Tag Archives: IPSec

ESP[Encapsulating Security Payload ] and AH [Authentication Header ]

Posted on December 2, 2017 by pankajsheoran

ESP provides confidentiality, Authentication, Integrity, Anti replay ESP packet format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameters Index (SPI) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Data* (variable) | ~ ~ | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Padding (0-255 bytes) | … Continue reading →

Posted in Protocol | Tagged AH, ESP, IPSec | Leave a comment

IPSec (IKEv1) on ASA 8.2

Posted on October 26, 2016 by pankajsheoran

The default configuration on ASA 8.2 for phase 1 is as follows: Authentication: Pre-shared key Encryption : 3des Hash: sha Group: DH group 2 Lifetime: 86400 The default configuration for ASA 8.2 for phase 2 is: Encryption: esp-3des Hashing: esp-sha-hmac … Continue reading →

Posted in ASA | Tagged firewall, ikev1, IPSec, iskamp, site to site, vpn | Leave a comment

Dead peer detection RFC 3706

Posted on October 12, 2016 by pankajsheoran

DPD overcome shortcoming of keepalives and heartbeats. Keepalive and heartbeat should be exchanged on regular interval of time however with DPD it is not like that. If there is ongoing valid IPSec traffic between the two peers then there is … Continue reading →

Posted in Protocol | Tagged IPSec, site to site | Leave a comment

NAT-T in IKE RFC 3947

Posted on October 11, 2016 by pankajsheoran

NAT-T (NAT Traversal): Why we need NAT-T?: If the IPSec peer are behind some NAT device then the NAT device will not be able to do NAT because ESP packet doesnot have any L4 port so with the help of … Continue reading →

Posted in Protocol | Tagged IPSec, site to site | Leave a comment

Deffi Hellman Algo

Posted on October 9, 2016 by pankajsheoran

Deffie hellman Algo is used to generate same secret key between two devices without transferring the key over network. DH groups: DH group 1 – 768 bit modulus DH group 2 – 1024 bit modulus DH group 5 – 1536 … Continue reading →

Posted in Algorithms | Tagged Deffie Hellman, IPSec | Leave a comment

IPSec

Posted on October 3, 2016 by pankajsheoran

IPSec provides: Integrity, Authentication, Confidentiality. Integrity means that received data is not altered by someone this is done by hashing. Authentication means per should provide its identity to prove what he claims to be is correct this is done by … Continue reading →

Posted in IPSec, Protocol | Tagged aggressive mode, ikev1, IPSec, iskamp, main mode, phase 1, site to site, vpn | Leave a comment