Ip Sec Cheat Sheet

ADVERTISEMENT

IP
SEC
packetlife.net
Protocols
Encryption Algorithms
Type
Key Length (Bits)
Strength
Internet Security Association and Key Management
Protocol (ISAKMP)
DES Symmetric
56
Weak
A framework for the negotiation and management of
3DES Symmetric
168
Medium
security associations between peers (traverses UDP/500)
AES Symmetric
128/192/256
Strong
Internet Key Exchange (IKE)
Responsible for key agreement using asymmetric
RSA Asymmetric
1024+
Strong
cryptography
Hashing Algorithms
Encapsulating Security Payload (ESP)
Provides data encryption, data integrity, and peer
Length (Bits)
Strength
authentication; IP protocol 50
MD5 128
Medium
Authentication Header (AH)
SHA-1 160
Strong
Provides data integrity and peer authentication, but not data
encryption; IP protocol 51
IKE Phases
Phase 1
IPsec Modes
A bidirectional ISAKMP SA is established
Original
between peers to provide a secure management
L2
IP
TCP/UDP
Packet
channel (IKE in main or aggressive mode)
Phase 1.5 (optional)
Transport
L2
IP
ESP/AH
TCP/UDP
Xauth can optionally be implemented to enforce
Mode
user authentication
Tunnel
L2
New IP
ESP/AH
IP
TCP/UDP
Phase 2
Mode
Two unidirectional IPsec SAs are established for
data transfer using separate keys (IKE quick
Transport Mode
mode)
The ESP or AH header is inserted behind the IP header; the
IP header can be authenticated but not encrypted
Terminology
Tunnel Mode
Data Integrity
A new IP header is created in place of the original; this
Secure hashing (HMAC) is used to ensure data
allows for encryption of the entire original packet
has not been altered in transit
Configuration
Data Confidentiality
Encryption is used to ensure data cannot be
ISAKMP Policy
crypto isakmp policy 10
intercepted by a third party
encryption aes 256
Data Origin Authentication
hash sha
authentication pre-share
Authentication of the SA peer
group 2
Anti-replay
lifetime 3600
Sequence numbers are used to detect and
discard duplicate packets
ISAKMP Pre-Shared Key
crypto isakmp key 1 MySecretKey address 10.0.0.2
Hash Message Authentication Code (HMAC)
A hash of the data and secret key used to
IPsec Transform Set
provide message authenticity
crypto ipsec transform-set MyTS esp-aes 256 esp-sha-hmac
Diffie-Hellman Exchange
mode tunnel
A shared secret key is established over an
insecure path using public and private keys
IPsec Profile
crypto ipsec profile MyProfile
Troubleshooting
set transform-set MyTS
show crypto isakmp sa
Virtual Tunnel Interface
interface Tunnel0
show crypto isakmp policy
ip address 172.16.0.1 255.255.255.252
tunnel source 10.0.0.1
show crypto ipsec sa
tunnel destination 10.0.0.2
tunnel mode ipsec ipv4
show crypto ipsec transform-set
tunnel protection ipsec profile MyProfile
debug crypto {isakmp | ipsec}
by Jeremy Stretch
v2.0

ADVERTISEMENT

00 votes

Related Articles

Top 20 Happy Easter Cards And Gift Tags To Download For Free
Top Ten Easter Arts And Crafts Activities For Your Kids
Free Easter Coloring Pages And Easter Printables For Your Kids

Related forms

Cheat Sheet - Subnetting Cheat Sheet - Subnetting Education
Cheat Sheet For Probability Theory Cheat Sheet For Probability Theory Education
Cheat Sheet For Geometry Cheat Sheet For Geometry Education
Cheat-sheet-mel-4 Cheat-sheet-mel-4 Education
Cheat Sheet For Writing A Scientific Manuscript Cheat Sheet For Writing A Scientific Manuscript Education
Cheat Sheet - Cumulus Linux Cheat Sheet - Cumulus Linux Education
Cheat Sheet: Housing Status And Program Type Eligibility Cheat Sheet: Housing Status And Program Type Eligibility Legal
Cheat Sheet - Success Formula Cheat Sheet - Success Formula Business
Cheat Sheet Twitter - Spark Media Cheat Sheet Twitter - Spark Media Education
Cheat Sheet For Birth Amendments - California Department Of Public Health Cheat Sheet For Birth Amendments - California Department Of Public Health Education

Related Categories

Parent category: Education
Download
Go