I was researching if the pre-shared key exchange between two IPSec VPN SA is encrypted and not sent in clear text. According to RFC 2409, the pre-shared key is protected by the Diffie-Hellman algorithm. Below are some snippets from the said RFC.
I did a quick lab and perform a site-to-site IPSec VPN between a Cisco IOS router and Cisco ASA firewall.
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 200.1.1.2 YES manual up up
FastEthernet1/0 unassigned YES unset administratively down down
FastEthernet1/1 192.168.200.1 YES manual up up
tunnel-group 200.1.1.2 ipsec-attributes
ikev1 pre-shared-key cisco123
The Wireshark packet capture showed the IKE Phase 1 authentication is pre-shared key (packet no. 4). The other authentication method is to use a digital certificate (PKI).
The Main Mode (MM) message #2 (packet no. 8) showed the key exchange data is already hashed (using the DH algorithm).
There are two
basic methods used to establish an authenticated key
exchange: Main Mode and Aggressive Mode.
Each generates
authenticated
keying material from
an ephemeral Diffie-Hellman exchange.
Main Mode
MUST be implemented; Aggressive Mode
SHOULD be implemented. In
addition, Quick Mode MUST be implemented
as a mechanism to generate
fresh keying material and negotiate
non-ISAKMP security services. In
addition, New Group Mode SHOULD be
implemented as a mechanism to
define private groups for Diffie-Hellman
exchanges. Implementations
MUST NOT switch exchange types in the
middle of an exchange.
Four different authentication methods
are allowed with either Main
Mode or Aggressive Mode-- digital
signature, two forms of
authentication with public key
encryption, or pre-shared key. The
value SKEYID is
computed seperately for each authentication method.
SKEYID is a string derived from secret material known
only to the
active players in the
exchange.
For pre-shared
keys: SKEYID = prf(pre-shared-key, Ni_b |
Nr_b)
The result of either Main Mode or
Aggressive Mode is three groups of
authenticated keying material:
SKEYID_d = prf(SKEYID,
g^xy | CKY-I | CKY-R | 0)
SKEYID_a = prf(SKEYID,
SKEYID_d | g^xy | CKY-I | CKY-R | 1)
SKEYID_e = prf(SKEYID,
SKEYID_a | g^xy | CKY-I | CKY-R | 2)
and agreed upon policy to protect
further communications. The values
of 0, 1, and 2 above are represented by
a single octet. The key used
for encryption is derived from SKEYID_e
in an algorithm-specific
To authenticate either exchange the
initiator of the protocol
generates HASH_I and the responder
generates HASH_R where:
HASH_I = prf(SKEYID, g^xi | g^xr |
CKY-I | CKY-R | SAi_b | IDii_b )
HASH_R = prf(SKEYID, g^xr | g^xi |
CKY-R | CKY-I | SAi_b | IDir_b )
For authentication with digital
signatures, HASH_I and HASH_R are
signed and verified; for authentication with either
public key
encryption or
pre-shared keys, HASH_I and HASH_R directly
authenticate the
exchange. The entire ID payload
(including ID type,
port, and protocol but excluding the
generic header) is hashed into
both HASH_I and HASH_R.
I did a quick lab and perform a site-to-site IPSec VPN between a Cisco IOS router and Cisco ASA firewall.
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 200.1.1.2 YES manual up up
FastEthernet1/0 unassigned YES unset administratively down down
FastEthernet1/1 192.168.200.1 YES manual up up
R1#show run
| sec crypto
crypto
isakmp policy 1
encr aes
authentication pre-share
group 2
crypto
isakmp key 6 cisco123 address
100.1.1.2
crypto
ipsec transform-set TSET esp-aes esp-sha-hmac
mode tunnel
crypto
map CMAP 1 ipsec-isakmp
set peer 100.1.1.2
set transform-set TSET
match address 100
crypto map CMAP
ciscoasa#
show interface ip brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 100.1.1.2 YES manual up up
GigabitEthernet1 unassigned YES unset
administratively down up
GigabitEthernet2 unassigned YES unset
administratively down up
ciscoasa#
show run crypto
crypto
ipsec ikev1 transform-set TSET esp-aes esp-sha-hmac
crypto
map CMAP 1 match address 100
crypto
map CMAP 1 set peer 200.1.1.2
crypto
map CMAP 1 set ikev1 transform-set TSET
crypto
map CMAP interface outside
crypto
ikev1 enable outside
crypto
ikev1 policy 1
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto
ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
ciscoasa#
sh run tunnel-group
tunnel-group 200.1.1.2 type ipsec-l2ltunnel-group 200.1.1.2 ipsec-attributes
ikev1 pre-shared-key cisco123
R1#ping
100.1.1.2
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 100.1.1.2, timeout is 2 seconds:
*Dec 19
14:14:29.711: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local=
200.1.1.2:500, remote= 100.1.1.2:500,
local_proxy=
200.1.1.2/255.255.255.255/256/0,
remote_proxy=
100.1.1.2/255.255.255.255/256/0,
protocol= ESP, transform= esp-aes
esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 128,
flags= 0x0
*Dec 19
14:14:29.731: ISAKMP:(0): SA request profile is (NULL)
*Dec 19
14:14:29.731: ISAKMP: Created a peer struct for 100.1.1.2, peer port 500
*Dec 19
14:14:29.735: ISAKMP: New peer created peer = 0x6A8D370C peer_handle =
0x8000000E
*Dec 19
14:14:29.735: ISAKMP: Locking peer struct 0x6A8D370C, refcount 1 for
isakmp_initiator
*Dec 19
14:14:29.739: ISAKMP: local port 500, remote port 500
*Dec 19
14:14:29.739: ISAKMP: set new node 0 to QM_IDLE
*Dec 19
14:14:29.743: ISAKMP:(0):insert sa successfully sa = 6A934514
*Dec 19
14:14:29.743: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
*Dec 19
14:14:29.747: ISAKMP:(0):found peer pre-shared key matching 100.1.1.2
*Dec 19
14:14:29.751: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
*Dec 19
14:14:29.751: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Dec 19
14:14:29.751: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Dec 19
14:14:29.755: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Dec 19
14:14:29.755: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Dec 19
14:14:29.759: ISAKMP:(0):Old State = IKE_READY
New State = IKE_I_MM1
*Dec 19
14:14:29.759: ISAKMP:(0): beginning Main Mode exchange
*Dec 19
14:14:29.763: ISAKMP:(0): sending packet to 100.1.1.2 my_port 500 peer_port 500
(I) MM_NO_STATE
*Dec 19
14:14:29.763: ISAKMP:(0):Sending an IKE IPv4 Packet..
*Dec 19
14:14:31.415: ISAKMP (0): received packet from 100.1.1.2 dport 500 sport 500
Global (I) MM_NO_STATE
*Dec 19
14:14:31.419: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Dec 19
14:14:31.419: ISAKMP:(0):Old State = IKE_I_MM1
New State = IKE_I_MM2
*Dec 19
14:14:31.427: ISAKMP:(0): processing SA payload. message ID = 0
*Dec 19
14:14:31.431: ISAKMP:(0): processing vendor id payload
*Dec 19
14:14:31.431: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
*Dec 19
14:14:31.435: ISAKMP:(0): vendor ID is NAT-T v2
*Dec 19
14:14:31.435: ISAKMP:(0): processing vendor id payload
*Dec 19
14:14:31.435: ISAKMP:(0): processing IKE frag vendor id payload
*Dec 19
14:14:31.439: ISAKMP:(0):Support for IKE Fragmentation not enabled
*Dec 19 14:14:31.439: ISAKMP:(0):found peer
pre-shared key matching 100.1.1.2
*Dec 19 14:14:31.443: ISAKMP:(0): local preshared
key found
*Dec 19
14:14:31.443: ISAKMP : Scanning profiles for xauth ...
*Dec 19
14:14:31.447: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
*Dec 19
14:14:31.447: ISAKMP: encryption
AES-CBC
*Dec 19
14:14:31.447: ISAKMP: keylength of
128
*Dec 19
14:14:31.451: ISAKMP: hash SHA
*Dec 19
14:14:31.451: ISAKMP: default group
2
*Dec 19
14:14:31.451: ISAKMP: auth pre-share
*Dec 19
14:14:31.451: ISAKMP: life type in
seconds
*Dec 19
14:14:31.451: ISAKMP: life duration
(VPI) of 0x0 0x1 0x51 0x80
*Dec 19
14:14:31.451: ISAKMP:(0):atts are acceptable. Next payload is 0
*Dec 19
14:14:31.451: ISAKMP:(0):Acceptable atts:actual life: 0
*Dec 19
14:14:31.451: ISAKMP:(0):Acceptable atts:life: 0
*Dec 19
14:14:31.451: ISAKMP:(0):Fill atts in sa vpi_length:4
*Dec 19
14:14:31.451: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
*Dec 19
14:14:31.451: ISAKMP:(0):Returning Actual lifetime: 86400
*Dec 19
14:14:31.451: ISAKMP:(0)::Started lifetime timer: 86400.
*Dec 19
14:14:31.451: ISAKMP:(0): processing vendor id payload
*Dec 19
14:14:31.451: ISAK.!MP:(0): vendor ID seems Unity/DPD but major 123 mismatch
*Dec 19
14:14:31.451: ISAKMP:(0): vendor ID is NAT-T v2
*Dec 19
14:14:31.451: ISAKMP:(0): processing vendor id payload
*Dec 19
14:14:31.451: ISAKMP:(0): processing IKE frag vendor id payload
*Dec 19
14:14:31.451: ISAKMP:(0):Support for IKE Fragmentation not enabled
*Dec 19
14:14:31.451: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Dec 19
14:14:31.451: ISAKMP:(0):Old State = IKE_I_MM2
New State = IKE_I_MM2
*Dec 19
14:14:31.455: ISAKMP:(0): sending packet to 100.1.1.2 my_port 500 peer_port 500
(I) MM_SA_SETUP
*Dec 19
14:14:31.455: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Dec 19
14:14:31.455: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Dec 19
14:14:31.455: ISAKMP:(0):Old State = IKE_I_MM2
New State = IKE_I_MM3
*Dec 19
14:14:32.675: ISAKMP (0): received packet from 100.1.1.2 dport 500 sport 500
Global (I) MM_SA_SETUP
*Dec 19
14:14:32.675: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Dec 19
14:14:32.675: ISAKMP:(0):Old State = IKE_I_MM3
New State = IKE_I_MM4
*Dec 19
14:14:32.675: ISAKMP:(0): processing KE payload. message ID = 0
*Dec 19
14:14:32.719: ISAKMP:(0): processing NONCE payload. message ID = 0
*Dec 19
14:14:32.719: ISAKMP:(0):found peer pre-shared key matching 100.1.1.2
*Dec 19
14:14:32.723: ISAKMP:(1001): processing vendor id payload
*Dec 19
14:14:32.723: ISAKMP:(1001): vendor ID is Unity
*Dec 19
14:14:32.723: ISAKMP:(1001): processing vendor id payload
*Dec 19
14:14:32.723: ISAKMP:(1001): vendor ID seems Unity/DPD but major 111 mismatch
*Dec 19
14:14:32.723: ISAKMP:(1001): vendor ID is XAUTH
*Dec 19
14:14:32.723: ISAKMP:(1001): processing vendor id payload
*Dec 19
14:14:32.723: ISAKMP:(1001): speaking to another IOS box!
*Dec 19
14:14:32.723: ISAKMP:(1001): processing vendor id payload
*Dec 19
14:14:32.723: ISAKMP:(1001):vendor ID seems Unity/DPD but hash mismatch
*Dec 19
14:14:32.727: ISAKMP:received payload type 20
*Dec 19
1.4:14:32.727: ISAKMP (1001): His hash no match - this node outside NAT
*Dec 19
14:14:32.727: ISAKMP:received payload type 20
*Dec 19
14:14:32.727: ISAKMP (1001): No NAT Found for self or peer
*Dec 19
14:14:32.727: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Dec 19
14:14:32.727: ISAKMP:(1001):Old State = IKE_I_MM4 New State = IKE_I_MM4
*Dec 19
14:14:32.727: ISAKMP:(1001):Send initial contact
*Dec 19 14:14:32.727: ISAKMP:(1001):SA is doing
pre-shared key authentication using id type ID_IPV4_ADDR
*Dec 19
14:14:32.731: ISAKMP (1001): ID payload
next-payload : 8
type : 1
address : 200.1.1.2
protocol : 17
port : 500
length : 12
*Dec 19
14:14:32.731: ISAKMP:(1001):Total payload length: 12
*Dec 19
14:14:32.731: ISAKMP:(1001): sending packet to 100.1.1.2 my_port 500 peer_port
500 (I) MM_KEY_EXCH
*Dec 19
14:14:32.731: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Dec 19
14:14:32.731: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Dec 19
14:14:32.731: ISAKMP:(1001):Old State = IKE_I_MM4 New State = IKE_I_MM5
*Dec 19
14:14:32.847: ISAKMP (1001): received packet from 100.1.1.2 dport 500 sport 500
Global (I) MM_KEY_EXCH
*Dec 19
14:14:32.847: ISAKMP:(1001): processing ID payload. message ID = 0
*Dec 19
14:14:32.851: ISAKMP (1001): ID payload
next-payload : 8
type : 1
address : 100.1.1.2
protocol : 17
port : 0
length : 12
*Dec 19
14:14:32.855: ISAKMP:(0):: peer matches *none* of the profiles
*Dec 19
14:14:32.855: ISAKMP:(1001): processing HASH payload. message ID = 0
*Dec 19
14:14:32.859: ISAKMP:received payload type 17
*Dec 19
14:14:32.863: ISAKMP:(1001): processing vendor id payload
*Dec 19
14:14:32.863: ISAKMP:(1001): vendor ID is DPD
*Dec 19 14:14:32.863: ISAKMP:(1001):SA
authentication status: authenticated
*Dec 19
14:14:32.863: ISAKMP:(1001):SA has been authenticated with 100.1.1.2
*Dec 19
14:14:32.863: ISAKMP: Tryi.
Success
rate is 20 percent (1/5), round-trip min/avg/max = 140/140/140 ms
R1#ng to
insert a peer 200.1.1.2/100.1.1.2/500/,
and inserted successfully 6A8D370C.
*Dec 19
14:14:32.863: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Dec 19
14:14:32.867: ISAKMP:(1001):Old State = IKE_I_MM5 New State = IKE_I_MM6
*Dec 19
14:14:32.867: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Dec 19
14:14:32.867: ISAKMP:(1001):Old State = IKE_I_MM6 New State = IKE_I_MM6
*Dec 19
14:14:32.867: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Dec 19
14:14:32.867: ISAKMP:(1001):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
*Dec 19
14:14:32.871: ISAKMP:(1001):beginning Quick Mode exchange, M-ID of 1599725558
*Dec 19
14:14:32.875: ISAKMP:(1001):QM Initiator gets spi
*Dec 19
14:14:32.875: ISAKMP:(1001): sending packet to 100.1.1.2 my_port 500 peer_port
500 (I) QM_IDLE
*Dec 19
14:14:32.875: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Dec 19
14:14:32.875: ISAKMP:(1001):Node 1599725558, Input = IKE_MESG_INTERNAL, IKE_I
R1#NIT_QM
*Dec 19
14:14:32.875: ISAKMP:(1001):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
*Dec 19
14:14:32.875: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Dec 19 14:14:32.875: ISAKMP:(1001):Old State =
IKE_P1_COMPLETE New State =
IKE_P1_COMPLETE
*Dec 19 14:14:32.947: ISAKMP (1001): received packet
from 100.1.1.2 dport 500 sport 500 Global (I) QM_IDLE
*Dec 19
14:14:32.951: ISAKMP:(1001): processing HASH payload. message ID = 1599725558
*Dec 19
14:14:32.951: ISAKMP:(1001): processing SA payload. message ID = 1599725558
*Dec 19
14:14:32.951: ISAKMP:(1001):Checking IPSec proposal 1
*Dec 19
14:14:32.951: ISAKMP: transform 1, ESP_AES
*Dec 19
14:14:32.951: ISAKMP: attributes in
transform:
*Dec 19
14:14:32.951: ISAKMP: SA life type
in seconds
*Dec 19
14:14:32.951: ISAKMP: SA life
duration (basic) of 3600
*Dec 19
14:14:32.951: ISAKMP: SA life type
in kilobytes
*Dec 19
14:14:32.951: ISAKMP: SA life
duration (VPI) of 0x0 0x46
R1#0x50
0x0
*Dec 19
14:14:32.951: ISAKMP: encaps is 1
(Tunnel)
*Dec 19
14:14:32.951: ISAKMP: authenticator
is HMAC-SHA
*Dec 19
14:14:32.951: ISAKMP: key length is
128
*Dec 19 14:14:32.951: ISAKMP:(1001):atts are
acceptable.
*Dec 19
14:14:32.951: IPSEC(validate_proposal_request): proposal part #1
*Dec 19
14:14:32.951: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 200.1.1.2:0,
remote= 100.1.1.2:0,
local_proxy=
200.1.1.2/255.255.255.255/256/0,
remote_proxy=
100.1.1.2/255.255.255.255/256/0,
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128,
flags= 0x0
*Dec 19
14:14:32.951: Crypto mapdb : proxy_match
src addr : 200.1.1.2
dst addr : 100.1.1.2
protocol : 0
src port : 0
dst port : 0
*Dec 19
14:14:32.955: ISAKMP:(1001): processing NONCE payload. message ID = 1599725558
*Dec 19
14:14:32.955: ISAKMP:(1001): processing ID payload
R1#.
message ID = 1599725558
*Dec 19
14:14:32.955: ISAKMP:(1001): processing ID payload. message ID = 1599725558
*Dec 19
14:14:32.955: ISAKMP:(1001):Node 1599725558, Input = IKE_MESG_FROM_PEER,
IKE_QM_EXCH
*Dec 19
14:14:32.955: ISAKMP:(1001):Old State = IKE_QM_I_QM1 New State = IKE_QM_IPSEC_INSTALL_AWAIT
*Dec 19
14:14:32.955: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Dec 19
14:14:32.955: Crypto mapdb : proxy_match
src addr : 200.1.1.2
dst addr : 100.1.1.2
protocol : 256
src port : 0
dst port : 0
*Dec 19
14:14:32.955: IPSEC(crypto_ipsec_create_ipsec_sas): Map found CMAP
*Dec 19
14:14:32.959: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the
same proxies and peer 100.1.1.2
*Dec 19
14:14:32.967: IPSEC(create_sa): sa created,
(sa) sa_dest= 200.1.1.2, sa_proto= 50,
sa_spi= 0x3CE36FDB(1021538267),
sa_trans= esp-aes esp-sha-hmac ,
sa_conn_id= 1
sa_lifetime(k/sec)= (4608000/3600)
*Dec 19
14:14:32.967: IPSEC
R1#(create_sa):
sa created,
(sa) sa_dest= 100.1.1.2, sa_proto= 50,
sa_spi= 0x5D1C90F(97634575),
sa_trans= esp-aes esp-sha-hmac ,
sa_conn_id= 2
sa_lifetime(k/sec)= (4608000/3600)
*Dec 19
14:14:32.971: IPSEC: Expand action denied, notify RP
*Dec 19
14:14:32.971: ISAKMP: Failed to find
peer index node to update peer_info_list
*Dec 19
14:14:32.975: ISAKMP:(1001):Received IPSec Install callback... proceeding with
the negotiation
*Dec 19 14:14:32.975: ISAKMP:(1001): sending packet
to 100.1.1.2 my_port 500 peer_port 500 (I) QM_IDLE
*Dec 19
14:14:32.979: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Dec 19
14:14:32.979: ISAKMP:(1001):deleting node 1599725558 error FALSE reason
"No Error"
*Dec 19
14:14:32.979: ISAKMP:(1001):Node 1599725558, Input = IKE_MESG_FROM_IPSEC,
IPSEC_INSTALL_DONE
*Dec 19 14:14:32.979: ISAKMP:(1001):Old State =
IKE_QM_IPSEC_INSTALL_AWAIT New State =
IKE_QM_PHASE2_COMPLETE
R1#show
crypto isakmp sa
IPv4
Crypto ISAKMP SA
dst src state conn-id status
100.1.1.2 200.1.1.2 QM_IDLE 1001 ACTIVE
IPv6
Crypto ISAKMP SA
The Wireshark packet capture showed the IKE Phase 1 authentication is pre-shared key (packet no. 4). The other authentication method is to use a digital certificate (PKI).
The Main Mode (MM) message #2 (packet no. 8) showed the key exchange data is already hashed (using the DH algorithm).