After the tunnel is secured and authenticated, in Phase 2 the channel is further secured
for the transfer of data between the networks. IKE Phase 2 uses the keys that were
established in Phase 1 of the process and the IPSec Crypto profile, which defines the
IPSec protocols and keys used for the SA in IKE Phase 2.
The IPSec uses the following protocols to enable secure communication:
Encapsulating Security Payload (ESP)—Allows you to encrypt the entire IP packet,
and authenticate the source and verify the integrity of the data. While ESP
requires that you encrypt and authenticate the packet, you can choose to only
encrypt or only authenticate by setting the encryption option to Null; using
encryption without authentication is discouraged.
Authentication Header (AH)—Authenticates the source of the packet and verifies
data integrity. AH doesn’t encrypt the data payload and is unsuited for
deployments where data privacy is important. AH is commonly used when the main
concern is to verify the legitimacy of the peer, and data privacy isn’t
required.
Algorithms Supported for IPSec Authentication and Encryption
ESP
AH
Diffie-Hellman
(DH) exchange options supported
Group 1—768 bits
Group 2—1024 bits (default)
Group 5—1536 bits
Group 14—2048 bits
(PAN-OS
10.2.0 and later releases) Group
15—3072-bit modular exponential group
(PAN-OS
10.2.0 and later releases) Group
16—4096-bit modular exponential group
Group 19—256-bit elliptic curve group
Group 20—384-bit elliptic curve group
(PAN-OS
10.2.0 and later releases) Group
21—512-bit random elliptic curve group
no-pfs—By default, perfect forward secrecy is enabled, which
means a new DH key is generated in IKE phase 2 using one of
the groups listed above. This key is independent of the keys
exchanged in IKE phase1 and provides better data transfer
security. If you select no-pfs, the DH key created at phase
1 isn’t renewed and a single key is used for the IPSec SA
negotiations. Both VPN peers must be enabled or disabled for
PFS.
Encryption
algorithms supported
des
(PAN-OS 10.1.0 and earlier releases) Data Encryption
Standard (DES) with the security strength of 56 bits.
3des
Triple Data Encryption Standard (3DES) with a security strength of
112
bits.
aes-128-cbc
Advanced Encryption Standard (AES) using cipher block chaining (CBC)
with a security strength of 128
bits.
aes-192-cbc
AES using CBC with a security strength of 192
bits.
aes-256-cbc
AES using CBC with a security strength of 256
bits.
aes-128-ccm
AES using Counter with CBC-MAC (CCM) with a security strength of 128
bits.
aes-128-gcm
AES using Galois/Counter Mode (GCM) with a security strength of 128
bits.
aes-256-gcm
AES using GCM with a security strength of 256
bits.
Authentication
algorithms supported
md5
md5
sha 1
sha 1
sha 256
sha 256
sha 384
sha 384
sha512
sha 512
Methods of Securing IPSec VPN Tunnels (IKE Phase 2)
IPSec VPN tunnels can be secured using manual keys or auto keys. In addition, IPSec
configuration options include a Diffie-Hellman Group for key agreement, an
encryption algorithm, and a hash for message authentication.
Manual Key—Manual key is typically used if the Palo Alto Networks
firewall is establishing a VPN tunnel with a legacy device, or if you want
to reduce the overhead of generating session keys. If using manual keys, the
same key must be configured on both peers.
Manual keys aren’t recommended for establishing a VPN tunnel because the
session keys can be compromised when relaying the key information between
the peers; if the keys are compromised, the data transfer is no longer
secure.
Auto Key— Auto Key allows you to generate keys automatically for
setting up and maintaining the IPSec tunnel based on the algorithms defined
in the IPSec Crypto profile.