side B. I’m going to put PFS. I’m going to make the lifetime really short. This way you can see it negotiating 180 seconds. So groupon and IPsec crypto essay, three minutes, 180 seconds. Okay. So let’s see what happens and let’s debug IP second. So I’m going to basically debug act manager global, debug global on debug and until followes MP log, the management plane log, act manager log and going to try to initiate a ping. Ping 1921-6822. You see here the algorithm begin decryption. They are actually doing the phase two, phase one last IV hash, the hash encryption key. And then phase two IV compute and oakley. Beginning decryption.
This is creating the diffusion key and sending traffic going through the phase, the different quick modes. So let’s API CA and we have here an episode established and we’re able to ping the other side. It should now every three minutes renegotiate the keys. So we’ll give it a couple of minutes here. It’s probably going to go down because there’s no traffic. Oh, there you go. It’s going to do an oakley based connection. So after three minutes it negotiated a new set of keys, 22. That was 17 and 22 after three minutes negotiating a new set of keys. So every three minutes is going to negotiate PFS. So let’s see if we introduce a mismatch. I’m going to clear this way you have an idea of what happens when you have a mismatch. Let’s clear the Ipsecase.
Let’s see what happens when you have a mismatch on phase two. What will happen if phase one will be established? But phase two see, I brought it down, but phase two would be down. So phase two is down right now on the side. B. Firewall. I am going to make this group too. This way. They don’t agree. Let me do debug. I’m going to ping the other side and let’s see what message we’re going to get. HMAC? Hash computed debug. Mptype eight notify proposal chosen. You see, there’s phase two. No proposal chosen. This is notified of phase one. Basically, it notifies phase one. Hey. No proposal was chosen for phase two. So that’s what a typical message is going to be like when you have a phase two mismatch.
And the symptoms will be that the Ipsect tunnel. Phase one will be up, but phase two will be down. Why? Because your phase one was completed successfully and phase two come time to do phase two, they didn’t agree. Phase one was finished. And then phase two is mismatch. And what happens is phase one, which is IC. Phase two is IPsec. Phase one is Ike. Phase one will notify hey. Notification, no proposal chosen. So hopefully that was informative. Helps you troubleshoot VPN IPsec related issues on the Palo Alto firewall. The debug command comes in handy because it helps you really look at and see. You can tail follow the MP log, but once you’re done, you just need to turn off the debug. It doesn’t introduce overhead on the firewall. So first thing that I did was debug. I global on debug. I’m going to change it back to normal.
