Select Page

IPsec VPN With Manual Keying Decryption

by | 3-May-2021 | Cisco, Security, VPN

Applied version

  • R2 R4
    • Cisco IOS version 15.6(2)T

Encrypted Packets (Figure 1)

 

IPsec parameters used (Figure 2)

  • R2 outbound esp 1000 (0x3E8)
    • ESP-3DES ESP-MD5-HMAC
    • Cipher dcba0987654321dcba0987654321dcba0987654321111111
    • Authenticator aaaaaaaabbbbbbbbccccccccdddddddd
  • R2 inbound esp 1001 (0x3E9)
    • ESP-3DES ESP-MD5-HMAC
    • Cipher 1234567890abcd1234567890abcd1234567890abcd111111
    • Authenticator 11223344556677889900aabbccddeeff

 

How decrypt using Wireshark (Figure 3)

  • Wireshark: Edit > Preferences > Protocols > ESP
    • Enable: Attempt to detect/decode encrypted ESP payloads
    • ESP SAs > Edit
  • R2 to R4
    • Protocol: IPv4, Src IP: 2.2.2.2, Dest IP: 4.4.4.4, SPI: 0x000003e8
    • Encryption: TripleDES-CBC
    • Encryption Key: 0xdcba0987654321dcba0987654321dcba0987654321111111
    • Authentication: HMAC-MD5-96
    • Authentication Key: 0xaaaaaaaabbbbbbbbccccccccdddddddd
  • R4 to R2
    • Protocol: IPv4, Src IP: 4.4.4.4, Dest IP: 2.2.2.2, SPI: 0x000003e9
    • Encryption: TripleDES-CBC
    • Encryption Key: 0x1234567890abcd1234567890abcd1234567890abcd111111
    • Authentication: HMAC-MD5-96
    • Authentication Key: 0x11223344556677889900aabbccddeeff

 

Decrypted packets (Figure 4)

Recent Comments

    0 Comments

    Submit a Comment

    Your email address will not be published. Required fields are marked *