Tag Archives: IPSec

ESP[Encapsulating Security Payload ] and AH [Authentication Header ]

ESP provides confidentiality, Authentication, Integrity, Anti replay ESP packet format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameters Index (SPI) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Data* (variable) | ~ ~ | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Padding (0-255 bytes) | … Continue reading

Posted in Protocol | Tagged , , | Leave a comment

IPSec (IKEv1) on ASA 8.2

The default configuration on ASA 8.2 for phase 1 is as follows: Authentication: Pre-shared key Encryption : 3des Hash: sha Group: DH group 2 Lifetime: 86400 The default configuration for ASA 8.2 for phase 2 is: Encryption: esp-3des Hashing: esp-sha-hmac … Continue reading

Posted in ASA | Tagged , , , , , | Leave a comment

Dead peer detection RFC 3706

DPD overcome shortcoming of keepalives and heartbeats. Keepalive and heartbeat should be exchanged on regular interval of time however with DPD it is not like that. If there is ongoing valid IPSec traffic between the two peers then there is … Continue reading

Posted in Protocol | Tagged , | Leave a comment

NAT-T in IKE RFC 3947

NAT-T (NAT Traversal): Why we need NAT-T?: If the IPSec peer are behind some NAT device then the NAT device will not be able to do NAT because ESP packet doesnot have any L4 port so with the help of … Continue reading

Posted in Protocol | Tagged , | Leave a comment

Deffi Hellman Algo

Deffie hellman Algo is used to generate same secret key between two devices without transferring the key over network. DH groups: DH group 1  –  768 bit modulus DH group 2  – 1024 bit modulus DH group 5  – 1536 … Continue reading

Posted in Algorithms | Tagged , | Leave a comment

IPSec

IPSec provides: Integrity, Authentication, Confidentiality. Integrity means that received data is not altered by someone this is done by hashing. Authentication means per should provide its identity to prove what he claims to be is correct this is done by … Continue reading

Posted in IPSec, Protocol | Tagged , , , , , , , | Leave a comment