Wednesday, February 3, 2016

IKEv1 aggresive mode

I know that IKEv2 is getting popular but still IKEv1 has a huge presence in production networks. There are many reasons but I’m not going to focus on them. I would rather focus on one issue I see from time to time: ikev1 and an aggressive mode. Just to remind you, there are two modes of ikev1: aggressive and main. The first one is much faster, only three messages are exchanged, but it isn’t secure as the main mode (with six messages). The main problem with the aggressive mode is the first two messages  contain data which may help to perform attack on your VPN.

For this test I set up VPN on ASA with ‘aggressive mode’ enabled:

ciscoasa# sh run crypto
crypto ipsec ikev1 transform-set TS esp-3des esp-md5-hmac
crypto map MAPA 10 match address ACL
crypto map MAPA 10 set peer 192.168.111.128
crypto map MAPA 10 set ikev1 transform-set TS
crypto map MAPA interface inside
crypto ikev1 enable inside
crypto ikev1 policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
ciscoasa#
ciscoasa# sh run tunnel
tunnel-group 192.168.111.128 type ipsec-l2l
tunnel-group 192.168.111.128 ipsec-attributes
 ikev1 pre-shared-key *****
ciscoasa#

To be 100% sure the aggressive mode is enabled:

ciscoasa(config)# no crypto ikev1 am-disable

There is one tool, quite old but still very useful: ike-scan  



Let’s try to scan my ASA:

 
 

You can use the flag ‘-P’ to see hash of the PSK:



The flag ‘-P’ is valid only with the aggressive mode as the main mode doesn’t reply with hash in 2nd message. You can also save the hash directly to the file (‘-Pfilename.txt), what is useful when you run a script:



 As we can see the file contain the hash:

  
Then we can use another tool (psk-crack) to decode the hash. It took just 10 minutes to find the pre-share-key: