I need to confirm my understanding of IPSEC phase 1. As per my understanding in the capture below, the first 2 messages are agreeing on the parameters, the next 2 are key exchange the final 2 is authenticating each other?
If you at the packet 77, we see the field "Key Exchange Data". Is is the actual DH key that is being exchanged?
Phase 1 seems to be a bit complicated to me. Can someone explain the phase 1 process by referencing the capture above. This is my configuration for your reference.
Configs:
R1#show running-config | section crypto|isakmp|access-list
crypto isakmp policy 10
encr aes 192
hash sha384
authentication pre-share
group 5
crypto isakmp key cisco address 12.1.1.2
crypto ipsec transform-set ESP_AES_192_SHA1 esp-aes 192 esp-sha-hmac
mode tunnel
crypto map MAP1 local-address Loopback1
crypto map MAP1 10 ipsec-isakmp
set peer 12.1.1.2
set transform-set ESP_AES_192_SHA1
match address R1-R2
ip access-list extended R1-R2
permit ip 15.1.1.0 0.0.0.255 23.1.1.0 0.0.0.255
R2#show running-config | section crypto|isakmp|access-list
crypto isakmp policy 10
encr aes 192
hash sha384
authentication pre-share
group 5
crypto isakmp key cisco address 1.1.1.1
crypto ipsec transform-set ESP_AES_192_SHA1 esp-aes 192 esp-sha-hmac
mode tunnel
crypto map MAP1 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set ESP_AES_192_SHA1
match address R2-R1
ip access-list extended R2-R1
permit ip 23.1.1.0 0.0.0.255 15.1.1.0 0.0.0.255
Best Answer
You posted a capture of an IKEv1 Main Mode negotiation. In this negotiation there are 6 messages, or 3 pairs of back-and-forth exchanges.
The first exchange is the negotiation of the ISAKMP Policy Suite. The second exchange is the negotiation of Diffie-Hellman. The third exchange is validating each peer has the proper authentication data (typically pre-shared-keys, but can also be certificates).
This is all goverened by RFC 2409, which explains a IKEv1 Main Mode exchange with Pre-Shared-Key authentication looks like this:
Exchange 1
In the first exchange, the SA payload is what the peers use to suggest ISAKMP Policies (as the initiator), and to confirm the selected policy (as the responder).
Exchange 2
In the second exchange, there are two payloads:
KE
and eitherNi
orNr
(i=initiator, r=responder).The
KE
value, which you have highlighted in your picture is the Diffie-Hellman Public key. Each party has their own, and this is where it is shared. In this DH Illustration, this would be Alice and Bob sharing their values of2
and9
.This value will be combined with a Private value that each party generated (and never shared). The final result will be the Shared Secret, which is the final goal of the Diffie-Hellman exchange. The Shared Secret will then be used to derive Session Keys -- specifically, a symmetric encryption key and an HMAC key.
Anyone eavesdropping will not be able to put together the final value because they don't have access to either of the private values that both parties generated.
The
Ni
orNr
values are what is known as a Nonce. This is simply a random number generated by the Initiator and Responder that is used in generating keying material. The term "Nonce" sort-of stands for Number used Once (N+Once = nonce).Exchange 3
In the final exchange, the
IDi
andHASH_
values correlate to an Identity Method and an Identity Hash. Ther
andi
at the end of either of these payloads indicates the one sent by the Responder (r
) or sent by the Initiator (i
).These values are used to validate each Peer's identity. The way this is done with pre-shared-keys I've explained in another answer, but the crux of it is here:
TLDR - The value you highlighted is the DH Public Key, which is the public value that will be combined by either party with a Private value (which is never shared) to created a DH Shared Secret (which is never shared).