IPsec Security

Overview

IPsec is a suite of protocols used to secure IP networks by allowing two devices to establish an IPsec tunnel to securely transmit data. IPsec takes the following measures to enhance security:

Anti-spoofing
In IPsec VPN access scenarios, a device uses the IKE negotiation-based authentication mechanism to prevent peer spoofing. This is because IKE provides the pre-shared key authentication function, which means that IKE negotiation is only successful if the pre-shared key used for peer access is the same as the pre-shared key configured on the local device.

IKE supports RSA digital certificate authentication. In case of peer access, the local device verifies the legitimacy and validity of the certificate through the CA server and uses the certificate private key to sign IKE packets, preventing peer spoofing.
Anti-repudiation
The device records details about the VPN tunnel up and down time and the statistics about sent and received packets for future auditing and fault locating.
DLP and anti-tampering
IPsec is an open security protocol suite defined by the IETF to secure data transmission using source authentication, data encryption, and data integrity protection at the network layer. When deploying IPsec, you can select the integrity and encryption algorithms for data transmission based on the service requirements and use Encapsulating Security Payload (ESP), Authentication Header (AH), or both to prevent data tampering and data leaks. In the case of IPsec VPN access, the device regularly updates keys based on time and packet count to minimize the possibility of key leaks.
Defense against DoS attacks
In the case of IPsec peer access, an attacker can send a large number of VPN establishment requests with varying IP addresses to the gateway. These half-open IKE sessions occupy a large number of system resources on the device. And as a result, the device cannot provide access services for normal users. IKEv2 supports control over half-open connections, so that when the number of half-open connections reaches a specified value, the device rejects access requests from new peers and instructs peers to use specified cookies for tunnel negotiation, preventing access attacks.

The device provides server authentication and supports IKEv2 EAP user access. The servers supporting EAP (such as the RADIUS server) can authenticate such users.

IPSec EAP authentication is protected by IKE encryption, which ensures authentication security. After a user logs in, the data to be transmitted is encrypted by an IPSec tunnel, which prevents data leaks and tampering.

For details on how to deploy IPSec, see section Configuration Guide > VPN > IPSec.

Impact on the System

None

Procedure

Configure an IKE proposal.
A default IKE proposal named Default has the lowest priority and default parameter settings. For the default settings of the default IKE proposal and a new IKE proposal, see "Default Settings for IPSec" in Configuration Guide > VPN > IPsec. If the default parameter settings cannot meet the security requirements, set the parameters based on actual requirements.

The following configurations are performed in the IKE proposal view.
- Configure an authentication method.
```
authentication-method { pre-share | rsa-signature | digital-envelope [ version 2.0 ] }
```
  By default, an IKE proposal uses pre-shared key authentication.
  
  In IKE negotiation, the authentication methods in the IKE proposals used by the IKE peers on both ends must be the same. Otherwise, IKE negotiation fails.
  - If pre-share is configured, the authentication method is pre-shared key authentication. In this case, you need to run the pre-shared-key command to specify the pre-shared key.
  - If rsa-signature is configured, the authentication method is RSA digital signature certificate authentication.
  - If digital-envelope version 2.0 is configured, the authentication method is SM2 digital envelope authentication.
- Configure the authentication algorithm used in IKEv1 negotiation.
```
authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 | sm3 }^*
```
  By default, the SHA2-256 authentication algorithm is used for IKEv1 negotiation.
  
  An authentication algorithm must be configured for IKEv1 negotiation. The following authentication algorithms are listed in descending order of security level: SM3 > SHA2-512 > SHA2-384 > SHA2-256 > SHA1 > MD5.
  
  SM3 can deliver high confidentiality and security, but the processing time is long. To meet general security requirements, using SHA2-256, SHA2-384, or SHA2-512 is recommended. MD5 and SHA1 are less secure and therefore not recommended.
- Configure the encryption algorithm used in IKE negotiation.
```
encryption-algorithm { des | 3des | aes-128 | aes-192 | aes-256 | sm4 }^*
```
  By default, the AES-256 encryption algorithm is used for IKE negotiation.
  
  The following encryption algorithms are listed in descending order of security level: SM4 > AES-256 > AES-192 > AES-128 > 3DES > DES.
  
  SM4 can deliver high confidentiality and security, but the processing time is long. 3DES and DES are less secure and therefore not recommended.
- Configure the DH group used in IKE negotiation.
```
dh { group1 | group2 | group5 | group14 | group15 | group16 | group18 | group19 | group20 | group21 | group24 }^*
```
  By default, the DH group used in IKE negotiation is Group 14.
  
  The following DH groups are listed in descending order of security level: Group 24 > Group 21 > Group 20 > Group 19 > Group 18 > Group 16 > Group 15 > Group 14 > Group 5 > Group 2 > Group 1.
  
  Among these DH groups, Group 1, Group 2, and Group 5 have security risks and are not recommended for use.
- Configure the pseudo-random function (PRF) algorithm used in IKEv2 negotiation.
```
prf { aes-xcbc-128 | hmac-md5 | hmac-sha1 | hmac-sha2-256 | hmac-sha2-384 | hmac-sha2-512 }^*
```
  By default, the HMAC-SHA2-256 PRF algorithm is used for IKEv2 negotiation.
  
  HMAC-MD5 and HMAC-SHA1 are not recommended because they cannot meet security requirements.
  
  The authentication algorithms for IKE proposals are listed in descending order of security level as follows: HMAC-SHA2-512 > HMAC-SHA2-384 > HMAC-SHA2-256 > AES-XCBC-128 > HMAC-SHA1 > HMAC-MD5.
  
  HMAC-MD5 and HMAC-SHA1 are less secure and therefore not recommended.
- Configure the integrity algorithm used in IKEv2 negotiation.
```
integrity-algorithm { aes-xcbc-96 | hmac-md5-96 | hmac-sha1-96 | hmac-sha2-256 | hmac-sha2-384 | hmac-sha2-512 }^*
```
  By default, the HMAC-SHA2-256 integrity algorithm is used for IKEv2 negotiation.
  
  The following integrity algorithms are listed in descending order of security level: HMAC-SHA2-512 > HMAC-SHA2-384 > HMAC-SHA2-256 > AES-XCBC-96 > HMAC-SHA1-96 > HMAC-MD5-96.
Configure an IPsec proposal.
An IPsec proposal, as part of an IPsec policy or an IPsec profile's IPsec SA, defines security parameters for IPsec SA negotiation, including the security protocol, encryption and authentication algorithms, and data encapsulation mode. Devices on both ends of an IPsec tunnel need to have the same security parameters configured.

If the default parameter settings cannot meet security or other requirements, set the parameters based on actual requirements.

The following configurations are performed in the IPsec proposal view.
- Configure an IPsec security protocol.
```
transform { ah | esp | ah-esp }
```
  By default, IPsec uses ESP as its security protocol.
  
  ah-esp indicates that both AH and ESP are used. By default, AH is used for authentication and ESP is used for encryption. In this case, transmitted packets are first encapsulated using ESP and then AH.
- Configure the authentication algorithm for AH.
  When IPsec uses AH, you can configure only the authentication algorithm used by AH, because AH supports only authentication, not encryption.
```
ah authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 | sm3 }^*
```
  By default, AH uses the SHA2-256 authentication algorithm.
  
  SM3 can meet high confidentiality and security requirements, but it takes a relatively long processing time. For general security requirements, authentication algorithms SHA2-256, SHA2-384, and SHA2-512 are recommended, and authentication algorithms MD5 and SHA1 are not recommended.
- Configure the authentication algorithm for ESP.
  When IPsec uses ESP, you can configure the encryption and authentication algorithms for ESP as required, because ESP supports both authentication and encryption.
```
esp authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 | sm3 }^*
```
  By default, ESP uses the SHA2-256 authentication algorithm.
  
  SM3 can meet high confidentiality and security requirements, but it takes a relatively long processing time. For general security requirements, authentication algorithms SHA2-256, SHA2-384, and SHA2-512 are recommended, and authentication algorithms MD5 and SHA1 are not recommended.
- Configure the encryption algorithm for ESP.
  When IPsec uses ESP, you can configure the encryption and authentication algorithms for ESP as required, because ESP supports both authentication and encryption.
```
esp encryption-algorithm { des | 3des | aes-128 | aes-192 | aes-256 | aes-128-gcm-128 | aes-192-gcm-128 | aes-256-gcm-128 | aes-128-gmac | aes-192-gmac | aes-256-gmac | sm4 }^*
```
  By default, ESP uses the AES-256 encryption algorithm.
  
  SM4 can meet high confidentiality and security requirements, but takes a relatively long processing time. For general security requirements, encryption algorithms AES-256, AES-192, AES-128, AES-256-GCM-128, AES-192-GCM-128, AES-128-GCM-128, AES-256-GMAC, AES-192-GMAC, and AES-128-GMAC are recommended, and 3DES and DES are not recommended.
- Disable ESP encryption.
```
undo esp encryption-algorithm
```
  You can configure ESP to perform either encryption or authentication, or both on packets.
Set identity authentication parameters.
- In pre-shared key authentication mode, configure a pre-shared key.
```
pre-shared-key [ key ]
```
- In RSA digital signature authentication mode, specify the local certificate used by the local device.
```
certificate local-filename filename
```
- In digital envelope authentication mode, configure a PKI-encrypted domain and a PKI-signed domain for IKE peers.
```
encryption-certificate pki realm realm-name
signature-certificate pki realm realm-name
```
In IKEv2 redirection scenarios, configure the authentication key for IKEv2 redirection packets. All members of the load balancing group must use one authentication key.
```
system-view
loadgroup group-name
authentication-key authentication-key
```
When member gateways send load information to the master gateway, the master gateway uses the authentication key to authenticate member gateways.

Checking the Security Hardening Result

Run the display ike proposal [ number proposal-number | default ] [ slot slot-id cpu cpu-id ] command to check the IKE proposal configuration.
Run the display ipsec proposal [ brief | name proposal-name ] [ slot slot-id cpu cpu-id ] command to check the IPsec proposal configuration.
Run the display ike peer [ brief | name peer-name ] [ slot slot-id cpu cpu-id ] command to check the IKE peer configuration.