Document ID: 115730
Updated: Feb 01, 2013
Contributed by Graham Bartlett, Advanced Services.
Contents
Introduction
This document describes how to configure a FlexVPN between two routers that support the Cisco Next-Generation Encryption (NGE) set of algorithms.
Next-Generation Encryption
Cisco Next-Generation Encryption cryptography secures information which travels over networks that use four configurable, well-established, and public-domain cryptographic algorithms:
-
Encryption based on the Advanced Encryption Standard (AES) which uses 128-bit or 256-bit keys
-
Digital signatures with the Elliptic Curve Digital Signature Algorithm (ECDSA) that use curves with 256-bit and 384-bit prime moduli
-
Key exchange that uses the Elliptic Curve Diffie-Hellman (ECDH) method
-
Hashing (digital fingerprints) based on the Secure Hash Algorithm 2 (SHA-2)
The National Security Agency (NSA) states that these four algorithms in combination provide adequate information assurance for classified information. NSA Suite B cryptography for IPsec has been published as a standard in RFC 6379, and has gained acceptance in the industry.
Suite Suite-B-GCM-128
As per RFC 6379, these algorithms are required for suite Suite-B-GCM-128.
This suite provides Encapsulating Security Payload (ESP) integrity protection and confidentiality with 128-bit AES-GCM (see RFC4106). This suite should be used when ESP integrity protection and encryption are both needed.
ESP
| Encryption | AES with 128-bit keys and 16-octet Integrity Check Value (ICV) in Galois/Counter Mode (GCM) (RFC4106) |
| Integrity | NULL |
IKEv2
| Encryption | AES with 128-bit keys in Cipher Block Chaining (CBC) mode (RFC3602) |
| Pseudo-random function | HMAC-SHA-256 (RFC4868) |
| Integrity | HMAC-SHA-256-128 (RFC4868) |
| Diffie-Hellman group | 256-bit random ECP group (RFC5903) |
More information on Suite B and Next-Generation Encryption can be found at Next-Generation Encryption.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
-
FlexVPN
-
IKEv2
-
IPsec
Components Used
The information in this document is based on these software and hardware versions:
-
Hardware: Integrated Services Routers (ISR) Generation 2 (G2) that run the security license.
-
Software: Cisco IOSĀ® Software Release 15.2.3T2. Any release of Cisco IOS Software Release M or 15.1.2T or later can be used since this is when GCM was introduced.
For details, refer to Feature Navigator.
Certificate Authority
Currently the Cisco IOS software does not support a local Certificate Authority (CA) server that runs ECDH, which is required for Suite B. A 3rd party CA server must be implemented. For this example, we use a Microsoft CA based on Suite B PKI.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.
Network Topology
This guide is based on the illustrated topology below. IP addresses should be amended to suit your requirements.
Note: The setup consists of two routers directly connected, which might be separated by many hops. If so, ensure that there is a route to get to the peer IP address. This configuration only details the encryption used. IKEv2 routing or a routing protocol should be implemented over the IPsec VPN.
Steps Required to Enable the Router to use the Elliptic Curve Digital Signature Algorithm
-
Create the domain name and hostname, which are prerequisites to create an EC keypair.
ip domain-name cisco.com hostname Router1 crypto key generate ec keysize 256 label Router1.cisco.com
-
Create a local trustpoint to gain a certificate from the CA.
crypto pki trustpoint ecdh enrollment terminal revocation-check none eckeypair Router1.cisco.com
Note: Since the CA was offline, we disabled revocation checks. Revocation checks should be enabled for maximum security in a production environment.
-
Authenticate the trustpoint (this obtains a copy of the CA’s certificate that contains the public key).
crypto pki authenticate ecdh
-
Enter the base 64 encoded certificate of the Certificate Authority at the prompt. Enter quit and then enter yes to accept.
-
Enroll the router into the PKI on the CA.
crypto pki enrol ecdh
-
The output displayed is used to submit a certificate request to the CA. For the Microsoft CA, connect to the web interface of the CA and select Submit a certificate request.
-
Import the certificate received from the CA into the router. Enter quit once the certificate is imported.
crypto pki import ecdh certificate
Configuration
The configuration provided below is for Router1. Router2 requires a mirror of the configuration with just the IP addresses on the tunnel interface being unique.
-
Create a certificate map to match the certificate of the peer device.
crypto pki certificate map certmap 10 subject-name co cisco.com
-
Configure the IKEv2 proposal for Suite B.
crypto ikev2 proposal default encryption aes-cbc-128 integrity sha256 group 19
Note: IKEv2 Smart Defaults implements a number of preconfigured algorithms within the default IKEv2 proposal. As aes-cbc-128 and sha256 is required for suite Suite-B-GCM-128, you need to remove aes-cbc-256, sha384, and sha512 within these algorithms. The reason is that IKEv2 chooses the strongest algorithm when presented with a choice. For maximum security, use aes-cbc-256 and sha512. However, this is not required for Suite-B-GCM-128. In order to view the configured IKEv2 proposal, enter the show crypto ikev2 proposal command.
-
Configure the IKEv2 profile to match the certificate map and use ECDSA with the trustpoint defined earlier.
crypto ikev2 profile default match certificate certmap identity local dn authentication remote ecdsa-sig authentication local ecdsa-sig pki trustpoint ecdh
-
Configure the IPsec transform to use GCM.
crypto ipsec transform-set ESP_GCM esp-gcm mode transport
-
Configure the IPsec profile with the parameters configured earlier.
crypto ipsec profile default set transform-set ESP_GCM set pfs group19 set ikev2-profile default
-
Configure the tunnel interface.
interface Tunnel0 ip address 172.16.1.1 255.255.255.0 tunnel source Gigabit0/0 tunnel destination 10.10.10.2 tunnel protection ipsec profile default
Verify
Use this section to confirm that your configuration works properly.
The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.
-
Verify that the ECDSA keys were successfully generated.
Router1#show crypto key mypubkey ec % Key pair was generated at: 04:05:07 JST Jul 6 2012 Key name: Router1.cisco.com Key type: EC KEYS Storage Device: private-config Usage: Signature Key Key is not exportable. Key Data: 30593013 06072A86 48CE3D02 0106082A 8648CE3D 03010703 4200048F 2B0B5B5E (...omitted...)
-
Verify that the certificate was successfully imported and that ECDH is used.
Router1#show crypto pki certificates verbose ecdh Certificate Status: Available Version: 3 Certificate Serial Number (hex): 6156E3D5000000000009 (...omitted...)
-
Verify that the IKEv2 SA was successfully created and uses the Suite B algorithms.
Router1#show crypto ikev2 sa IPv4 Crypto IKEv2 SA Tunnel-id Local Remote fvrf/ivrf Status 1 10.10.10.1/500 10.10.10.2/500 none/none READY Encr: AES-CBC, keysize: 128, Hash: SHA256, DH Grp:19, Auth sign: ECDSA, Auth verify: ECDSA Life/Active Time: 86400/20 sec -
Verify that the IKEv2 SA was successfully created and uses the Suite B algorithms.
Router1#show crypto ipsec sa interface: Tunnel0 Crypto map tag: Tunnel0-head-0, local addr 10.10.10.1 (...omitted...) local crypto endpt.: 10.10.10.1, remote crypto endpt.: 10.10.10.2 plaintext mtu 1466, path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0/0 current outbound spi: 0xAC5845E1(2891466209) PFS (Y/N): N, DH group: none inbound esp sas: spi: 0xAEF7FD9C(2935487900) transform: esp-gcm , in use settings ={Transport, } conn id: 6, flow_id: SW:6, sibling_flags 80000000, crypto map: Tunnel0-head-0 sa timing: remaining key lifetime (k/sec): (4341883/3471) IV size: 8 bytes replay detection support: N Status: ACTIVE(ACTIVE)
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Conclusion
The efficient and strong cryptographic algorithms defined in Next-Generation Encryption give long-term assurance that data confidentially and integrity is provided and maintained at a low cost to process. Next-Generation Encryption can easily be implemented with FlexVPN, which provides Suite B standard cryptography.
Further information on Cisco’s implementation of Suite B can be found at Next-Generation Encryption.
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.