VPN - Huawei Enterprise
Huawei AR1200-S Series Enterprise Routers
V200R002C00
Feature Description - VPN
Issue
02
Date
2012-03-30
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2012. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address:
Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
[email protected]
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
About This Document
About This Document
Intended Audience
This document describes the principle of VPN features of the AR1200-S and provides references
about VPN.
This document is intended for:
l
Network planning engineers
l
Commissioning engineers
l
Data configuration engineers
l
System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Issue 02 (2012-03-30)
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
TIP
Indicates a tip that may help you solve a problem or save
time.
NOTE
Provides additional information to emphasize or supplement
important points of the main text.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ii
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
About This Document
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Optional items are grouped in braces and separated by
vertical bars. One item is selected.
[ x | y | ... ]
Optional items are grouped in brackets and separated by
vertical bars. One item is selected or no item is selected.
{ x | y | ... }*
Optional items are grouped in braces and separated by
vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]*
Optional items are grouped in brackets and separated by
vertical bars. Several items or no item can be selected.
&<1-n>
The parameter before the & sign can be repeated 1 to n times.
#
A line starting with the # sign is comments.
Change History
Changes between document issues are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Changes in Issue 02 (2012-03-30)
Based on issue 01 (2011-12-30), the document is updated as follows:
The following information is modified:
l
3.3 Availability
l
4.3 Availability
l
5.3 Availability
Changes in Issue 01 (2011-12-30)
Initial commercial release.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
Contents
Contents
About This Document.....................................................................................................................ii
1 GRE..................................................................................................................................................1
1.1 Introduction to GRE...........................................................................................................................................2
1.2 References..........................................................................................................................................................2
1.3 Availability.........................................................................................................................................................2
1.4 Principles............................................................................................................................................................3
1.4.1 Security Mechanism of GRE.....................................................................................................................6
1.4.2 Keepalive Detection..................................................................................................................................7
1.4.3 Comparison Between Protocols.................................................................................................................8
1.5 GRE Applications...............................................................................................................................................8
1.5.1 Enlarging the Operation Scope of the Network with Limited Hops.........................................................8
1.6 Terms and Abbreviations....................................................................................................................................9
2 L2TP................................................................................................................................................10
2.1 L2TP Overview................................................................................................................................................11
2.1.1 Introduction to VPDN.............................................................................................................................11
2.1.2 Background of L2TP...............................................................................................................................12
2.1.3 Basic Concepts of L2TP..........................................................................................................................13
2.1.4 Features of L2TP.....................................................................................................................................15
2.2 References........................................................................................................................................................16
2.3 Availability.......................................................................................................................................................16
2.4 Principles of L2TP............................................................................................................................................16
2.4.1 Architecture of L2TP...............................................................................................................................16
2.4.2 L2TP Header............................................................................................................................................17
2.4.3 Structure of an L2TP Packet....................................................................................................................18
2.4.4 Establishment of the Control Connection and Session Connection........................................................19
2.4.5 Tunnel Authentication.............................................................................................................................22
2.4.6 Establishment of L2TP Tunnel Session...................................................................................................23
2.4.7 User Authentication Mode of the LNS....................................................................................................25
2.5 Applications of L2TP.......................................................................................................................................26
2.5.1 Three Typical L2TP Tunnel Modes........................................................................................................26
3 IPSec...............................................................................................................................................29
3.1 Introduction to IPSec........................................................................................................................................30
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iv
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
Contents
3.2 References........................................................................................................................................................31
3.3 Availability.......................................................................................................................................................32
3.4 Principles..........................................................................................................................................................32
3.4.1 Basic Concepts of IPSec..........................................................................................................................32
3.4.2 IKE...........................................................................................................................................................35
3.4.3 IPSec Implementation..............................................................................................................................40
3.4.4 IPSec Tunnel Setup in IKE Mode...........................................................................................................41
3.4.5 Traffic Protection for Tunnel Interfaces..................................................................................................42
3.4.6 NAT Traversal in IPSec..........................................................................................................................42
3.4.7 IPSec Efficient VPN................................................................................................................................43
3.5 Applications......................................................................................................................................................45
3.5.1 Secure Communication Between Sites....................................................................................................45
3.5.2 Secure Communication Between a Remote Site and the Enterprise Headquarters.................................46
3.5.3 GRE over IPSec.......................................................................................................................................47
3.6 Terms and Abbreviations..................................................................................................................................47
4 DSVPN..........................................................................................................................................48
4.1 Introduction to DSVPN....................................................................................................................................49
4.2 References........................................................................................................................................................49
4.3 Availability.......................................................................................................................................................50
4.4 Principles..........................................................................................................................................................51
4.4.1 Routing Plans...........................................................................................................................................51
4.4.2 Multipoint GRE.......................................................................................................................................51
4.4.3 NHRP.......................................................................................................................................................52
4.4.4 DSVPN Reliability..................................................................................................................................54
4.5 Applications......................................................................................................................................................54
4.5.1 Branches Learn Routes from Each Other................................................................................................54
4.5.2 Branches Have Only Summarized Routes to the Central Office.............................................................56
4.5.3 NAT Traversal.........................................................................................................................................57
4.6 Terms, Acronyms, and Abbreviations..............................................................................................................58
5 SSL VPN........................................................................................................................................59
5.1 Introduction to SSL VPN.................................................................................................................................60
5.2 References........................................................................................................................................................60
5.3 Availability.......................................................................................................................................................60
5.4 Principles..........................................................................................................................................................61
5.4.1 SSL..........................................................................................................................................................61
5.4.2 HTTPS.....................................................................................................................................................67
5.4.3 Roles of Users and Devices.....................................................................................................................68
5.4.4 Internal Resource Access Process...........................................................................................................69
5.4.5 SSL VPN Service....................................................................................................................................70
5.5 Application.......................................................................................................................................................74
5.5.1 Multi-User Remote Access......................................................................................................................74
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
v
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
Contents
5.6 Terms, Acronyms, and Abbreviations..............................................................................................................74
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vi
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
1 GRE
1
GRE
About This Chapter
1.1 Introduction to GRE
1.2 References
1.3 Availability
1.4 Principles
1.5 GRE Applications
1.6 Terms and Abbreviations
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
1 GRE
1.1 Introduction to GRE
Definition
Generic Routing Encapsulation (GRE) encapsulates packets of some network layer protocols so
that the packets can be transmitted over an IPv4 network.
GRE provides a mechanism to encapsulate packets of a protocol into packets of another protocol.
This allows packets to be transmitted over heterogeneous networks. A channel for transmitting
heterogeneous packets is called a tunnel.
Purpose
To enable packets of some network layer protocols to be transmitted over an IPv4 network, GRE
is introduced to encapsulate the packets. This solves the transmission problem on heterogeneous
networks.
GRE also serves as a Layer 3 tunneling protocol on Virtual Private Networks (VPNs), and
provides tunnels to transparently transmit VPN packets.
1.2 References
The following table lists the references of this document.
Document
Description
Remarks
RFC 1701
Generic Routing Encapsulation
(GRE)
-
RFC 1702
Routing Encapsulation over IPv4
networks
-
1.3 Availability
Involved Network Element
None.
License Support
This feature can be used without a license.
Version Support
Issue 02 (2012-03-30)
Product
Earliest Software Version
AR1200-S
V200R001C01
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
1 GRE
1.4 Principles
When a device receives a packet of a network layer protocol that needs to be encapsulated and
routed, it adds a GRE header to the packet and encapsulates it into another protocol such as IP.
The packet is then forwarded by the IP protocol. Figure 1-1 shows the format of the encapsulated
GRE packet.
Figure 1-1 Format of the encapsulated GRE packet
Delivery Header
GRE Header
Payload Packet
Transport Protocol
Carrier Protocol /
Encapsulation Protocol
Passenger Protocol
l
Payload: packet received by the system, which needs to be encapsulated and routed.
l
Passenger protocol: It indicates the packet protocol before encapsulation.
l
Encapsulation protocol: It indicates the protocol used to encapsulate passenger protocol
packets. It is also called the carrier protocol.
l
Transport protocol or delivery protocol: a protocol that is responsible for forwarding the
encapsulated packets.
GRE Header
Figure 1-2 shows the format of a GRE header.
Figure 1-2 GRE header
Bit: 0 1 2 3 4
15
7
12
C 0 K 0 0 Recursion Flags Version
Checksum ( optional )
Key ( optional )
Protocol Type
0
31
The meaning of each field is as follows:
l
C: indicates the Checksum bit. If it is set to 1, the Checksum field is present in the GRE
header; if it is set to 0, the GRE header does not contain the Checksum field.
l
K: indicates the Key bit. If it is set to 1, the Key field is present in the GRE header; if it is
set to 0, the GRE header does not contain the Key field.
l
Recursion: indicates the number of times that a packet is encapsulated by GRE. This field
increases by one after each encapsulation. If the number of encapsulations is greater than
3, the packet is discarded. This field is used to prevent the packet from being encapsulated
infinitely.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
1 GRE
NOTE
l According to RFC 1701, the default value of the field is 0.
l According to RFC 2784, no errors will occur if the field value on the transmit end is different
from that on the receive end, and the receive end must ignore the field.
l The field is only used to indicate the number of times that a packet is encapsulated by GRE.
When GRE decapsulates a packet, it does not sense the field and this will not affect packet
processing.
l
Flags: indicates the reserved field. At present, it must be set to 0.
l
Version: indicates the version number. It must be set to 0. Version number 1 is used by
PPTP as defined in RFC 2637.
l
Protocol type: indicates the type of the passenger protocol.
l
Checksum: indicates the checksum of the GRE header and the payload.
l
Key: indicates the Key field. It is used by the receiver to authenticate the received packet.
In the device, the GRE header does not contain the Source Route field; therefore, Bit 1, Bit 3,
and Bit 4 are all set to 0.
Characteristics of GRE
GRE has the following characteristics:
l
Its mechanism is simple. CPUs at two ends of the tunnel have low burden.
l
GRE does not encrypt data by itself. Instead, IPSec is used to encrypt data.
l
GRE does not provide traffic control and QoS.
GRE Tunnel Interface
A tunnel interface is a point-to-point (P2P) virtual interface that is used for encapsulating packets.
Similar to a loopback interface, a tunnel interface is a logical interface.
Similar to other tunnel interfaces, a GRE tunnel interface consists of the following parameters:
l
Source address: indicates the source address of the packet transmission protocol. For the
network that transmits the encapsulated packet, the source address of the tunnel is the IP
address of the interface that sends the packet.
l
Destination address: indicates the destination address of the packet transmission protocol.
For the network that transmits the encapsulated packet, the destination of the tunnel is the
IP address of the interface that receives the packet. The destination address specified on
the local end of a tunnel is the IP address of the destination end of the tunnel.
l
IP address of the tunnel interface: To start a dynamic routing protocol on the tunnel
interface, or to use a static routing protocol to advertise the tunnel interface, you must assign
an IP address to the tunnel interface. The IP address of the tunnel interface may not be a
public network address, but an IP address borrowed from another interface to save IP
addresses. When the tunnel interface, however, borrows an IP address, the dynamic routing
protocol cannot be started on the interface because the tunnel interface itself does not have
an IP address. You must configure the static routing or policy-based routing to make devices
communicate.
l
Encapsulation type: The encapsulation type of the tunnel interface indicates the type of
encapsulating the packet on the tunnel interface. The two encapsulation types are GRE and
IPv4-IPv6. The encapsulation type is GRE for GRE tunnel interfaces.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
1 GRE
After the tunnel is set up successfully by manual configuration, the tunnel interface then can be
regarded as a physical interface. A dynamic routing protocol can be run and the static routing
can be configured on the tunnel interface.
Process of Transmitting Packets in a GRE Tunnel
The transmission of packets in a GRE tunnel can be divided into two processes: encapsulation
and decapsulation. For example, in the network shown in Figure 1-3, if the private network
packet is transmitted from the ingress PE to the egress PE, the encapsulation is performed on
the ingress PE and the decapsulation is performed on the egress PE.
Figure 1-3 Private network interconnection through GRE tunnels
Private
network
Private
network
IP public
network
GRE tunnel
Ingress PE
Egress PE
Encapsulation
After receiving a private network packet from the interface that is connected to the private
network, the ingress PE delivers the packet to the private network protocol module for
processing.
The private network protocol module checks the destination address field in the private network
packet header, searches the outgoing interface in the routing table or forwarding table of the
private network, and determines how to route this packet. If the outgoing interface is the tunnel
interface, the private network protocol module sends the packet to the tunnel module.
After receiving the packet, the tunnel module processes the packet as follows:
1.
Encapsulates the packet according to the protocol type of the Passenger packet and the Key
and Checksum parameters configured for the current GRE tunnel. That is, the tunnel
module adds a GRE header to the packet.
2.
Adds an IP header according to the configuration (assume that the transport protocol is the
IP protocol). The source address of this IP header is the source address of the tunnel; the
destination address of the IP header is the destination address of the tunnel.
3.
Delivers the packet to the IP module.
Based on the destination address in the IP header, the IP module searches the appropriate
outgoing interface in the public network routing table and sends the packet. Then, the
encapsulated packet is transmitted in this IP public network.
Decapsulation
The process of decapsulation is opposite to the process of encapsulation. After receiving the
packet from the interface that is connected to the public network, the egress PE analyzes the IP
header, and finds that itself is the destination of the packet and the Protocol Type field is 47,
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
1 GRE
which indicates that the protocol is GRE (refer to RFC 1701). Then the egress PE delivers the
packet to the GRE module for processing. The GRE module removes the IP header and the GRE
header, and learns from the Protocol Type field in the GRE header that the Passenger protocol
is the protocol run on the private network. Then the GRE module delivers the packet to this
protocol. This protocol forwards the packet as the ordinary packet.
1.4.1 Security Mechanism of GRE
GRE provides two types of security mechanisms as follows:
l
Checksum
l
Key Authentication
Checksum
Checksum indicates the end-to-end check on the encapsulated packet.
As defined in RFC 1701 (Genetic Routing Encapsulation), if the C bit in the GRE header is set
to 1, the checksum is valid. For details, see 1.4 Principles. The Checksum field is optional in
the GRE header. If the C bit is set to 1, the sender calculates the checksum according to the GRE
header and the payload, inserts the checksum to the Checksum field in the packet header, and
sends the packet containing the checksum to the peer. The receiver calculates the checksum of
the received packet and compares it with the checksum in the packet. If they are consistent, the
packet is further processed. Otherwise, the packet is discarded.
In actual applications, you can configure the checksum on the two ends of the tunnel as required
to determine whether to trigger the check function.
The received and sent packets are processed differently because the checksum configurations
are different. Simply speaking, the C bit in the GRE header determines whether to check the
checksum; the local configuration determines whether to calculate the checksum and insert it to
the packet. See Table 1-1 for details on checksum and packet processing.
Table 1-1 Checksum and packet processing
Local end
Peer end
Processing of the Received
Packet at the Local End
Processing of the Sent
Packet at the Local End
Checksum
configured
Checksum
not
configured
The C bit in the received packet
is 0. Thus, the checksum is
invalid and not checked.
The C bit in the sent packet is
1. Thus, the checksum is
calculated and inserted to the
Checksum field.
Checksum
not
configured
Checksum
configured
The C bit in the received packet
is 1. Thus, the checksum is valid
and then compared with the
checksum in the packet.
The C bit in the sent packet is
0. Thus, the checksum is not
calculated.
Key Authentication
Key authentication indicates the authentication on a tunnel interface. This security mechanism
can prevent the tunnel interface from incorrectly identifying and receiving the packets from other
devices.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
1 GRE
According to RFC 1701, if the K bit in the GRE header is set to 1, the Key field is inserted to
the GRE header. Both the receiver and the sender perform the key authentication on tunnels.
The Key field contains a four-byte value, which is inserted to the GRE header during packet
encapsulation. The Key field is used to identify the traffic in the tunnel. The packets of the same
traffic have the same Key field. When packets are decapsulated, the tunnel end identifies the
packets of the same traffic according to the Key field.
The authentication can be passed only when the Key fields set on both ends of the tunnel are
consistent. Otherwise, the packets are discarded. "Consistent" means that the Key field is not
set on both ends, or is set on both ends with the same value.
1.4.2 Keepalive Detection
Black Hole of GRE
The current GRE protocol does not have the function of link status detection. If the remote
interface is unreachable, the tunnel cannot immediately close the tunnel connection. As a result,
the source continuously forwards data to the peer. The peer, however, discards all the packets
because the tunnel is unreachable. The black hole of sending packets is thus generated.
Keepalive Detection
The device implements the link status detection function, that is, Keepalive detection, for GRE
tunnels. The Keepalive detection function is used to detect whether the tunnel link is in the
Keepalive state at any time, that is, whether the peer of the tunnel is reachable. If the peer is not
reachable, the tunnel is disconnected to prevent the black hole.
After the Keepalive function is enabled, the local end of the GRE tunnel periodically sends the
Keepalive detection packet to the peer. If the peer is reachable, the local end receives a reply
packet from the peer; otherwise, the local end cannot receive a reply packet.
NOTE
For GRE implemented in the device, one end of the tunnel has the Keepalive function as long as this end
is configured with the Keepalive function. The peer does not need to have the Keepalive function. If the
peer receives a Keepalive detection packet, it sends a replay packet to the local end, irrespective of whether
it is configured with the Keepalive function.
Unreachability Counter
After the Keepalive function is enabled, the source of a GRE tunnel creates a counter,
periodically sends the Keepalive detection packets, and counts the number of detection packets.
The number increases by one after each detection packet is sent.
The peer sends a reply packet to the source after receiving a detection packet.
If the source receives a reply packet before the counter value reaches the preset value, the source
considers that the peer is reachable. If the source does not receive a reply packet before the
counter reaches the preset value, that is, the retry times, the source considers that the peer is
unreachable. Then, the source closes the tunnel connection.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
1 GRE
1.4.3 Comparison Between Protocols
Comparison between GRE and IP
Protocol
Description
GRE
l Transmits packets in the multi-protocol local network through the
single-protocol backbone network.
l Enlarges the operation scope of the network where protocols
providing limited routing gateways are run.
l Connects some discontinuous sub-networks.
IP
Transmits packets only on the transmission network where IP is
supported.
1.5 GRE Applications
1.5.1 Enlarging the Operation Scope of the Network with Limited
Hops
Figure 1-4 Enlarging the network operation scope
IP network
IP network
IP network
Tunnel
PC
PC
As shown in Figure 1-4, the IP protocol is run on the network. Assume that the IP protocol limits
the hop count to 255. If the hop count between two PCs is greater than 255, the PCs cannot
communicate. When the tunnel is used in the network, a few hops are hidden. This enlarges the
scope of the network operation.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
1 GRE
1.6 Terms and Abbreviations
Terms
Terms
Description
GRE
GRE encapsulates packets of certain network layer protocols, and transmits them
by using another network layer protocol. GRE serves as a Layer 3 tunneling
protocol of VPNs, and provides a tunnel for transparently transmitting VPN
packets.
Abbreviations
Issue 02 (2012-03-30)
Abbreviation
Full Spelling
GRE
Generic Routing Encapsulation
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
2
L2TP
About This Chapter
This chapter describes the basic concepts, fundamentals, and application of L2TP.
2.1 L2TP Overview
This section describes the features and related concepts of VPDN and L2TP.
2.2 References
2.3 Availability
2.4 Principles of L2TP
This section describes the implementation principles and establishment process of L2TP.
2.5 Applications of L2TP
This section describes several networking scenarios of L2TP.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
2.1 L2TP Overview
This section describes the features and related concepts of VPDN and L2TP.
2.1.1 Introduction to VPDN
VPDN Overview
The Virtual Private Dial-up Network (VPDN) is used to implement VPNs through the dial-up
function of public networks (such as ISDN and PSTN) with the cooperation of access networks.
The VPDN provides access services for enterprises, small-scale Internet Service Providers
(ISPs), and mobile personnel.
The VPDN sets up a safe virtual private network over a public network for enterprises, adopting
a dedicated network encryption protocol. In this way, foreign offices of enterprises and staff
traveling on business can access the headquarters across the public network through the virtual
encrypted tunnel. Other users in the public network cannot access internal resources of the
enterprise network.
The VPDN tunneling protocols include various types, among which L2TP is used widely.
Implementation of VPDN
The two methods to implement the VPDN are as follows:
l
A Network Access Server (NAS) creates a channel with the VPDN gateway through the
tunneling protocol.
In this way, Point to Point Protocol (PPP) connections of users are extended to the
enterprise's gateway. The protocols available now are Layer 2 Forwarding (L2F) and L2TP.
For details of L2F, refer to FEC 2341.
The advantages of this method are as follows: It is transparent to users.
– Users can access the enterprise network by a single login.
– The enterprise network authenticates users and assigns addresses without occupying
public addresses.
– Users can access networks from various kinds of platforms.
The requirements of this method are as follows:
– The NAS must support the VPDN protocol.
– The authentication system must support VPDN attributes.
– A router or VPN dedicated server must serve as the gateway.
Figure 2-1 shows a typical networking diagram of the VPDN created by using L2TP.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
Figure 2-1 L2TP created between the NAS and the enterprise gateway
Staff on
business
trip
Enterprise
gateway
NAS
PSTN
/ISDN
Internet
L2TP tunnel
Internal
server
Remote branch
l
A tunnel is created between the client and the VPDN gateway.
As shown in Figure 2-2, the client first sets up a connection with the Internet. Then it sets
up a channel connection with the gateway through the dedicated client software (such as
the L2TP client supported by Windows 2000).
Figure 2-2 L2TP created between the client and the VPDN gateway
Internet
PC
Enterprise
gateway
nel
Tun
Internal
server
The advantages of this method are as follows:
– The method that is used by the user and the place where the user is located are not
restricted.
– The ISP is not required.
Users can select either of the preceding two methods based on the information security.
When requiring high security, users can use the IPSec protocol on the network layer on the
basis of L2TP.
The disadvantage is that users must install the dedicated software, which can run on the
specific platform.
2.1.2 Background of L2TP
PPP defines a kind of encapsulation technology that can transmit multi-protocol packets over
Layer 2 point-to-point (P2P) links. PPP runs between users and the NAS.
L2TP is used to transmit PPP packets over a tunnel. L2TP extends the PPP model because L2TP
keeps the Layer 2 link endpoint and PPP connection point on different devices and shares
information through the packet switching technology.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
L2TP helps set up a PPP connection on the non-P2P network. L2TP combines the advantages
of L2F and PPTP, and is considered as an industry standard of L2TP defined by the IETF. For
more information on L2TP, refer to RFC 2661 (Layer Two Tunneling Protocol "L2TP").
2.1.3 Basic Concepts of L2TP
Client
In the L2TP networking model, a client is a device that must log into the private network (such
as a PC). A VPDN client features the unfixed access mode and location. A client can be connected
to the L2TP Access Concentrator (LAC) through the PSTN or ISDN. Alternatively, a client can
access the Internet to directly set up a connection with the headquarters server.
A client is the end device that initiates PPP negotiation. The client acts as both the end of the
PPP Layer 2 link and the end of the PPP connection.
LAC
An LAC is a device with the PPP end system and L2TP processing function in the switching
network. The LAC is usually an access device of the local ISP, such as the NAS that provides
access services for users through the PSTN or ISDN.
An LAC isolates user data from other data streams through the L2TP tunnel and PPP connection.
The LAC provides services for a specified VPN or multiple VPNs.
As shown in Figure 2-3, the LAC lies between the LNS and remote system (remote users and
remote branches).
Figure 2-3 VPDN model created by using L2TP
Remote user
LAC
PSTN/
ISDN
Internet
backbone
L2TP tunnel
LNS
NAS
Remote branch
Internal server
The LAC transmits data between the LNS and the remote system as follows: The LAC
encapsulates data received from the remote system based on L2TP, sends data to the LNS,
decapsulates the data received from the LNS, and sends it to the remote system.
A local connection or PPP link is often set up between the LAC and the remote system. A PPP
link is always involved in VPDN applications. The LAC directly accepts the incoming call,
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
namely, one side of the PPP Layer 2 link. An NAS can be combined with a client to form an
LAC endpoint, or it can serve as an LAC endpoint.
LNS
The LNS receives the PPP connection. Through the LNS authentication, the client can log in to
the private network to access private resources. As the other endpoint of an L2TP tunnel, the
LNS is a peer device of the LAC, which is the logical termination point of the PPP connection.
The LNS lies on the border between the private and public networks. It is often an enterprise
network gateway device. The network gateway implements the network access and LNS
functions. In addition, the LNS can implement the network address translation (NAT) function,
that is, the LNS translates the private IP address in the headquarter network to the public IP
address. The LNS can be placed in the enterprise network of the headquarters, or act as the
Provider Edge (PE) device of the IP public network.
Control Message and Data Message
The two types of messages used in L2TP are as follows:
l
Control message, also called tunnel connection, is used for the setup, maintenance, removal,
and transmission control of tunnels and sessions. During the transmission of control
messages, mechanisms such as loss retransmission and timing detection of the channel
connectivity are adopted. This ensures the transmission reliability of the L2TP layer and it
supports the traffic control and congestion control of control messages.
l
Data messages are used to encapsulate and transmit PPP frames over tunnels. The data
transmission is unreliable. If packets are lost, they cannot be retransmitted. Traffic control
and congestion control are not supported.
AVP
Parameters of control messages are expressed in the Attribute Value Pair (AVP). This ensures
the interoperability and expansibility of the protocols. A control message contains multiple
AVPs.
Control connection and session connection
L2TP is connection-oriented. The two kinds of connections between an LNS and LAC pair are
as follows:
l
Control connection: It defines an LNS and LAC pair, and controls the establishment,
maintenance and removal of tunnels and sessions. The setup process of the control
connection includes information exchange such as ID protection, L2TP version, frame type,
and hardware transmission type.
l
Session connection: It is multiplexed in a tunnel connection, and indicates a PPP connection
over the tunnel connection.
More than one L2TP tunnel can be set up between an LNS and LAC pair. A tunnel consists of
a control connection, and one or more session connections. Session connections are conducted
only after control connections are set up successfully. Each session connection corresponds to
a PPP data stream between the LAC and LNS.
Both control messages and PPP packets are transmitted over the tunnel.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
2.1.4 Features of L2TP
Advantages of L2TP
L2TP has the following advantages:
l
Flexible identity authentication mechanism and high security
– L2TP cannot ensure the connection security. It can utilize the authentication mechanism
(such as CHAP and PAP) provided by PPP. Thus, L2TP has all the security features of
PPP.
– L2TP works with IPSec to realize data security, which makes the data secure.
– According to the security requirements, L2TP uses a tunnel encryption technique and
end-to-end or application-layer data encryption scheme to improve data security.
l
Multi-protocol transmission
L2TP transmits PPP packets. In addition to the IP protocol, PPP can transmit multiprotocols. The packets of various protocols, including the carrying link layer protocol (such
as the Ethernet), are encapsulated in PPP packets.
l
RADIUS server authentication
The LAC sends the user name and password to the RADIUS server for authentication. The
RADIUS server is responsible for receiving the user authentication request and fulfilling
the request.
l
Private address allocation
Located behind the enterprise network firewall, the LNS dynamically allocates and
manages the addresses of remote users and supports the application of private addresses.
l
Flexible network charging
Charging can be simultaneously conducted on the LAC and LNS, namely, the ISP (for
generating bills) and enterprise gateway (for payment and audit). L2TP can provide
charging data such as transmitted data, bytes, start time, and end time of a connection. The
network charging is easily performed based on the data.
l
Reliability
L2TP supports the backup LNSs. When an active LNS is unreachable, the LAC reconnects
to the backup LNS. This improves the reliability and fault tolerance of VPN services.
Disadvantages of L2TP
L2TP has the following disadvantages:
l
The entire PPP frame is encapsulated in the L2TP tunnel. Then, it is encapsulated with the
User Datagram Protocol (UDP) header and IP header. This procedure involves a high cost,
and may lead to low transmission efficiency.
l
PPP connections pass the entire tunnel and terminate at the user device. This causes the
user gateway to store a great amount of PPP connection status and information. The system
load and expansibility are thus affected.
l
Because the PPP LCP and NCP negotiations are time sensitive, the decreased efficiency
causes PPP connections to time out.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
2.2 References
The following table lists the references of this document.
Document No.
Description
RFC 2661
Layer Two Tunneling Protocol "L2TP"
RFC 1918
Address Allocation for Private Internets
RFC 2809
Implementation of L2TP Compulsory Tunneling via RADIUS
RFC 2888
Secure Remote Access with L2TP
draft-ietf-l2tpext-l2tpbase-15
Layer Two Tunneling Protocol - Version 3 (L2TPv3)
draft-ietf-l2tpexttunnel-switching-07
PPP over L2TP Tunnel Switching
2.3 Availability
Involved Network Element
None.
License Support
This feature can be used without a license.
Version Support
Product
Earliest Software Version
AR1200-S
V200R002C00
2.4 Principles of L2TP
This section describes the implementation principles and establishment process of L2TP.
2.4.1 Architecture of L2TP
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
16
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
Figure 2-4 Architecture of L2TP
PPP frame
L2TP data message
L2TP control message
L2TP data channel (unreliable)
L2TP control channel (reliable)
Packet transmission network (UDP, ...)
Figure 2-4 describes the relationship among the PPP frame, control tunnel, and data tunnel. The
PPP frames are transmitted over an unreliable L2TP data tunnel. Control messages are
transmitted over a reliable L2TP control tunnel.
L2TP packets and control packets are forwarded in the form of UDP packets. Because data
messages are not retransmitted, reliability cannot be ensured. The traffic control and
retransmission mechanism are used to transmit control messages. This ensures a reliable
transmission. L2TP registers UDP port 1701, but this port is used only to set up initial tunnels.
The L2TP tunnel initiator randomly selects a free port (may not be 1701), and forwards packets
to port 1701 of the receiver. After receiving the packets, the receiver selects a free port randomly
(may not be 1701) and forwards packets again to a specified port of the forwarder. Thus, ports
of the two sides are selected, and remain unchanged during the tunnel connection.
2.4.2 L2TP Header
L2TP control messages and data messages use the same headers.
Figure 2-5 Format of an L2TP header
0
7
12
T L x x S x O P x x x x Ver
Tunnel ID
Ns (opt)
offset size (opt)
16
Length (opt)
Session ID
Nr (opt)
offset padding (opt)
31
The optional (opt) fields in the L2TP header mean that these fields are optional in data messages,
but mandatory in control messages.
Table 2-1 Description of the L2TP header field
Issue 02 (2012-03-30)
Field
Description
Value requirement
T
Indicates the type of message. The value 0
indicates a data message. The value 1
indicates a control message.
The value must be 1 in the
control message.
L
Indicates the Length field. The value 1
indicates that the Length field exists in the
header.
The value must be 1 in the
control message.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
17
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
Field
Description
Value requirement
x
Indicates the reserved bit.
-
S
Indicates the Sequence field. The value 1
indicates that the Ns and Nr fields exist in the
header.
The value must be 1 in the
control message.
O
The value 1 indicates that the offset size field
exists in the header.
The value must be 0 in the
control message.
P
Indicates the priority that is used for the data
message only.
The value must be 0 in the
control message.
Ver
Indicates the version number.
The value is 2 for L2TPv2.
Length
Indicates the overall length of the message,
in bytes.
-
Tunnel ID
Indicates the tunnel identifier that has local
significance only.
Hello control messages are
global and its Tunnel ID
must be set to 0.
Session ID
Indicates the session identifier that has local
significance only.
-
Ns
Indicates the sequence number of the current
message.
-
Nr
Indicates the sequence number of the next
control message to be received.
In the data message, Nr is
the reserved field.
offset size
Indicates the offset value, specifying the
location where the load data starts.
-
offset padding
Indicates the padding bit.
-
An L2TP header contains information on Tunnel ID and Session ID. Tunnel ID and Session ID
are allocated by the peer and used to identify different tunnels and sessions. The packets with
the same Tunnel ID and different Session IDs are multiplexed in one tunnel.
2.4.3 Structure of an L2TP Packet
When a user's PPP packets (with the source IP header and PPP header) are transmitted over the
public network in the form of IP packets, they carry the following protocol headers:
l
An L2TP header (occupies 16 bytes)
l
A UDP header (occupies 8 bytes)
l
A new IP header (occupies 20 bytes), indicating the source address and destination address
of the L2TP tunnel.
The format of the L2TP packet is shown in Figure 2-6.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
18
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
Figure 2-6 Format of an L2TP packet
20 bytes
New IP
header
8 bytes
16 bytes
2 bytes
20 bytes
UDP header L2TP header
PPP
header
Original IP
header
Data
After receiving a PPP packet, the LAC performs encapsulation as follows:
l
Encapsulates the L2TP header for the PPP packet.
l
Encapsulates the UDP header.
l
Encapsulates the new IP header and sends it from the interface that is connected to the
public network.
NOTE
L2TP by itself cannot conduct data fragmentation. It, however, conducts fragmentation when an IP packet
is encapsulated. To ensure that the packet is not fragmented, the size of the encapsulated packet must not
exceed the Maximum Transmission Unit (MTU) of the interface.
After receiving this packet from the interface connected to the public network, the LNS performs
the following process:
l
Removes the IP header and UDP header and sends the packet to the L2TP module.
l
L2TP removes the L2TP header and PPP header, converts this packet to an IP packet, and
sends this IP packet to the private network server.
2.4.4 Establishment of the Control Connection and Session
Connection
Message Packet
In the implementation of the AR1200-S, the establishment of control connection and session
connection involves the following message packets:
l
Start-Control-Connection-Request (SCCRQ) packet: It is used to request for control
connection with the peer.
l
Start-Control-Connection-Reply (SCCRP) packet: It is used to notify the peer that the local
end receives the peer SCCRQ packet and the control connection can be set up.
l
Start-Control-Connection-Connected (SCCCN) packet: It is used to notify the peer that the
local end receives the peer SCCRP packet and completes the tunnel establishment.
l
Stop-Control-Connection-Notification (StopCCN) packet: It is used to notify the peer to
remove the control connection and that the local end has cleared all active sessions and the
tunnel interface will be shut down. The StopCCN carries the reason that the control
connection at the transmitting end is removed.
l
Incoming-Call-Request (ICRQ) packet: It is sent by the LAC only. When the incoming call
request is detected, the LAC sends an ICRQ packet to the LNS, requesting for setting up
session connection. An ICRQ packet carries the session parameters.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
19
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
l
Incoming-Call-Reply (ICRP) packet: It is sent by the LAC only. When the ICRQ packet
is received from the LAC, the LNS replies with an ICRP packet, indicating that the session
connection can be set up.
l
Incoming-Call-Connected (ICCN) packet: It is sent by the LAC only. When the ICRP
packet is received from the LAC, the LNS replies with an ICCN packet indicating that the
LAC has replied to the incoming call and notifies the LNS to set up the session connection.
l
Call-Disconnect-Notify (CDN) packet: It is used to notify the peer to tear down the session
connection and why the session connection must be torn down.
l
Hello packet: It is used to detect the tunnel connectivity.
l
Zero-Length Body (ZLB) packet: If no message to be sent is available in the local queue,
the ZLB packet is sent to the peer. During the teardown of a session connection and a control
connection, sending the ZLB packet indicates that the StopCCN or CDN packet is received.
A ZLB packet contains the L2TP header only, and does not contain the payload.
The setup and teardown of a control connection contain the following process:
l
Establishment of a Control Connection
l
Establishment of a Session Connection
l
Maintenance of a Control Connection
l
Teardown of a Session Connection
l
Teardown of a Control Connection
Establishment of a Control Connection
A control connection must be set up before a session connection. The session connection can be
set up only when the control connection has been set up. The setup of the L2TP control
connection is shown in Figure 2-7.
Figure 2-7 Three-way handshake during the setup of the control connection
LAC
LNS
SCCRQ
SCCRP
SCCCN
ZLB
No messages waiting in queue
1.
If the routes between the LAC and LNS are mutually reachable, the LAC sets the AVP and
sends an SCCRQ packet to the LNS to request for setting up a control connection.
2.
The LNS receives the SCCRQ packet from the LAC. If the LNS agrees to set up a tunnel,
it sends an SCCRP packet to the LAC based on the AVP contained in the SCCRQ packet.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
20
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
3.
The LAC checks the received SCCRP packet, obtains the tunnel information, and sends an
SCCCN packet to the LNS. This indicates that the control connection is set up successfully.
4.
The LNS sends a ZLB packet to the peer when no message is available in the queue.
In the AR1200-S, run the display l2tp tunnel command to view the control connections
that are successfully set up on the local device.
Establishment of a Session Connection
After a control connection is set up successfully, a session connection must be set up once the
incoming call is detected. The session connection is different from the control connection
because it is directional. In the AR1200-S, the request for a session connection is initiated by
the LAC. The establishment of a session connection is shown in Figure 2-8.
Figure 2-8 Establishment of a session connection
LAC
Call Detected
LNS
ICRQ
ICRP
ICCN
ZLB ACK
No messages waiting in queue
The establishment of an L2TP session is triggered by PPP.
In the AR1200-S, run the display l2tp session command to view the session connections that
are successfully set up on the local device.
Maintenance of a Control Connection
L2TP uses the Hello packet to check the tunnel connectivity. The LAC and LNS periodically
send Hello packets to each other. If no Hello response packet is received by either of them, Hello
packets are sent repeatedly. If Hello packets are sent more than three times, the L2TP tunnel is
considered to be disconnected and the PPP connection between the LAC and LNS is removed.
Then, the tunnel must be set up again.
In the AR1200-S, the interval for sending Hello packets can be set manually. By default, the
interval is set to 60s. The LNS and LAC can be set with different Hello packet intervals.
Teardown of a Session Connection
Both the LNS and LAC can initiate the teardown of a session connection. The initiating end
notifies the peer to remove the session connection by sending a CDN packet to the peer. After
receiving this CDN packet, the peer replies with a ZLB Acknowledgement packet. The teardown
of a session connection initiated by the LAC is shown in Figure 2-9.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
21
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
Figure 2-9 Teardown of an L2TP session connection
LNS
LAC
CDN
ZLB ACK
Teardown of a Control Connection
Both the LNS and LAC can initiate the Teardown of a control connection. The initiating end
notifies the peer to remove the control connection by sending a StopCCN packet to the peer.
After receiving the StopCCN packet, the peer replies with a ZLB Acknowledgement packet.
The peer simultaneously maintains the control connection to prevent the ZLB Acknowledgement
packet from getting lost within a period. The teardown of a control connection initiated by the
LAC is shown in Figure 2-10.
Figure 2-10 Teardown of an L2TP control connection
LAC
LNS
StopCCN
ZLB ACK
2.4.5 Tunnel Authentication
Both tunnel authentication and tunnel establishment are performed simultaneously.
Tunnel authentication is performed as follows:
1.
When the LAC sends an SCCRQ packet to the LNS, a random string is generated as a local
CHAP Challenge field (in the SCCRQ packet) and it is sent to the LNS.
2.
After receiving the SCCRQ packet, the LNS generates a new string by using the CHAP
Challenge and the locally configured password. The LNS calculates a 16-byte Response
field by using the Message-Digest 5 (MD5) Algorithm. Simultaneously, a random string
(LNS Challenge field) is generated. Then, the LNS sends an SCCRP packet with the
Response field and LNS Challenge field.
3.
After receiving the SCCRP packet, the LAC authenticates the LNS as follows:
l It uses the CHAP Challenge field, locally configured password, and SCCRP packet,
and then a new string is generated.
l It calculates a 16-byte string by using the MD5.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
22
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
l It compares this 16-byte string with the LNS CHAP Response field in the SCCRP packet
from the LNS. If they match, the tunnel authentication is successful. Otherwise, the
tunnel authentication fails, and the tunnel is disconnected.
4.
If the tunnel authentication succeeds, the LAC sends an SCCCN packet with the CHAP
Response field to the LNS.
5.
After receiving the SCCCN packet, the LNS also authenticates the LAC as follows:
l It uses the local CHAP Challenge field, local password, and SCCCN packet and then a
new string is generated.
l It calculates a 16-byte string by using the MD5.
l Compares this 16-byte string with the LAC CHAP Response field in the SCCCN packet.
If they match, the tunnel authentication is successful. Otherwise, the tunnel is removed.
2.4.6 Establishment of L2TP Tunnel Session
Figure 2-11 shows the networking diagram of the L2TP tunnel.
Figure 2-11 Networking diagram of the L2TP tunnel
RADIUS Server
RADIUS Server
IP
IP
Network
PSTN/
ISDN
PC
Network
WAN
RouterA
LAC
PC
RouterB
LNS
PC
Figure 2-12 shows the establishment of the L2TP tunnel call with the tunnel authentication.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
23
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
Figure 2-12 Establishment of the L2TP tunnel call
LAC
RouterA
PC
LAC
LNS
RADIUS Server RouterB
LNS
RADIUS Server
(1) call setup
(2) PPP LCP setup
(3) PAP or CHAP
authentication
(4) access request
(5) access accept
(6) tunnel establish
(7) PAP or CHAP authentication
(challenge/response)
(8) authentication passes
(9) user CHAP response, PPP
negotiation parameter
(12) CHAP authentication twice(challenge/response)
(10) access request
(11) access accept
(13) access request
(15) authentication passes
(14) access accept
The establishment process is as follows:
1.
The client initiates the request for the call connection.
2.
The PC negotiates PPP LCP with the LAC (Router A).
3.
The LAC performs the PAP or CHAP authentication on the user information provided by
the PC.
4.
The LAC sends the authenticated information (the user name and password) to the RADIUS
server for authentication.
5.
The RADIUS server authenticates this user. If the authentication succeeds, the RADIUS
server replies to the LNS address of this user. Then, the LAC prepares to initiate the request
for a tunnel connection.
6.
The LAC initiates the tunnel connection request to the specified LNS.
7.
The LAC sends a CHAP challenge packet to the specified LNS. The LNS replies to the
challenge packet with a CHAP response packet. Then, the LAC replies to the challenge
packet with a CHAP response packet.
8.
The tunnel authentication is successful.
9.
The LAC transmits the user CHAP response, response identifier, and PPP negotiation
parameters to the LNS.
10. The LNS sends the access request packet to the RADIUS server for authentication.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
24
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
11. The RADIUS server authenticates the request packet. If the authentication is successful, a
response packet is returned.
12. If the user configures the forced local CHAP authentication on the LNS, the LNS
authenticates the user, and sends a CHAP challenge packet. Then, the user replies with a
CHAP challenge packet.
13. The LNS again sends the access request packet to the RADIUS server for authentication.
14. The RADIUS server authenticates the request packet. If the authentication succeeds, a
response packet is returned.
15. The authentication succeeds, and the user can access the internal resources.
2.4.7 User Authentication Mode of the LNS
The LNS authenticates the user twice. The first time is on the LAC, and the second time is on
the LNS. Only when the authentication is not configured on the corresponding Virtual Template
(VT) interface after the LCP renegotiation is enabled, the LNS does not authenticate the user
twice. Here, the user is authenticated only on the LAC. In other cases, authentications are
performed twice. The authentication mode "none" is also a type of authentication.
The LNS authenticates users in three ways: agent authentication, mandatory CHAP
authentication, and LCP renegotiation. Among these, the LCP renegotiation is of the first priority
and agent authentication is of the last priority.
LCP Renegotiation
The LCP renegotiation can be configured between the LNS and the user if the LNS requires
stricter authentication than the LAC, or the LNS needs to directly obtain certain information
from the user (This can happen when the LNS and LAC belong to different vendors). The LCP
renegotiation uses the authentication mode configured on the VT. Then, the agent authentication
information of the NAS is ignored.
Mandatory CHAP Authentication
If only mandatory CHAP authentication is configured, the LNS performs CHAP authentication
on the user. If the authentication fails, the session cannot be set up.
Agent Authentication
If neither LCP renegotiation nor mandatory CHAP authentication is configured, the LNS
performs agent authentication on the user.
In this case, the LAC sends all authentication information to the LNS from the user and
authentication mode configured on the LAC itself. Then, the LNS authenticates the user
information from the LAC.
For the NAS-initialized VPN service, a user performs PPP negotiation with the NAS when a
PPP connection starts. If the negotiation succeeds, the NAS initializes an L2TP tunnel connection
and transmits user information to the LNS. Then, the LNS check if the user is legal or not based
on the received agent authentication information.
If the authentication mode configured on the VT is CHAP, and the authentication mode
configured on the LAC is PAP when the LNS adopts agent authentication, the authentication
cannot succeed and sessions cannot be set up because the authentication level of CHAP is higher
than that of PAP.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
25
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
If the LAC uses the authentication mode AAA NONE, AAA authentication is not performed
regardless of whether the LAC adopts PAP or CHAP authentication. The LNS, however, uses
the authentication mode configured with AAA (such as Local, Radius, or NONE) for
authentication after the user authentication information is sent to the LNS.
The agent authentication is related to the authentication mode on the VT as follows:
l
The authentication mode on the VT is not more complex than that on the LAC. The
authentication fails if the authentication mode on the LAC is PAP and that on the VT of
the LNS is CHAP.
l
In other cases, the authentication mode transmitted by the LAC is adopted regardless of
the authentication mode configured on the VT.
NOTE
For more information on the address pool and address pool allocation, refer to the Huawei AR1200-S
Series Enterprise Routers Feature Description - Security and the Huawei AR1200-S Series Enterprise
Routers Feature Description - IP Services.
2.5 Applications of L2TP
This section describes several networking scenarios of L2TP.
2.5.1 Three Typical L2TP Tunnel Modes
Figure 2-13 shows the tunnel mode between the remote system and the LNS, and between the
LAC client (host running L2TP) and the LNS.
Figure 2-13 Three typical L2TP tunnel modes
LAC
client
LAC
Remote
system
PSTN/
ISDN
Network
LNS
Internal
server
Network
PC
LAN
LAC
LNS
Internal
server
The connections that can be established in the following three modes:
l
Issue 02 (2012-03-30)
NAS-Initialized
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
l
Client-Initialized
l
LAC-Auto-Initiated
2 L2TP
NAS-Initialized
Initiated by the remote user, the remote user connects the LAC through PSTN or ISDN, as shown
in Figure 2-14. The LAC sends a request to the LNS for establishing a tunnel connection through
the Internet. Dial user addresses are assigned by the LNS. The LNS or the agent on the LAC
performs authentication and accounting on the remote user.
Features of the NAS-Initialized mode are as follows:
l
Users are connected to the Internet through PPP or PPP over Ethernet (PPPoE).
l
The access devices LAC of carriers must deploy VPN services. Users must apply for this
service to carriers.
l
The two ends of an L2TP tunnel reside on the LAC and LNS respectively. An L2TP tunnel
can carry multiple sessions.
Figure 2-14 Connecting to the LAC through PSTN or ISDN
LNS Headquarters
LAC
user
PSTN/ISDN
Internet
Client-Initialized
An LAC user who supports L2TP initiates a request for establishing a tunnel. The user must
know the IP address of the LNS. The LAC client can directly send a request to the LNS for
establishing a tunnel rather than through a LAC. Based on the user's name and password, the
LNS authenticates the received request and assigns a private IP address to the LAC user.
Features of the client-initialized mode are as follows:
l
Users must install dial-up software of L2TP. PCs running Windows can use the VPN dialup software in the Windows operating system.
l
Users can access the network in multiple ways without involving ISP.
l
The two ends of an L2TP tunnel reside on the LAC and LNS respectively. An L2TP tunnel
carries only one session.
l
Users can select the access mode as required by information security. When requiring highlevel security, users can use IPSec.
NAS-Initialized and Client-Initialized modes exist in the same networking. If the networking
has only the Client-Initialized mode, there are high requirements for tunnel setup because an
L2TP tunnel can carry only an L2TP session in Client-Initialized mode.
LAC-Auto-Initiated
In most cases, an L2TP user directly dials up to a LAC, and only PPP connection is established
between the user and LAC. If the LAC serves also as a PPP client, connection between the user
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
27
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
2 L2TP
and LAC can be established in other modes in addition to PPP. The users can send IP packets
to the LAC, and then the LAC forwards the packets to the LNS. To make the LAC serve as a
PPP client, create a virtual PPP user and server on the LAC. The virtual PPP user negotiates
with the virtual PPP server, and the virtual PPP server establishes an L2TP tunnel with the LNS
to negotiate with the LNS.
Features of the LAC-auto-initiated mode are as follows:
l
Users can connect to the LAC by sending IP packets.
l
The LAC needs to have a PPP user created and establishes a tunnel with the LNS.
l
The two ends of an L2TP tunnel reside on the LAC and LNS respectively. An L2TP tunnel
carries multiple sessions.
In the LAC-auto-initiated mode, a LAN can be connected directly to the LAC, as shown in
Figure 2-15.
Figure 2-15 Connecting to the LAC directly
user
LAN
Switch
LNS
LAC
Internal
server
Internet
user
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
28
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
3
IPSec
About This Chapter
3.1 Introduction to IPSec
3.2 References
3.3 Availability
3.4 Principles
3.5 Applications
3.6 Terms and Abbreviations
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
29
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
3.1 Introduction to IPSec
Definition
Internet Protocol Security (IPSec) is a protocol suite defined by the Internet Engineering Task
Force (IETF) for securing Internet Protocol (IP) communication by authenticating and
encrypting each IP packet of a communication session. Two communicating parties can encrypt
data and authenticate the data origin at the IP layer to ensure data confidentiality and integrity
and protect against replay attacks on the network. IPSec provides the following protections:
l
Confidentiality: encrypts user data and transmits it in cipher text.
l
Integrity: authenticates received data to check whether the data has been modified by
unauthorized users.
l
Anti-replay: rejects old or duplicate packets to prevent attacks that malicious users initiate
by resending captured packets.
Figure 3-1 shows the IPSec protocol suite architecture.
Figure 3-1 IPSec SA negotiation
IKE
SA
negotiation
IKE
RouterA
RouterB
SA
SA
TCP/UDP
TCP/UDP
AH/ESP
AH/ESP
IP
Encrypted IP
packets
IPSec uses the Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols
to secure IP packet transmission and uses Internet Key Exchange (IKE) for security association
(SA) negotiation. IKE provides the key negotiation and SA establishment and maintenance
functions to simplify IPSec deployment and management.
l
Issue 02 (2012-03-30)
AH: provides data origin authentication, data integrity check, and the anti-replay service.
The sender performs the hash algorithm on the IP payload and all header fields of an IP
packet except for variable fields to generate a message digest. The receiver recalculates the
message digest according to the received IP packet and compares the two message digests
to determine whether the IP packet has been modified during transmission. AH does not
encrypt the IP payload.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
30
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
l
ESP: encrypts the IP payload in addition to providing all the functions of AH. ESP can
encrypt and authenticate the IP payload but does not protect the IP packet header.
l
IKE: performs SA negotiation between IPSec peers and defines the authentication
algorithm, the encryption algorithm, and the key required for secure data transmission
between the peers.
NOTE
l AH and ESP can be used independently or together. When AH and ESP are used together, ESP
encapsulation and then AH encapsulation are performed on an IP packet to be sent. After the IP packet
is received, AH decapsulation and then ESP decapsulation are performed on the packet.
l IKE negotiation is optional. It is not required when IPSec uses the manually configured policy and
algorithm.
Purpose
On IP networks, most data is transmitted in plain text. This brings security risks. For example,
passwords and bank accounts may be intercepted, and user information may be forged. IPSec
can protect transmitted IP packets to reduce the risk of information leak.
Benefits
Benefits to users
l
IPSec reduces the risk of information leak and interception, ensuring service transmission
security.
l
IPSec ensures security so that other security features such as Transport Layer Security
(TLS) are not needed at the application layer, reducing the service deployment cost.
3.2 References
The following table lists the references of this document.
Issue 02 (2012-03-30)
Document
Description
RFC 2401
Security Architecture for the Internet Protocol
RFC 2402
IP Authentication Header
RFC 2406
IP Encapsulating Security Payload (ESP)
RFC 2407
The Internet IP Security Domain of Interpretation for ISAKMP
RFC 2408
Internet Security Association and Key Management Protocol (ISAKMP)
RFC 2409
The Internet Key Exchange (IKE)
RFC 2367
PF_KEY Key Management API, Version 2
RFC 3706
A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE)
Peers
RFC 4306
Internet Key Exchange (IKEv2) Protocol
RFC 4478
Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
31
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
Document
Description
draft-dukes-ikemode-cfg-02.txt
The ISAKMP Configuration Method
3.3 Availability
Involved Network Element
IPSec must be enabled on Layer 3 devices at both ends.
License Support
The Efficient VPN function is used with a license. To use the Efficient VPN function, apply for
and purchase the following license from the Huawei local office:
l
AR1200 Value-Added Security Package
Version Support
Product
Version
AR1200-S
V200R001C01
Feature Dependency
l
IPSec protects IP packets, so the AR1200-S must provide Layer 3 functions.
l
The route injection condition is defined in the ACL referenced in an IPSec policy.
l
Whether IPSec packets are fragmented on an interface depends on the MTU of the interface.
l
When protecting Generic Routing Encapsulation (GRE) traffic, the AR1200-S encapsulates
packets in GRE headers and then performs IPSec encryption. When protecting other types
of traffic, the AR1200-S performs IPSec encryption directly.
3.4 Principles
3.4.1 Basic Concepts of IPSec
IPSec Peer
IPSec provides secure IP communication between two endpoints. The two endpoints are called
IPSec peers.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
32
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
Security Association
A security association (SA) is a set of algorithms such as the encryption algorithm and parameters
such as keys for secure data transmission between IPSec peers.
An SA is unidirectional, so at least two SAs must be configured to protect data flows in
bidirectional communication. If two peers need to communicate by using both AH and ESP,
each peer needs to establish two SAs for the two protocols.
An SA is identified by a triple consisting of a security parameter index (SPI), a destination IP
address, and a security protocol (AH or ESP) identifier. An SPI is a 32-bit value and transmitted
in AH and ESP headers.
SA Establishment Modes
IPSec establish SAs in manual mode or IKE negotiation mode.
Establishing SAs in manual mode is complicated because all information required must be
configured manually. The SAs established in manual mode will never age.
Establishing SAs in IKE negotiation mode is simpler because IKE negotiation information needs
to be configured only on two peers and SAs are created and maintained by means of IKE
negotiation. The SA established in IKE negotiation has a time-based or traffic-based lifetime.
When the specified time or traffic volume is reached, an SA becomes invalid. When the SA is
about to expire, IKE will negotiate a new SA.
The manual mode is applicable to networks with a The Establishing SAs in IKE negotiation
mode is recommended on medium- and large-sized dynamic networks.
IPSec Encapsulation Modes
The following two IPSec encapsulation modes are available:
l
Tunnel mode: An AH or ESP header is inserted before the original IP header, and a new
IP header is inserted before the AH or ESP header. Figure 3-2 shows the IPSec tunnel
mode during TCP packet transmission.
Figure 3-2 IPSec tunnel mode
Mode
Tunnel
Protocol
l
Issue 02 (2012-03-30)
AH
New IP
Header
AH
Raw IP
Header
ESP
New IP
Header
ESP
AH-ESP
New IP
Header
AH ESP
TCP
data
Header
Raw IP
TCP
ESP
ESP
data
Header Header
Tail Auth data
Raw IP TCP
data
Header Header
ESP
Tail
ESP
Auth data
Transport mode: An AH or ESP header is inserted between the IP header and the transport
layer protocol header. Figure 3-3 shows the IPSec transport mode during TCP packet
transmission.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
33
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
Figure 3-3 IPSec transport mode
Determine which IPSec encapsulation mode to use based on the following points:
l
The tunnel mode is more secure than the transport mode. In tunnel mode, the entire IP
packet is encrypted and authenticated, and the IP address of a peer can be used to hide the
IP address of a client.
l
In tunnel mode, there is an additional IP header, occupying more bandwidth.
Authentication Algorithms and Encryption Algorithms
l
Authentication algorithms
Both AH and ESP can authenticate IP packet integrity to determine whether IP packets are
modified during transmission. Authentication algorithms use the hash function. The hash
function processes a variable-length message into a fixed-length output, which is called a
message digest. An IPSec peer calculates a message digest according to the IP packet
contents and compares it with the message digest of the other IPSec peer. If the two message
digests are the same, the IP packet is not modified during transmission. IPSec has two
authentication algorithms:
– Message Digest 5 (MD5): processes a variable-length message into a fixed-length
output of 128 bits.
– Secure Hash Algorithm 1 (SHA-1): processes a message of less than 264 bits into a 160bit message digest.
l
Encryption algorithms
ESP encrypts the IP packet contents to prevent them from being intercepted during
transmission. Encryption algorithms are implemented by using a symmetric key system,
which uses the same key to encrypt and decrypt data. IPSec uses the following encryption
algorithms:
– Data Encryption Standard (DES): encrypts a 64-bit plain text by using a 56-bit key.
– Triple Data Encryption Standard (3DES): encrypts a plain text by using three 56-bit
DES keys (a 168-bit key).
– Advanced Encryption Standard (AES): encrypts a plain text by using a key of 128 bits,
192 bits, or 256 bits.
The preceding encryption algorithms are listed in ascending order of security. A more
secure encryption algorithm requires more system resources, so the computing speed is
slower. The DES algorithm is used when low security is required.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
34
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
IPSec Packet Fragmentation
l
IPSec packet fragmentation after encryption
If the size of the IP packets encapsulated with the IPSec header exceeds the MTU of the
outbound interface, the router fragments the packets based on the MTU of the outbound
interface.
l
IPSec packet fragmentation before encryption
Before IP packets are encapsulated with the IPSec header, the system calculates the
predicted length of the encapsulated IP packets. If the predicted length of the encapsulated
IP packets exceeds the MTU of the outbound interface, the router fragments the IP packets
and encapsulates the IPSec header into fragments.
The IKE peer of the router decrypts and assembles IPSec fragments. This reduces the CPU
usage of the router.
3.4.2 IKE
IKE Protocol
Internet Key Exchange (IKE) is the protocol used to establish a security association (SA) in the
IPSec protocol suite. IKE builds upon the Internet Security Association and Key Management
Protocol (ISAKMP) and provides the key negotiation, identity authentication, and SA
establishment functions to simplify IPSec use and management.
IKE Security Mechanism
IKE supports the following security mechanisms:
l
Diffie-Hellman (DH) algorithm: is a public key algorithm. The two communicating parties
do not transmit a key but exchange data to calculate a shared key. They use the calculated
shared key to encrypt data and exchange the encrypted data. IKE-enabled devices never
directly transmit a key on an insecure network. Instead, the devices calculate a shared key
by exchanging data. Even though a third party (such as a hacker) intercepts all exchanged
data for key calculation, it cannot calculate the actual key.
l
Perfect Forward Secrecy (PFS): is a property that prevents other keys from being decoded
when one key is decoded. The key used in IPSec phase 2 is derived from the key used in
IPSec phase 1. After intercepting the key used in phase 1, an attacker may collect enough
information to calculate the key to be used in phase 2. PFS provides an additional DH key
exchange to secure the key used in phase 2.
l
Identity authentication: authenticates identities of the two communicating parties including
pre-shared key authentication and digital certificate authentication. If pre-shared key
authentication is configured, an authentication key is used to generate a key. The same key
can be generated for the two parties only when they have the same authentication key.
l
Identity protection: encrypts identity data and then transmits it after a key is generated,
protecting the identity data.
IKEv1 Key Negotiation and Exchange
RFC 2409 (The Internet Key Exchange) defines two phases for IKEv1 key negotiation and
exchange. In phase 1, two IPSec peers negotiate to establish a secure and authenticated channel.
In phase 2, the two peers establish an IPSec SA by using the secure and authenticated channel
established in phase 1.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
35
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
The main mode and aggressive mode are defined for phase 1, each accomplishing a phase 1
exchange. The quick mode accomplishes a phase 2 exchange. Table 3-1 lists terms in IKEv1
negotiation.
Table 3-1 Terms in IKEv1 negotiation
Term
Description
HDR
ISAKMP header.
HDR*
If the HDR is marked with an asterisk, data is encrypted.
SA
SA negotiation payload.
KE
Key exchange payload.
Nx
Nonce payload. The value of x can be "i" for the initiator or "r" for the
responder. The nonce payload contains random data used to guarantee
liveness during an exchange and protect against replay attacks.
IDx
Identification payload:
l In phase 1, the value of x can be "ii" for the initiator or "ir" for the
responder.
l In phase 2, the value of x can be "ci" for the initiator or "cr" for the
responder.
HASH_I
HASH_R
Hash payload. It is used to authenticate the ISAKMP message integrity and
authenticate negotiation entities.
Figure 3-4 IKEv1 negotiation in main mode in phase 1
(1) HDR, SA
(2) HDR, SA
(3) HDR, KE, Ni
Initiator
(4) HDR, KE, Nr
Responder
(5) HDR*, IDii, HASH_I
(6) HDR*, IDir, HASH_R
Figure 3-4 shows IKEv1 negotiation in main mode in phase 1.
1.
The initiator triggers IKEv1 negotiation by sending an SA payload containing one or more
IKE proposals. The IKE proposals define the encryption algorithm, authentication
algorithm, and authentication mode.
2.
The responder sends an SA payload containing an accepted IKE proposal to the initiator.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
36
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
3.
The initiator sends a key exchange payload to exchange the DH key data.
4.
The responder sends a key exchange payload to exchange the DH key data.
5.
The initiator uses the generated DH key to encrypt and transmit its identity and hash
authentication information to the responder for identity authentication.
6.
The responder authenticates the initiator identity and uses the generated DH key to encrypt
and transmit its identity to the initiator for identity authentication.
Figure 3-5 IKEv1 negotiation in aggressive mode in phase 1
(1) HDR, SA, KE, Ni, IDii
Initiator
(2) HDR, SA, KE, Nr, IDir,
HASH_R
Responder
(3) HDR, HASH_I
Figure 3-5 shows IKEv1 negotiation in aggressive mode in phase 1.
1.
The initiator triggers IKEv1 negotiation by sending a message containing an SA payload,
a key exchange payload, a nonce payload, and a hash payload to the responder.
2.
The responder sends a message containing an SA payload, a key exchange payload, a nonce
payload, an identification payload, and a hash payload to the initiator.
3.
The responder authenticates the initiator and sends a hash payload to the initiator for identity
authentication.
Figure 3-6 IKEv1 negotiation in quick mode in phase 2
(1)HDR*,HASH(1),SA,Ni[KE][IDci,IDcr]
(2)HDR*,HASH(2),SA,Nr[KE][IDci,IDcr]
Initiator
Responder
(3)HDR,HASH(3)
Figure 3-6 shows IKEv1 negotiation in quick mode in phase 2. Either of two IKE peers can
initiate IKE negotiation in phase 2.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
37
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
1.
The initiator sends parameters for IPSec SA negotiation, including the optional parameters
used to determine whether to perform PFS negotiation.
2.
The responder sends parameters for IPSec SA negotiation, including the optional
parameters used to determine whether to perform PFS negotiation.
3.
The initiator authenticates responder information and sends a hash payload to the responder.
Differences between the main mode and aggressive mode are as follows:
l
In main mode, six messages are exchanged between the initiator and responder. In
aggressive mode, three messages are exchanged between the initiator and responder,
enabling two IPSec peers to establish an IKE SA rapidly.
l
In main mode, key exchange information, identity information, and authentication
information are separated from each other, protecting identity information of IPSec peers.
The three messages exchanged in aggressive mode are not encrypted, and identity
information is transmitted in plain text. This brings security risks.
l
In main mode, only IP addresses can be used to identify IPSec peers. In aggressive mode,
both IP addresses and names can be used to identify IPSec peers. After information is
exchanged in step 3 and step 4 in Figure 3-4, the pre-shared key must be used to compute
the SKEYID. When a device has multiple peers, it must find the peer with which it needs
to establish an IPSec tunnel by using the source IP address in the IP packets exchanged in
step 3 and step 4 in Figure 3-4 and then obtain the pre-shared key of the peer.
IKEv2 Key Negotiation and Exchange
IKEv2 is defined in RFC 4306 and retains most IKEv1 features. IKEv2 differs from IKEv1
defining phase 1 exchange and phase 2 exchange in that it defines three types of exchanges:
Initial Exchanges, CREATE_CHILD_SA Exchange, and Informational Exchange.
Figure 3-7 IKEv2 Initial Exchanges
(1)HDR,SAi1,KEI,Ni
(2)HDR,SAr1,KEr,Nr,[CERTREQ]
Initiator
(3)HDR,SK{IDi,[CERT,][CERTREQ,][IDr,]
AUTH,SAi2,TSi,TSr}
Responder
(4)HDR,SK{IDr,[CERT,]AUTH,SAr2,TSi,
TSr}
Figure 3-7 shows the IKEv2 Initial Exchanges process:
1.
The initiator sends a key exchange payload and SA parameters to the responder.
2.
The responder sends a key exchange payload and SA parameters to the initiator.
3.
According to the key material generated through key exchange, the initiator encrypts and
transmits a certificate payload and a traffic selector payload to the responder for
authentication negotiation.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
38
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4.
3 IPSec
According to the key material generated through key exchange, the responder encrypts and
transmits a certificate payload and a traffic selector payload to the initiator for
authentication negotiation.
Figure 3-8 IKEv2 CREATE_CHILD_SA Exchange
(1)HDR,SK{[N],SA,Ni,[KEi],[TSi,TSr]}
Responder
Initiator
(2)HDR,SK{SA,Nr,[KEr],[TSi,TSr]}
As shown in Figure 3-8, IKEv2 CREATE_CHILD_SA Exchange involves two messages and
corresponds to IKEv1 phase 2 exchange. Either endpoint (the initiator or responder) of Initial
Exchanges can initiate a CREATE_CHILD_SA Exchange. In a CREATE_CHILD_SA
Exchange, there is an additional DH exchange, which can generate a new KE. TSi and TSr are
used to negotiate traffic exchanged between IPSec peers.
Figure 3-9 IKEv2 Informational Exchange
(1)HDR,SK{[N,][D,][CP,]...}
Initiator
Responder
(2)HDR,SK{[N,][D,][CP,]...}
Figure 3-9 shows the IKEv2 Informational Exchange process. In this exchange process, IPSec
peers exchange IKE_SA control messages or CHILD_SA control messages.
IKE Route Injection
IKE route injection helps determine the IPSec peer's route reachability based on the IPSec tunnel
status. If the IPSec tunnel is Up, the route of the IPSec peer can be added to the routing table
and advertised on the network. If the IPSec tunnel is Down, the route of the IPSec peer is deleted
and withdrawn.
During network deployment, determine whether to enable the route injection function as needed
on your network.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
39
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
3.4.3 IPSec Implementation
IPSec peers can use various security protection measures (authentication, encryption, or both)
for different data flows. The procedure for implementing IPSec is as follows:
1.
Define data flows to be protected by using an ACL.
2.
Configure an IPSec proposal to specify the security protocol, authentication algorithm,
encryption algorithm, and encapsulation mode.
3.
Configure an IPSec policy or an IPSec policy group to specify the association between data
flows and IPSec proposals defining protection measures, configure IKE peers, and
manually set SA parameters.
4.
Apply the IPSec policy to an interface.
Defining Data Flows to Be Protected
A data flow is a collection of traffic and is identified by the source address/mask, destination
address/mask, protocol number, source port number, and destination port number.
On the equipment, data flows are defined by using ACL groups. A data flow can be a single
TCP connection between two hosts or all traffic between two subnets. The first step to configure
IPSec is to define data flows.
Configuring an IPSec Proposal
An IPSec proposal defines the security protocol, authentication algorithm, encryption algorithm,
and encapsulation mode for the data flows to be protected.
Security protocols AH and ESP can be used independently or together. AH supports MD5 and
SHA-1 authentication algorithms. ESP supports two authentication algorithms (MD5 and
SHA-1) and three encryption algorithms (DES, 3DES, and AES). IPSec supports two
encapsulation modes: transport mode and tunnel mode.
To transmit the same data flow, peers on both ends of a security tunnel must use the same security
protocol, authentication algorithm, encryption algorithm, and encapsulation mode. To
implement IPSec between two security gateways, you are advised to use the tunnel mode to hide
the actual source and destination IP addresses used in communication.
Configuring an IPSec Policy or an IPSec Policy Group
An IPSec policy defines the security protocol, authentication algorithm, encryption algorithm,
and encapsulation mode for data flows by referencing an IPSec proposal. The name and sequence
number uniquely identify an IPSec policy. IPSec policies are classified into IPSec policies used
for manually establishing SAs and IPSec policies used for establishing SAs through IKE
negotiation. To configure an IPSec policy used for manually establishing SAs, set parameters
such as the key and SPI. If the tunnel mode is configured, you also need to set IP addresses for
two endpoints of a security tunnel. When configuring an IPSec policy used for establishing SAs
through IKE negotiation, you do not need to set parameters such as the key and SPI because
they are generated through IKE negotiation.
IPSec policies of the same name but different sequence numbers comprise an IPSec policy group.
In an IPSec policy group, an IPSec policy with a smaller sequence number has a higher priority.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
40
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
Applying an IPSec Policy or an IPSec Policy Group to an Interface
After an IPSec policy group is applied to an interface, all IPSec policies in the group are applied
to the interface. This enables different SAs to be used for different data flows.
3.4.4 IPSec Tunnel Setup in IKE Mode
The procedure for establishing an IPSec tunnel in IKE mode is as follows:
1.
Configure the local ID used in IKE negotiation.
The local ID is case sensitive.
2.
Configure an IKE proposal.
An IKE proposal defines the encryption algorithm, authentication algorithm, authentication
mode used in IKE negotiation, and SA lifetime. If the SA lifetime reaches the pre-defined
value, SA negotiation needs to be performed again.
3.
Configure an IKE peer.
A set of attributes must be configured for an IKE peer, including the IKE version, local ID
type, peer IP address or name, pre-shared key, NAT traversal status. If IKEv1 is used, the
IKE negotiation mode (main or aggressive mode) also needs to be specified for the IKE
peer.
4.
Define data flows to be protected.
A data flow is identified by the source address/mask, destination address/mask, protocol
number, source port number, and destination port number.
On the AR1200-S, data flows are defined by using ACL groups. A data flow can be the
traffic transmitted on a single TCP connection between two hosts or all traffic between two
subnets. The first step to configure IPSec is to define data flows.
5.
Configure an IPSec proposal.
An IPSec proposal defines the IPSec protocol, authentication algorithm, encryption
algorithm, and encapsulation mode for the data flows to be protected.
Security protocols AH and ESP can be used independently or together. AH supports MD5
and SHA-1 authentication algorithms. ESP supports two authentication algorithms (MD5
and SHA-1) and three encryption algorithms (DES, 3DES, and AES). IPSec supports two
encapsulation modes: transport mode and tunnel mode.
To transmit the same data flow, peers on both ends of a security tunnel must use the same
security protocol, authentication algorithm, encryption algorithm, and encapsulation mode.
To implement IPSec between two security gateways, you are advised to use the tunnel
mode to hide the actual source and destination IP addresses used in communication.
6.
Configure an IPSec policy or an IPSec policy group.
An IPSec policy references an IPSec proposal to define the security protocol, authentication
algorithm, encryption algorithm, and encapsulation mode for data flows. The name and
sequence number identify an IPSec policy. IPSec policies are required for manually
establishing SAs and IPSec policies used for establishing SAs through IKE negotiation. To
configure an IPSec policy used for manually establishing SAs, set parameters such as the
key and SPI. If the tunnel mode is configured, you also need to set IP addresses for two
endpoints of a security tunnel. When configuring an IPSec policy used for establishing SAs
through IKE negotiation, you do not need to set the key or SPI because they are generated
through IKE negotiation.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
41
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
IPSec policies of the same name but different sequence numbers comprise an IPSec policy
group. In an IPSec policy group, an IPSec policy with a smaller sequence number has a
higher priority.
7.
Apply an IPSec policy or an IPSec policy group to an interface.
After an IPSec policy group is applied to an interface, all IPSec policies in the group are
applied to the interface. This enables different SAs to be used for different data flows.
3.4.5 Traffic Protection for Tunnel Interfaces
IPSec Profile
An IPSec policy is identified by its name and sequence number. Multiple IPSec policies with
the same IPSec policy name constitute an IPSec policy group, and each IPSec policy uses an
access control list (ACL) to identify data flows to be encrypted. After an IPSec policy group is
applied to an interface, IPSec policies in group use ACLs to protect data flows passing through
the interface. Multiple IPSec tunnels are created on the interface.
An IPSec profile simplifies IPSec policy management. The IPSec profile is identified by the
IPSec profile name. It contains only one IPSec policy that does not reference any ACLs.
NOTE
IPSec profiles apply only to Generic Routing Encapsulation (GRE) tunnel interfaces, IPSec tunnel
interfaces, and multipoint GRE (MGRE) tunnel interfaces used in dynamic smart IPSec VPN (DSVPN).
IPSec Protection for a GRE Tunnel Interface
To configure IPSec protection for a GRE tunnel interface, perform the following steps:
1.
Create a tunnel interface and set the interface type to GRE tunnel.
2.
Apply an IPSec profile to the GRE tunnel interface.
IPSec Protection for an IPSec Tunnel Interface
To configure IPSec protection for a GRE tunnel interface, perform the following steps:
1.
Create a tunnel interface and set the interface type to IPSec tunnel.
2.
Apply an IPSec profile to the IPSec tunnel interface.
NOTE
A point-to-point IPSec tunnel interface can run routing protocols when it works in IPSec tunnel mode.
3.4.6 NAT Traversal in IPSec
NAT Traversal
IPSec is mainly used to establish VPNs. If the initiator on a private network needs to establish
an IPSec tunnel with the responder on a public network, network address translation (NAT)
traversal is required. NAT traversal helps to find an NAT gateway between two endpoints during
IKE negotiation and enables ESP packets to pass through the NAT gateway.
Before establishing an IPSec tunnel, two endpoints need to negotiate the NAT traversal
capability. The Vendor ID payload specifies a set of data to identify the NAT traversal capability.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
42
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
The data specified by the Vendor ID payload varies according to the IKE version (IKEv1 or
IKEv2).
NAT gateway discovery is implemented by using the NAT-D payload. This payload is used to
discover the NAT gateway between two IKE peers and to determine on which peer a NAT device
needs to be deployed. The NAT-side peer functions as the initiator and sends NAT Keepalive
packets periodically to ensure that IPSec traffic is not aged or deleted on a NAT gateway.
NOTE
AH authenticates the entire IP packet. Any modification in the IP header causes an AH check failure.
Therefore, NAT traversal cannot be implemented on an IPSec tunnel protected by AH. ESP supports NAT
traversal.
NAT Traversal Implementation in IPSec
NAT traversal is implemented in IPSec by inserting a standard User Datagram Protocol (UDP)
header between the original IP header and an ESP header. When ESP packets need to pass
through a NAT gateway, the NAT gateway translates the address and port number of the outer
IP header and inserted UDP header. After the translated packets reach the peer end of the IPSec
tunnel, the peer end processes these packets according to the IPSec protocol. The response
packets to be sent from the peer end to the local end of the IPSec tunnel are processed in the
same way.
CAUTION
The AR1200-S implements NAT traversal only in IPSec tunnel mode but not transport mode.
3.4.7 IPSec Efficient VPN
Simplifying the IPSec Configuration
To establish an IPSec tunnel between two peers, you must perform a great number of IPSec
configurations on the peers. The configurations include the authentication and encryption
algorithms used in IKE negotiation, Diffie-Hellman key agreement protocol, and IPSec proposal.
If the network has hundreds of sites, the IPSec configurations on remote devices are complicated.
In Huawei Efficient VPN solution, only mandatory parameters, such as the IP address and preshared key, need to be configured on the remote device. Other parameters, such as authentication
and encryption algorithms used in IKE negotiation, and the IPSec proposal, are preconfigured
on the server. When the remote device initiates IPSec tunnel negotiation, it sends its IKE
capabilities including authentication algorithm and encryption algorithm, and IPSec proposal it
supports to the server. The server establishes an IPSec tunnel with the remote device according
to the preconfigured IPSec tunnel parameters and those sent from the remote device. Huawei
Auto-VPN solution reduces your manual configuration workload on the remote device by
applying the Auto-VPN policy.
l
IPSec Efficient VPN has the following restrictions when working in IKEv1:
– IPSec Efficient VPN can only be used in the aggressive mode and cannot be used in the
main mode.
– Only DH2 can be used as the key exchange algorithm.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
43
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
– IKE negotiation uses 3DES as the encryption algorithm.
– IKE negotiation uses SHA1 as the authentication algorithm.
l
IKEv2 and IPSec Efficient VPN have the following restrictions:
– Only DH2 can be used as the key exchange algorithm.
l
IPSec encryption is implemented in tunnel mode.
l
The security protocol must be ESP and cannot be AH.
Configuring the IKE Mode
When the remote device connects to the server, the server allocates network resources to the
remote device. The resources include the DNS server address and WINS server address. This
simplifies the configuration for the remote device. In most cases, the IP address of the remote
device is not planned together with that of the server. If the server assigns an IP address to the
remote device, the remote device uses this IP address to perform NAT/PAT for packets sent
from the private network, simplifying IP address planning for the remote device and server. In
IKE mode, the preceding functions are supported.
The following figure shows the message types defined by the IKE mode.
Figure 3-10 Message types defined by the IKE mode
ISAKMP_CFG_REQUEST
ISAKMP_CFG_REPLY
Remote
ISAKMP_CFG_SET
Server
ISAKMP_CFG_ACK
Type
Description
ISAKMP_CFG_REQUEST
Message that the remote device sends to request
resources from the server
ISAKMP_CFG_REPLY
Server's response to the remote device
ISAKMP_CFG_SET
Message that the server sends to notify the remote
device of network resources
ISAKMP_CFG_ACK
Remote device's response to the server
IPSec Efficient VPN allows the client to request resources and the server to allocate resources
including the DNS server address, WINS server address, and IP address, but does not allow the
server to send ACLs to the client.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
44
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
Network Resource Allocation Mode
Two network resource allocation modes are available:
l
Efficient VPN client mode
After obtaining an IP address from the server, the remote device creates a loopback interface
and assigns the obtained IP address to the loopback interface. The remote device
automatically enables NAT/PAT. When the remote device receives a packet from a PC on
the remote subnet, NAT/PAT translates the source IP address of the packet and sends the
packet to the server through the IPSec tunnel, as shown in Figure 3-11.
Figure 3-11 Client mode
Remote
Server
The remote device uses dynamic NAT/PAT and static NAT/PAT based on the following
situations:
– When the IPSec Efficient VPN tunnel is Up, static NAT/PAT is disabled and dynamic
NAT/PAT is enabled.
– When the IPSec Efficient VPN tunnel is Down, dynamic NAT/PAT is disabled and
static NAT/PAT is enabled.
In client mode, the server can send the DNS server address and WINS server address to
the remote device. A PC on the remote subnet is assigned an IP address using the DHCP
server. The DHCP server sends the DNS and WINS server addresses to the PC so that the
PC can connect to the Internet.
CAUTION
The server cannot send ACLs to the remote device in IPSec Efficient VPN. A PC connecting
to the remote device can access the Internet only after the client sends requests for resources
to the server.
l
Efficient VPN Network mode
In network mode, the IP addresses of the remote device and server are planned uniformly.
The remote device does not apply to the server for the IP address or enable NAT/PAT.
Like the client mode, the network mode allows the server to send the DNS server address
and WINS server address to the remote device.
3.5 Applications
3.5.1 Secure Communication Between Sites
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
45
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
Figure 3-12 Secure communication between sites
IKE SA negotiation
IPSec SA negotiation
IPSec encryption/decryption
Subnet A
Subnet B
As shown in Figure 3-12, IPSec is configured on enterprise sites to establish a secure
transmission tunnel. Data between the enterprise sites can be protected and transmitted over the
IPSec tunnel.
3.5.2 Secure Communication Between a Remote Site and the
Enterprise Headquarters
Figure 3-13 Secure communication between a remote site and the enterprise headquarters
Subnet
Branch
company
Headquarters
Network
Mobile office
As shown in Figure 3-13, the remote branch company and remote users access the enterprise
headquarters by using IPSec. The IP address of the enterprise headquarters is fixed. The remote
branch company or remote PCs can dynamically obtain IP addresses, so the headquarters do not
need to know their IP addresses.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
46
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
3 IPSec
3.5.3 GRE over IPSec
Figure 3-14 GRE over IPSec
GRE
IPSec encryption and
decryption
Subnet A
Subnet B
IPSec can encrypt and decrypt only IP packets. GRE over IPSec can overcome the limitations
of IPSec. As shown in Figure 3-14, a routing protocol is configured on the GRE tunnel, and
GRE over IPSec is configured to protect GRE traffic between the two endpoints of the tunnel.
GRE over IPSec improves networking flexibility.
3.6 Terms and Abbreviations
Issue 02 (2012-03-30)
Abbreviati
on
Full Name
IKE
Internet Key Exchange
ISAKMP
Internet Security Association and Key Management Protocol
IPSec
Internet Protocol Security
SPI
Security Parameter Index
AH
Authentication Header
ESP
Encapsulating Security Payload
SA
Security Association
GRE
Generic Routing Encapsulation
EVPN
Efficient VPN
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
47
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4 DSVPN
4
DSVPN
About This Chapter
4.1 Introduction to DSVPN
4.2 References
4.3 Availability
4.4 Principles
4.5 Applications
4.6 Terms, Acronyms, and Abbreviations
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
48
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4 DSVPN
4.1 Introduction to DSVPN
Definition
Dynamic Smart Virtual Private Network (DSVPN) is a technology that allows branches to
dynamically establish data forwarding tunnels in the hub-spoke model.
Purpose
Figure 4-1 shows in the traditional hub-spoke model, data traffic concentrates at branches and
the central office. If data traffic is transmitted between two branches, to implement IP Security
(IPSec), the central office needs to decrypt data on the tunnel of the source branch and encrypt
the data on the tunnel of the destination branch. Traffic between the two branches needs to pass
through the central office, wasting resources of the central office and causing a delay in traffic
forwarding. To solve this problem, the DSVPN technology is used to enable the two branches
to dynamically establish a data forwarding tunnel.
Figure 4-1 The traditional hub-spoke model
Hub
SpokeA
SpokeB
Benefits
l
Benefits to carriers
DSVPN provides low-delay and high-performance traffic forwarding.
l
Benefits to users
Branches can directly exchange service data, reducing the forwarding delay and improving
forwarding performance and efficiency.
4.2 References
The following table lists the references of this document.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
49
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4 DSVPN
Document
Description
RFC 2332
Next Hop Resolution Protocol
4.3 Availability
Involved Network Element
DSVPN can be configured on the source branch, destination branch, and central office routers.
License Support
The DSVPN function is used with a license. To use the DSVPN function, apply for and purchase
the following license from the Huawei local office:
l
AR1200 Value-Added Security Package
l
AR1200 DSVPN (Dynamic Smart VPN) Function
Version Support
Product
Version
AR1200-S
V200R002C00 and later versions
Feature Dependency
The DSVPN feature depends on the following features:
l
Next Hop Resolution Protocol (NHRP): The NHRP protocol is defined in RFC 2332 and
allows a source device on a Non-Broadcast Multiple Access (NBMA) network to obtain
the public address of the next hop to the destination device.
l
GRE: IPSec tunnels cannot encrypt multicast or broadcast packets. GRE over IPSec
encapsulates multicast and broadcast packets in GRE headers so that these packets can be
encrypted.
l
Multipoint GRE (MGRE) tunnel interface. A traditional point-to-point GRE tunnel is not
established through negotiation. Instead, the source and destination IP addresses of the
tunnel are configured by the user. When a direct tunnel needs to be established between
two branches, the destination IP address cannot be obtained beforehand and needs to be
resolved by the NHRP protocol. When a branch establishes GRE tunnels with the hub and
other branches, the branch router must have multiple GRE tunnel interfaces configured or
created automatically. In this case, an MGRE tunnel interface can be configured on the
router to reduce system resources used by GRE tunnel interfaces and simplify
configuration. In addition, MGRE uses NHRP to resolve the destination IP addresses so
that you do not need to configure destination IP addresses.
l
Routes between branches. To enable two branches to directly establish a tunnel, ensure that
the next hop of the route to the peer branch subnet is a branch device.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
50
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
l
4 DSVPN
(Optional) IPSec protection. IPSec protection can be enabled in DSVPN deployment.
4.4 Principles
4.4.1 Routing Plans
To enable two branches to directly establish an IPSec tunnel, ensure that the next hop of the
route between the two branch subnets is a branch router. The following routing plans are
available:
l
Static routes are configured on branches.
Static routes to other branch subnets are configured on the source branch. In the static routes,
the destination address is the destination branch subnet, and the next hop is the network
layer protocol address of the Multipoint GRE (MGRE) tunnel interface on the destination
branch device.
l
Branches learn routes from each other.
Routing protocols are enabled to allow routes to be learned between branches, and between
branches and the central office. All the branches must be connected to the same logical
interface of the central office device so that routes can be advertised between branches. If
the Routing Information Protocol (RIP) is enabled, the split horizon function must be
disabled to ensure that routes are directly advertised between branches.
NOTE
Split horizon prohibits a device from advertising a route to the interface from which the route is
learned. When split horizon is enabled, the route learned from an interface cannot be advertised to
the branch connected to this interface.
l
Branches have only summarized routes to the central office.
Branch routers must have a large routing table and high performance because they need to
learn many routes from other branches, especially when the routers are deployed on a large
network. To reduce the number of routes saved on a branch router, configure only the
default route to the central office router. Then all traffic transmitted between branches must
be forwarded by the central office router. When receiving traffic sent from one branch to
another, the central office router checks whether the source and destination branches belong
to the same VPN. If so, the router sends a message to the source branch router. The source
branch router then sends an NHRP Resolution Request message to obtain the destination
branch's subnet. After receiving the NHRP request, the destination branch router sends an
NHRP Resolution Reply message with the destination branch's subnet to the source branch
router. After that, the source branch router sends traffic to the destination branch along this
route.
4.4.2 Multipoint GRE
GRE Overview
The Generic Routing Encapsulation (GRE) protocol encapsulates packets of network layer
protocols so that the packets can be transmitted over an IPv4 network.
For details about GRE, see 1 GRE of Feature Description - VPN.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
51
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4 DSVPN
MGRE Tunnel Interface
A multipoint GRE (MGRE) tunnel interface is a logical interface used in DSVPN applications.
An MGRE tunnel interface is the same as a GRE tunnel interface in the following aspects:
l
Source address: used by the transmission protocol to identify the packet source. As GRE
encapsulated packets are transmitted over an IP network, the tunnel source IP address is
the IP address of the interface that sends the GRE packets.
l
Tunnel interface IP address: a 32-bit address that consists of a network ID and a host ID.
The network ID identifies a network, and the host ID identifies a network device.
An MGRE tunnel interface is different from a GRE tunnel interface in the following aspects:
l
Destination IP address: The destination IP address of a GRE tunnel interface is manually
configured, whereas the destination IP address of an MGRE tunnel is resolved by the NHRP
protocol. An MGRE tunnel interface has multiple remote ends because there are multiple
GRE tunnels on the interface.
l
Tunnel type: The tunnel type of an MGRE tunnel interface is GRE P2MP, whereas the
tunnel type of a GRE tunnel interface is GRE.
NOTE
MGRE tunnel interfaces do not support keealive detection.
4.4.3 NHRP
The NHRP protocol allows a source device on a Non-Broadcast Multiple Access (NBMA)
network to obtain the public address of the next hop to the destination device. NHRP defines
eight message types, as shown in Table 4-1.
Table 4-1 NHRP packet types
Type
Value
NHRP Resolution Request
1
NHRP Resolution Reply
2
NHRP Registration Request
3
NHRP Registration Reply
4
NHRP Purge Request
5
NHRP Purge Reply
6
NHRP Error Indication
7
NHRP Redirect
8
The NHRP working process is as follows:
l
Branches learn routes from each other.
1.
Issue 02 (2012-03-30)
All spokes on the network send NHRP Registration Request messages to the hub.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
52
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
l
4 DSVPN
2.
When receiving the NHRP Registration Request messages, the hub records the
mappings between the spokes' protocol addresses and NBMA addresses, and sends
NHRP Registration Reply messages to the spokes.
3.
When receiving the NHRP Registration Reply messages, the spokes set the hub status
to active.
4.
Spokes obtain routes to destination branches using static routing or a dynamic routing
protocol. For a branch, the next hop of the route to the destination branch is the peer
spoke.
5.
When a source spoke forwards an IP packet, it searches for the route to the destination
IP address. If the NBMA address mapping the destination IP address does not exist,
the source spoke sends an NHRP Resolution Request message to the destination spoke.
6.
The intermediate devices forward the NHRP Resolution Request message.
7.
The destination spoke constructs an NHRP Resolution Reply message with the
mapping between the protocol address and NBMA address of the destination subnet,
and sends the NHRP Resolution Reply message to the source spoke.
8.
The source and destination spokes learn each other's NBMA address and can
communicate with each other.
Branches have only summarized routes to the central office.
1.
All spokes on the network send NHRP Registration Request messages to the hub.
2.
When receiving the NHRP Registration Request messages, the hub records the
mappings between the spokes' protocol addresses and NBMA addresses, and sends
NHRP Registration Reply messages to the spokes.
3.
When receiving the NHRP Registration Reply messages, the spokes set the hub status
to active.
4.
Branch spokes obtain the summarized routes to the central office according to static
configurations or using a routing protocol.
5.
When a source spoke forwards an IP packet, it sends the packet to the hub through the
summarized route.
6.
After receiving the IP packet, the hub checks whether the inbound and outbound
interfaces of the packet belong to the same DSVPN. If so, the hub forwards the packet
to the destination branch and sends an NHRP Redirect message to the source spoke.
7.
When receiving the NHRP Redirect message, the source spoke sends an NHRP
Resolution Request message to the destination spoke.
8.
The hub forwards the NHRP Resolution Request message to the destination spoke.
9.
The destination spoke constructs an NHRP Resolution Reply message with the
mapping between the protocol address and NBMA address of the destination subnet,
and sends the NHRP Resolution Reply message to the source spoke.
10. The source spoke updates the NHRP mapping table according to the received NHRP
Resolution Reply message.
11. The source and destination spokes learn each other's NBMA address and can
communicate with each other.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
53
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4 DSVPN
NOTE
l When DSVPN is configured, IPSec is not required. If IPSec is configured to protect GRE traffic, the
remote IP address in an NHRP mapping entry needs to be advertised to the local device so that the
local and peer devices can establish an IPSec tunnel.
l IPSec notifies NHRP of the IPSec tunnel status so that NHRP can select the packet forwarding path
based on the tunnel status.
4.4.4 DSVPN Reliability
On a DSVPN network, all branches connect to the central office router. Therefore, spokes cannot
communicate when the central office router fails. To improve network reliability, two routers
are deployed in the central office.
Figure 4-2 High-reliability DSVPN networking
192.168.0.0/24
Hub
SpokeA
Hub
SpokeB
192.168.1.0/24
192.168.2.0/24
As shown in Figure 4-2, the branch spokes register with both the master router and backup
router in the central office. When the master router goes Down, the backup router starts to
forward NHRP Resolution Request messages.
4.5 Applications
4.5.1 Branches Learn Routes from Each Other
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
54
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4 DSVPN
Figure 4-3 DSVPN networking
Network
10.1.0.0/24
9.1.1.10/30 Hub1
9.0.0.1/24
Hub2
Hub3
Spoke1
Tunnel
Tunn
el
Spoke3
Spoke2
9.1.1.134/30
9.0.0.3/24
SubnetA
SubnetB
SubnetC
10.0.64.0/24
10.0.65.0/24
10.0.66.0/24
When branches learn routes from each other, DSVPN allows branches to directly exchange data
traffic.
1.
Branches and the central office establish IPSec tunnel connections.
2.
Branches send NHRP Registration Request packets to the central office.
3.
Branches and the central office use static routes or learn routes using a dynamic routing
protocol.
4.
The source branch searches for a route before sending traffic to the destination branch.
5.
The source branch searches the local NHRP mapping table for the NBMA private address
of the next hop to the destination branch.
6.
If the NHRP mapping table does not contain the NBMA private address of the destination
branch, the source branch sends an NHRP Resolution Request packet to the central office.
7.
The central office finds that the NBMA private address to be resolved in the received packet
is not the local private address and forwards the packet to the destination branch according
to this address.
8.
The destination branch sends an NHRP Resolution Reply packet to the source branch in
response to the received NHRP Resolution Request packet.
9.
The source branch obtains the NBMA private address of the destination branch from the
received NHRP Resolution Reply packet.
10. (Optional) The source and destination branches establish an IPSec tunnel.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
55
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4 DSVPN
11. Branches can directly exchange data traffic.
NOTE
IP addresses in blue are branch subnet addresses, IP addresses in purple are NBMA private addresses, and
IP addresses in black are spoke-to-hub IPSec tunnel addresses, namely, NBMA public addresses. Arrows
in purple indicate the process of exchanging NHRP Registration Request and Reply packets, and arrows
in blue indicate the process of exchanging NHRP Resolution Request and Reply packets.
4.5.2 Branches Have Only Summarized Routes to the Central Office
Figure 4-4 DSVPN networking
Network
Central
office
BranchA
BranchB
SubnetA
SubnetB
When branches have only summarized routes to the central office, DSVPN allows branches to
directly exchange data traffic.
1.
Branches and the central office establish IPSec tunnel connections.
2.
Branches send NHRP Registration Request packets to the central office.
3.
The source branch searches for a route and sends traffic to the central office.
4.
The central office forwards traffic to the destination branch through the outbound interface
according to local routing information.
5.
The central office finds that the outbound and inbound interfaces of traffic are the same
MGRE tunnel interface and sends an NHRP Redirect packet to the source branch,
instructing the source branch to send an NHRP Resolution Request packet.
6.
The source branch receives the NHRP Redirect packet and sends an NHRP Resolution
Request packet, which is then forwarded to the destination branch by the central office.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
56
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4 DSVPN
7.
The destination branch receives the NHRP Resolution Request packet and sends a request
to establish an IPSec tunnel with the source branch.
8.
The destination branch sends an NHRP Resolution Reply packet to the source branch. This
packet contains the NBMA public address and subnet information of the destination branch.
9.
The source branch updates the local NHRP mapping table based on the received NHRP
Resolution Reply packet and adds the route destined for the destination branch to the NHRP
mapping table.
10. Branches can directly exchange data traffic.
NOTE
The arrow in purple indicates the path of the NHRP Redirect packet, arrows in blue indicate the process
of exchanging NHRP Resolution Request and Reply packets, and arrows in black indicate the process of
exchanging data packets.
4.5.3 NAT Traversal
Figure 4-5 NAT traversal on a DSVPN network
Hub
NAT
NAT
SpokeA
SpokeB
The NAT traversal process is as follows:
1.
The branch spokes send NHRP Registration Request messages to the hub. The hub responds
with NHRP Registration Reply messages containing the public IP addresses (translated by
NAT) of the spokes.
2.
The source spoke sends an NHRP Resolution Request message with its private and public
IP addresses to the destination spoke.
3.
The destination spoke sends an NHRP Resolution Reply message with its private and public
IP addresses to the source spoke.
4.
The source spoke and destination spoke obtain each other's private and public IP addresses
and establish an IPSec tunnel that traverses the NAT devices.
NOTE
l NAT traversal cannot be implemented on a DSVPN network if multiple branches use the same NAT
device.
l The NAT devices must have NAT server or static NAT configured. NAT traversal cannot be
implemented if outbound NAT or inbound NAT is configured on the NAT devices.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
57
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
4 DSVPN
4.6 Terms, Acronyms, and Abbreviations
Issue 02 (2012-03-30)
Abbreviation
Full Spelling
IKE
Internet Key Exchange
ISAKMP
Internet Security Association and Key
Management Protocol
IPSec
Internet Security protocol
GRE
Generic Routing Encapsulation
NHRP
NBMA Next Hop Resolution Protocol
DSVPN
Dynamic Smart VPN
NBMA
Non-Broadcast Multiple Access
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
58
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
5
SSL VPN
About This Chapter
5.1 Introduction to SSL VPN
5.2 References
5.3 Availability
5.4 Principles
5.5 Application
5.6 Terms, Acronyms, and Abbreviations
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
59
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
5.1 Introduction to SSL VPN
Background
As Internet technologies develop, people can access an enterprise's internal resources whether
they are at home, at work, or on the move. Enterprise employees, customers, and partners desire
access to enterprise intranets anywhere and anytime. Unauthorized users or insecure access hosts
may threaten the security of these intranets.
Secure access VPNs were introduced to protect enterprise intranets against attacks and prevent
data theft.
SSL VPN is a type of secure access VPN technology. Based on the HTTPS protocol, SSL VPN
uses the data encryption, user identity authentication, and message integrity check mechanisms
of the SSL protocol to help ensure that remote access to enterprise intranets is safe and secure.
Purpose
An SSL VPN gateway is located at an intranet's edge, and works with the browsers installed on
remote terminals or clients downloaded using browsers to protect user data on the Internet.
Additionally, the SSL VPN gateway functions as the proxy to allow users to access internal
servers.
Benefits to Enterprises
Employees, customers, and partners can use various types of terminals to access an enterprise
intranet anytime and anywhere. The enterprise strictly controls access to the intranet based on
user privileges.
5.2 References
Document
Description
Remarks
RFC 2246
The TLS Protocol Version 1.0.
-
RFC 2817
Upgrading to TLS Within HTTP/
1.1
-
RFC 2818
HTTP Over TLS
-
5.3 Availability
Involved Network Element
Remote terminals, authentication server, and internal server
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
60
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
License Support
The SSL VPN function is used with a license. To use the SSL VPN function, apply for and
purchase the following license from the Huawei local office:
l
AR1200 Value-Added Security Package
NOTE
The maximum number of online SSL VPN users is limited by the license. The SSL VPN function has
multiple capacity licenses, which allow different numbers of access users. Select a capacity license
according to service requirements. The device supports a maximum of two online SSL VPN users without
a license.
Version Support
Product
Version
AR1200-S
V200R002C00
Feature Dependency
The SSL VPN function is independent of other features.
Hardware Support
If SSL encryption and decryption are implemented by software, a lot of CPU resources are
occupied. If they are implemented by hardware, the throughput for SSL VPN service will be
increased. The AR1200-S implements SSL encryption and decryption using software.
5.4 Principles
5.4.1 SSL
Overview
The Secure Sockets Layer (SSL) protocol is a cryptographic protocol that provides
communication security over the Internet. It allows a client and a server to communicate in a
way designed to prevent eavesdropping by authenticating the server or the client.
SSL and application layer protocols work independently. Connections of application layer
protocols such as HTTP and FTP can be established based on SSL handshakes. Before a client
and a server use an application layer protocol to communicate, SSL is used to determine
cryptography, negotiate a secret key, and authenticate the server. Data that is then transmitted
using the application layer protocol between the client and the server will be encrypted,
protecting privacy.
Similar to the IPSec protocol, SSL provides encryption and authentication. However, SSL
encrypts only the application data between two ends.
SSL has the following advantages:
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
61
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
l
Provides secure network transmission. It uses data encryption, authentication, and a
message integrity check to ensure secure data transmission over the network.
l
Supports various application layer protocols. SSL is originally designed for securing World
Wide Web traffic. As SSL functions between the application layer and the transport layer,
it secures data transmission based on TCP connections for any application layer protocol.
l
Is easy to deploy. Currently, SSL has become a world-wide communications standard for
authenticating website and web page users and encrypting data transmitted between
browser users and Web servers.
Security Mechanism
l
Connection privacy
SSL uses symmetric cryptography to encrypt data to be transmitted and the key exchange
algorithm Rivest Shamir and Adleman (RSA), which is one of asymmetric algorithms, to
encrypt the key used by the symmetric cryptography.
l
Identity authentication
Digital-signed certificates are used to authenticate a server and a client that attempt to
communicate with each other. Authenticating the client identity is optional. The SSL server
and client use the mechanism provided by the Public Key Infrastructure (PKI) to apply to
a CA for a certificate.
l
Message integrity
A keyed message authentication code (MAC) is used to verify message integrity during
transmission.
A MAC algorithm computes a key and arbitrary-length data to output a MAC.
– A message sender uses a MAC algorithm and a key to compute a MAC and adds it to
the end of the message before sending the message to the receiver.
– The receiver uses the same key and MAC algorithm to compute a MAC and compares
the computed MAC with the MAC in the received message.
If the two MACs are the same, the message has not been tampered during transmission. If
the two MACs are different, the message has been tampered during transmission, and the
receiver will discard this message.
Working Process
l
SSL protocol structure
As shown in Figure 5-1, SSL functions between the application layer and the transport
layer. It secures data transmission based on TCP connections for any application layer
protocol. SSL can be divided into two layers: lower layer with the SSL record protocol and
upper layer with the SSL handshake protocol, SSL change cipher spec protocol, and SSL
alert protocol.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
62
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
Figure 5-1 SSL protocol stack
HTTP or FTP application
SSL change
cipher spec
protocol
SSL
handshak
e protocol
SSL
alert
protocol
Application
layer
protocol
SSL record protocol
TCP
– SSL record protocol: divides upper-layer information blocks into records, computes and
adds MACs, encrypts records, and sends them to the receiver.
– SSL handshake protocol: negotiates a cipher suite including a symmetric encryption
algorithm, a key exchange algorithm, and a MAC algorithm, exchanges a shared secret
key securely between a server and a client, and authenticates the server and client. The
client and server establish a session using the SSL handshake protocol to negotiate
session parameters including the session identifier, peer certificate, cipher suite, and
master secret.
– SSL change cipher spec protocol: Is used by both the client and server to send a
ChangeCipherSpec message to notify the receiver that subsequent records will be
protected under the newly negotiated cipher suite and key.
– SSL alert protocol: allows one end to report alerts to the other. An alert message conveys
the severity of the message and a description of the alert.
l
SSL handshake process
The client and server negotiate session parameters during the SSL handshake process to
establish a session. Session parameters mainly include the session identifier, peer
certificate, cipher suite, and master secret. The master secret and cipher suite are used to
compute a MAC and encrypt data to be transmitted in this session.
The SSL handshake process varies according to the real-world situations. Handshake
processes in three situations are described as follows:
– SSL handshake process in which only the server is authenticated
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
63
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
Figure 5-2 SSL handshake process in which only the server is authenticated
Client
1
Server
ClientHello
ServerHello
2
Certificate
3
ServerHello Done
5
6
7
4
Client Key Exchange
Change Cipher Spec
Finished
Change Cipher Spec
Finished
8
9
As shown in Figure 5-2, only the SSL server but not the SSL client needs to be
authenticated. The SSL handshake process is as follows:
Issue 02 (2012-03-30)
1.
The SSL client sends a ClientHello message specifying supported SSL protocol
versions and cipher suites to the SSL server.
2.
The server responds with a ServerHello message, containing the protocol version
and cipher suite chosen from the choices offered by the client. If the server allows
this session to be resumed, the server sends the ServerHello message carrying a
session ID to the client.
3.
The server sends a Certificate message carrying its digital certificate with its public
key to the client.
4.
The server sends a ServerHelloDone message, indicating that the SSL protocol
version and cipher suite negotiation finishes and key information exchange starts.
5.
After verifying the validity of the digital certificate of the server, the client responds
with a ClientKeyExchange message carrying a randomly generated key (called the
master secret), which is encrypted using the public key of the server certificate.
6.
The client sends a ChangeCipherSpec message to notify the server that every
subsequent message will be encrypted and a MAC will be computed based on the
negotiated key and cipher suite.
7.
The client computes a hash for all the previous handshake messages except the
ChangeCipherSpec message, uses the negotiated key and cipher suite to process
the hash, and sends a Finished message containing the hash and MAC to the server.
The server computes a hash in the same way, decrypts the received Finished
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
64
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
message, and verifies the hash and MAC. If the verification succeeds, the key and
cipher suite negotiation is successful.
8.
The server sends a ChangeCipherSpec message to notify the client that every
subsequent message will be encrypted and a MAC will be computed based on the
negotiated key and cipher suite.
9.
The server computes a hash for all the previous handshake messages, uses the
negotiated key and cipher suite to process the hash, and sends a Finished message
containing the hash and MAC to the client. The client computes a hash in the same
way, decrypts the received Finished message, and verifies the hash and MAC. If
the verification succeeds, the key and cipher suite negotiation is successful.
After receiving the Finished message from the server, if the client successfully decrypts
the message, the client checks whether the server is the owner of the digital certificate.
Only the SSL server that has a specified private key can decrypt the ClientKeyExchange
message to obtain the master secret. In this process, the client authenticates the server.
NOTE
l The ChangeCipherSpec message is based on the SSL change cipher spec protocol, and other
messages exchanged in the handshake process are based on the SSL handshake protocol.
l Computing a hash means that a hash algorithm (MD5 or SHA) is used to convert an arbitrarylength message into a fixed-length message.
– SSL handshake verification
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
65
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
Figure 5-3 SSL handshake verification
Client
1
Server
ClientHello
ServerHello
2
Certificate
3
Certificate Request
Server Hello Done
6
7
8
9
10
4
5
Certificate
Client Key Exchange
Certificate Verify
Change Cipher Spec
Finished
Change Cipher Spec
Finished
11
12
– Whether to authenticate the SSL client is determined by the SSL server. As shown by
blue arrows in Figure 5-3, if the server needs to authenticate the client, the following
operations are required in addition to the SSL handshake process in which the client
authenticates the server:
1.
The server sends a CertificateRequest message to request the client to send its
certificate to the server.
2.
The client sends a Certificate message carrying its certificate and public key to the
server. After receiving the message, the server verifies the validity of the
certificate.
3.
The client computes a hash for the master secret over handshake messages,
encrypts the hash using its private key, and then sends a CertificateVerify message
to the server.
4.
The server computes a hash for the master secret over handshake messages,
decrypts the received CertificateVerify message using the public key in the client's
certificate, and compares the decrypted result with the computed hash. If the two
values are the same, the client is authenticated.
– SSL handshake process for resuming a session
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
66
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
Figure 5-4 SSL handshake process for resuming a session
Client
1
Server
ClientHello
ServerHello
3
4
2
Change Cipher Spec
Finished
ChangeCipherSpec
Finished
5
6
Asymmetric cryptography is used to encrypt keys and authenticate peer identities when
session parameters are being negotiated and a session is being established. The
computation workload is heavy, consuming a lot of system resources. To simplify the
SSL handshake process, SSL allows resumed handshakes, as shown in Figure 5-4. The
details are as follows:
1.
The client sends a ClientHello message. The session ID in this message is set to
the ID of the session to be resumed.
2.
If the server allows this session to be resumed, it replies with a ServerHello
message with the same session ID. After that, the client and server can use the key
and cipher suite of the resumed session without additional negotiation.
3.
The client sends a ChangeCipherSpec message to notify the server that every
subsequent message will be encrypted and a MAC will be computed based on the
key and cipher suite negotiated for the original session.
4.
The client computes a hash over handshake messages, uses the key and cipher suite
negotiated for the original session to process the hash, and then sends a Finished
message to the server so that the server can check whether the key and cipher suite
are correct.
5.
Similarly, the server sends a ChangeCipherSpec message to notify the client that
every subsequent message will be encrypted and a MAC will be computed based
on the key and cipher suite negotiated for the original session.
6.
The server computes a hash over handshake messages, uses the key and cipher
suite negotiated for the original session to process the hash, and then sends a
Finished message to the client so that the client can check whether the key and
cipher suite are correct.
5.4.2 HTTPS
HTTPS uses SSL to authenticate clients and servers and encrypt transmitted data for secure
communication.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
67
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
HTTP enables a device supporting the web management system to function as a web server.
Users can log in to this device using HTTP and manage the device on web pages. HTTP cannot
authenticate web servers or encrypt data, so it cannot protect data privacy or security. Therefore,
HTTPS is used on devices to provide encrypted communication and secure identification of web
servers.
As shown in Figure 5-5, an SSL policy is configured on the device (an HTTP server). After the
HTTPS server function is enabled on the device, users can use a web browser to log in to the
device (an HTTPS server) and manage the device on web pages.
Figure 5-5 Logging in to an HTTPS server through the web browser
Network
HTTP-Server
PC
NOTE
Before using the AR1200-S as an SSL VPN gateway, configure the AR1200-S as an HTTPS server. For details,
see "SSL Configuration" in the Huawei AR1200-S Series Enterprise Routers Configuration Guide - Security.
5.4.3 Roles of Users and Devices
Users
SSL VPN users are classified into administrators and users.
l
Administrators: manage the SSL VPN gateway, including creating virtual gateways,
managing users and resources on virtual gateways, and setting user access privileges.
l
Users: access internal servers with the privileges specified by administrators.
Devices
Figure 5-6 SSL VPN network
Remote terminal
Internet
LAN
Authentication
server
SSL VPN gateway
CA
Internal server
As shown in Figure 5-6, an SSL VPN system consists of the following devices:
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
68
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
l
Remote terminal: Administrators and users use remote terminals to connect to the enterprise
intranet. A terminal may be a computer, mobile phone, or PDA.
l
SSL VPN gateway: Administrators maintain user information and internal resources on the
gateway; users can view the accessible resources on the gateway. The gateway forwards
data between remote terminals and internal servers. Additionally, it sets up SSL connections
with remote terminals to ensure communication security.
l
Internal server: It can be a Web server, an FTP server, or any host on the intranet that
communicates with external users.
l
CA: A certificate authority (CA) issues a digital certificate with a public key to the SSL
VPN gateway. Remote terminals verify the gateway's identity by checking its CA
certificate. After the gateway is authenticated, remote terminals establish the SSL
connections with the gateway.
l
Authentication server: The SSL VPN can work with an external authentication server to
authenticate users.
5.4.4 Internal Resource Access Process
Figure 5-7 Internal resource access process
Remote terminal
Internal servers
SSL VPN gateway
Internet
LAN
(1) Set up an SSL
connection and open the
gateway login page
(2) Enter user name and
password. Open the web page
of the gateway
(3) View the resource list
(4) Select resource and send
access request through the
SSL connection
(5) Forward the access request
(7) Return a response through
the SSL connection
(6) Return a response
The process for accessing internal resources is illustrated in Figure 5-7 and described as follows:
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
69
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
l
A user enters an extranet interface address on the terminal. The SSL VPN gateway initiates
an SSL connection, and the terminal verifies the gateway's identity by checking its CA
certificate.
l
The user enters the user name and password and selects a virtual gateway on the login page
of the SSL VPN gateway. The SSL VPN gateway verifies the entered information to
authenticate the user. (The SSL VPN gateway is bound to an AAA domain, and the
authentication server in the AAA domain authenticates the user.)
The SSL VPN gateway returns the authentication result.
– If the user fails to be authenticated, a login failure message is displayed for the user.
– If the user is authenticated, a web page containing the resources that the user can access
is displayed.
l
The user views the displayed resources, such as Web servers and FTP servers.
l
The user selects the required resource and sends an access request to the SSL VPN gateway.
l
The SSL VPN gateway analyzes the access request, checks the user access privilege, and
forwards the request to the internal server.
l
The internal server sends a response to the SSL VPN gateway.
l
The SSL VPN gateway forwards the response to the user.
5.4.5 SSL VPN Service
The AR1200-S supports three service types as when it serves as an SSL VPN gateway: Web
proxy, port forwarding, and IP forwarding.
Web Proxy
The Web proxy service is based on the HTTPS protocol. Users access the internal Web server
through the SSL VPN gateway. The SSL VPN gateway functions as a proxy that forwards data
between users and the internal Web server. This function helps ensure that access to the internal
Web server is secure.
Figure 5-8 Web proxy process
Remote terminal
Internet
SSL VPN gateway
Web server
LAN
As shown in Figure 5-8, the SSL VPN gateway functions as a proxy.
l
After the SSL VPN gateway receives an HTTPS request from a user, it maps the URL in
the HTTPS request to an internal Web server and forwards the request to the Web server.
l
When receiving an HTTPS response, the gateway translates the URL in the response to its
own URL and forwards the modified HTTPS response to the user. Then all messages
between the user and internal server are forwarded by the gateway. This ensures secure
access to internal resources and controls access.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
70
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
Port Forwarding
The port forwarding function allows applications to access internal servers using TCP. Users
can access the TCP-based services on the intranet. The typical port forwarding services include
Telnet login, desktop sharing, and mailing.
To use the port forwarding service, users only need to install the client software on their terminals
to transmit application-layer data through SSL connections. The TCP program does not need to
be upgraded.
Figure 5-9 Port forwarding service process
SSL VPN gateway
Remote terminal
Internet
Application
Client
Application server
LAN
Gateway
Internal
server
(1) Set up a TCP
connection
TCP connection
setup
(2) Set up an SSL
connection and send
an HTTPS request
(3) Set up a TCP
connection
(4) TCP connection
is set up
(6) TCP connection
is set up
(7) Send
application-layer
data
(5) Return an HTTPS
response
Data
transmission
(8) Forward
application-layer
data through the
SSL connection
(9) Forward
application-layer
data through the
TCP connection
(10) Return a response
(12) Forward the
response
(11) Forward the
response through
the SSL connection
The process for the port forwarding service is illustrated in Figure 5-9 and described as follows:
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
71
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
1.
When a user opens a web page, the terminal automatically downloads the client software
from the SSL VPN gateway.
2.
The user starts a TCP application (for example, the remote access service). The client
software sets up an SSL connection with the SSL VPN gateway and sends an HTTPS
request to the gateway.
3.
The SSL VPN gateway sets up a TCP connection with the internal server that provides the
service required by the user.
4.
The access requests of the user are transmitted to the SSL VPN gateway through the SSL
connection. After obtaining the application-layer data, the gateway forwards the data to the
internal server through the TCP connection.
5.
After receiving the response from the internal server, the SSL VPN gateway forwards the
response to the terminal. The client software on the terminal forwards the response to the
application.
IP Forwarding
The IP forwarding function allows remote terminals to communicate with internal servers at the
network layer. For example, the remote terminals are allowed to ping internal servers.
To use the IP forwarding service, client software specific to the IP forwarding service must be
installed on the terminals. After the client software is installed, a virtual network adapter is also
installed on the terminal.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
72
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
Figure 5-10 IP forwarding service process
SSL VPN gateway
Remote
terminal
Internet
IP packet
sending/
receiving
Client/virtual
network adapter
Application
server
LAN
Gateway
Internal
server
(1) Set up an SSL
connection and send an
HTTPS request
Connection
setup
(2) Return an HTTPS
response
(3) Send packets
(4) Forward packets
through the SSL
connection
Data
transmission
(5) Forward IP packets
(6) Return an IP
response packet
(7) Send packet
through the SSL
connection
(8) Forward
packets
The process for the IP forwarding service is illustrated in Figure 5-10 and described as follows:
l
When a user opens a web page, the terminal automatically downloads the client software
from the SSL VPN gateway. The client sets up an SSL connection between the terminal
and gateway, requests an IP address for the virtual network adapter, and creates a route
with the virtual network adapter as the outbound interface.
l
The user starts an IP application (for example, pings an internal server). The IP packet is
sent to the virtual network adapter based on the IP route, and then the client software
encapsulates the IP packet into an HTTPS packet and sends the packet to the SSL VPN
gateway through the SSL connection.
l
After receiving the HTTPS packet, the SSL VPN gateway decapsulates it and sends the IP
packet to the internal server.
Issue 02 (2012-03-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
73
Huawei AR1200-S Series Enterprise Routers
Feature Description - VPN
5 SSL VPN
l
The internal server sends a response to the gateway, and the gateway encapsulates the
response packet and sends it to the terminal through the SSL connection.
l
The client software decapsulates the packet and forwards it to the terminal.
5.5 Application
5.5.1 Multi-User Remote Access
Figure 5-11 Multi-user remote access network
Marketing
personnel
Telnet server
FTP server
SSL VPN
gateway
Internet
Intranet
LAN
Customers
Remote
host
Web server
Partners
As shown in Figure 5-11, an enterprise network connects to the Internet using a Router as an
SSL VPN gateway. The marketing personnel on the external network, VIP customers, and
partners are allowed to access internal resources using the Router. These external users have
different access requirements.
Virtual gateways A, B, and C are created on the SSL VPN gateway to serve these external users.
The administrator allocates virtual gateway A to the marketing personnel and configures a
security policy on virtual gateway A, which allows marketing personnel to access only
authorized resources.
5.6 Terms, Acronyms, and Abbreviations
Abbreviations
Issue 02 (2012-03-30)
Abbreviation
Full Name
SSL
Security Socket Layer
TLS
Transport Layer Security
VPN
Virtual Private Network
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
74
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement