Module 145

Detailed IPSec Key Management

Complete Real-World Guide (2025) – Used by Banks, AWS, Google Cloud, Government, ISRO, NIC

One-Liner for Exam/Viva

IPSec does NOT invent keys — it uses IKE (Internet Key Exchange) to securely negotiate, authenticate, and refresh keys for AH/ESP.

Two Phases of IPSec Key Management

Phase	Name	Purpose	Authentication Methods	Lifetime	Real-Life Example
Phase 1	IKE SA (ISAKMP SA)	Create a secure tunnel to talk about IPSec	Pre-Shared Key, RSA/ECDSA certs, EAP	1–24 hours	Bank HQ ↔ Branch router authentication
Phase 2	IPSec SA (Child SA)	Actual data encryption/authentication keys	Derived from Phase 1	5 min–8 hours	Actual encrypted traffic (ESP/AH)

IKE Versions (2025 Reality)

Version	Status	Used In	Notes
IKEv1	Legacy, Insecure	Old Cisco routers	Avoid — many vulnerabilities
IKEv2	Current Standard	All modern systems (2025)	Only version you should use
IKEv3	Does NOT exist	—	—

IKEv2 Authentication Methods (Most Important Table)

Method	How It Works	Real-Life Use Case	Security Level
Pre-Shared Key (PSK)	Both sides type same password	Small offices, site-to-site VPN	Medium
RSA/ECDSA Certificates	X.509 certs (like HTTPS) + private key	Banks, AWS Direct Connect, Google Cloud	High
EAP-MSCHAPv2 / EAP-TLS	Username + Password or Certificate (for remote users)	Corporate VPN (Cisco AnyConnect, FortiClient)	High
EAP-SIM/AKA	Uses SIM card (5G)	Mobile operators	Very High

Full IKEv2 Key Exchange Flow (With Real Packet Names)

HQ Router (Initiator)                           Branch Router (Responder)
       │                                                  │
       │ HDR, SAi1, KEi, Ni                               │
       │─────────────────────IKE_SA_INIT────────────────►│
       │                                                  │
       │                               HDR, SAr1, KEr, Nr │
       │                               + (optional cert)  │
       │◄────────────────────IKE_SA_INIT────────────────│
       │                                                  │
       │ HDR, SK {IDi, [CERT,] AUTH, SAi2, TSi, TSr}      │
       │───────────────────IKE_AUTH────────────────────►│
       │                                                  │
       │               HDR, SK {IDr, [CERT,] AUTH, SAr2, TSi, TSr}
       │◄──────────────────IKE_AUTH─────────────────────│
       │                                                  │
       IKE SA now PROTECTED
       │                                                  │
       │ HDR, SK {SA, Ni, [KEi]}                         │
       │────────────────CREATE_CHILD_SA─────────────────►│  (New keys every 1 hr)
       │                                                  │
       │           HDR, SK {SA, Nr, [KEr]}               │
       │◄────────────────────────────────────────────────│

Real-Life Configuration (FortiGate/Palo Alto/Cisco Style)

# Example: Bank HQ to Branch IPSec VPN (IKEv2 + Certificate)
crypto ikev2 policy 1
 encryption aes-gcm-256
 prf sha384
 group 19            # ECDH 256-bit elliptic curve
 lifetime 86400

crypto ikev2 keyring BANK-KEYRING
 peer BRANCH
  address 203.0.113.50
  identity fqdn branch.bank.com
  pre-shared-key LocalOnlyForTesting!@#

crypto ikev2 profile BANK-PROFILE
 match identity remote fqdn branch.bank.com
 identity local fqdn hq.bank.com
 authentication local rsa-sig          # Uses certificate
 authentication remote rsa-sig
 keyring BANK-KEYRING
 dpd 10 3 on-demand

crypto ipsec transform-set BANK-SET esp-aes-256 esp-sha512-hmac
 mode tunnel

crypto map BANK-MAP 10 ipsec-isakmp
 set peer 203.0.113.50
 set ikev2-profile BANK-PROFILE
 set transform-set BANK-SET
 match address BANK-TRAFFIC-ACL

Best Practices (2025) – Write This in Exam

Parameter	Recommended Value (2025)	Reason
IKE Version	IKEv2 only	IKEv1 is dead
Authentication	ECDSA/P-384 certificates	Stronger & faster than RSA
Encryption (Phase 1 & 2)	AES-GCM-256 or ChaCha20-Poly1305	Authenticated encryption
DH Group	19 (ECDH 256-bit) or 14 (2048-bit)	Quantum-resistant in future
PRF	SHA-384 or SHA-512	Strong pseudorandom function
Lifetime (Phase 1)	24 hours	Balance between security & performance
Lifetime (Phase 2)	1–4 hours	Perfect Forward Secrecy
NAT-T	Enabled	Works behind home routers
DPD (Dead Peer Detection)	Enabled	Detect failed tunnels fast

Practical Lab Code – Generate Your Own IPSec-Compatible Keys & Certs

# generate_ipsec_certs_lab.py  ← Submit this in college lab
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
import datetime

# Generate ECDSA P-384 private key (modern standard)
private_key = ec.generate_private_key(ec.SECP384R1())

# Create self-signed CA cert for HQ
subject = issuer = x509.Name([
    x509.NameAttribute(NameOID.COUNTRY_NAME, "IN"),
    x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MyBank"),
    x509.NameAttribute(NameOID.COMMON_NAME, "hq.mybank.com")
])

cert = x509.CertificateBuilder().subject_name(subject)\
    .issuer_name(issuer)\
    .public_key(private_key.public_key())\
    .serial_number(x509.random_serial_number())\
    .not_valid_before(datetime.datetime.utcnow())\
    .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=3650))\
    .add_extension(x509.SubjectAlternativeName([x509.DNSName("hq.mybank.com")]), critical=False)\
    .sign(private_key, hashes.SHA384())

# Save in format used by real routers
with open("hq.mybank.com.key", "wb") as f:
    f.write(private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=serialization.NoEncryption()
    ))

with open("hq.mybank.com.crt", "wb") as f:
    f.write(cert.public_bytes(serialization.Encoding.PEM))

print("IPSec-ready ECDSA certificate generated for hq.mybank.com")
print("Use this with FortiGate, Palo Alto, Cisco ASR, AWS VPN")

Summary Table (Exam-Ready)

Component	Purpose	2025 Best Choice
IKE Version	Key negotiation protocol	IKEv2 only
Authentication	Prove who you are	ECDSA certificates
Encryption	Protect data	AES-GCM-256
Integrity	Detect tampering	Built-in with GCM (no separate HMAC)
DH Group	Perfect Forward Secrecy	Curve25519 or group 19
Phase 1 Lifetime	IKE SA refresh	24 hours
Phase 2 Lifetime	Data keys refresh	1 hour
Used By	Banks, Cloud, Government, ISPs	Everyone serious about security

Remember this line in interview:

“IPSec key management is done via IKEv2 using ECDSA certificates with AES-GCM and Curve25519 — providing both authentication and perfect forward secrecy, as used by all major cloud providers and banks in 2025.”

You now have complete, real-world, production-grade knowledge of IPSec key management — enough for:

CCNA/CCNP Security
Fortinet NSE 7
Palo Alto PCNSE
Bank/DRDO/ISRO interviews
University lab & exam

Use this + the code → 100% marks guaranteed!