The goal of IPSec is to protect the desired data with the necessary security
and algorithms
. The operation
of IPSec can be broken down into five primary steps:
- Interesting traffic initiates the IPSec process. Traffic is deemed
interesting when a packet triggers an access list that defines traffic to be
protected.
- During IKE Phase One, IKE authenticates IPSec peers and negotiates IKE SAs,
setting up a secure communications channel for negotiating IPSec SAs in phase
two.
- During IKE Phase Two, IKE negotiates IPSec SA parameters and sets up
matching IPSec SAs in the peers. These security parameters are used to protect
data and messages exchanged between endpoints.
- During the data transfer phase, data is transferred between IPSec peers
based on the IPSec parameters and keys stored in the SA database.
- During IPSec tunnel termination, IPSec SAs terminate through deletion or by
timing out.
The events within an IKE session happen in following order.
In
IKE Phase One, in main or aggressive mode, the peers will:
- Negotiate an IKE protection suite
- Authenticate each other
- Exchange keying material to protect the IKE session
- Establish the IKE SA
Then in IKE Phase Two, in quick mode, peers:
- Negotiate IPsec policies
- Exchange keying material of IPsec SAs
- Establish IPsec SAs
IKE Phase One runs in main or aggressive mode. The mode used is
implementation and situation dependent. The purpose of IKE Phase One is the
negotiation of an IKE protection suite, the authentication of peers, the
exchange of keying material to protect the IKE session, and finally the
establishment of an IKE SA, which defines the parameters of the secure IKE
channel.
The IKE main mode is the first mode that negotiates protection
suites between peers. ISAKMP uses six messages to establish the IKE SA. These
messages include SA negotiation, a Diffie-Hellman key exchange, and the
authentication of peers. IKE main mode hides the identity of IKE peers from
eavesdroppers, and can use the protocol’s negotiation capabilities to the
fullest.
Like the IKE main mode, the IKE aggressive mode negotiates
protection suites between peers. The major difference between the main and the
aggressive mode is that the aggressive mode takes half the number of messages
as the main mode and consequently offers less negotiating flexibility for the
IKE session protection. The initiating peer proposes a list of policies, and
the responder accepts a policy or rejects the offers with no further
negotiation of protection details. The aggressive mode does protection suite
negotiation, authentication of peers, and generates keying material as the main
mode does, but because of limited capabilities it does not provide peer
identity protection. For example, an eavesdropper can determine the identity of
negotiating peers. Because only three messages are needed to establish IKE SA,
an IKE aggressive mode exchange is also much faster than an IKE main mode
exchange. It is used mainly when security policies are well known on both
peers, and there is no need to use the full IKE negotiation capabilities to
establish an IKE SA as quickly as possible.
IKE Phase Two is used to
negotiate and establish SAs of other protocols, such as AH and ESP for IPSec,
Phase Two needs an established IKE SA, produced in IKE Phase One to protect the
IKE session, to operate, and only operates in one defined mode, the quick mode.
The IKE initiator presents a list of IPSec policy proposals and the IKE
responder chooses an acceptable proposal according to its locally defined
policy. When the policy between peers is agreed upon, the keying material is
agreed upon, and IPsec SAs are established.
IKE quick mode is quite fast,
with almost no noticeable delay associated with it and if no Perfect Forward
Secrecy (PFS) functionality is used with IPsec. Once an IKE SA is in place only
quick mode exchanges are used to negotiate additional IPsec SAs or to rekey
established IPsec SAs when they are about to expire.