IKE Aggressive Mode Vulnerabilities

The Internet Key Exchange (IKE) protocol provides a negotiation mechanism that allows an initiator to establish an encrypted session with a responder. This protocol is used by many firewall and Virtual Private Network (VPN) products.

By design, the IKE protocol does not encrypt the identities of the initiator or responder when Aggressive Mode is used for shared secret authentication. Devices that implement this protocol as specified will leak username information while negotiating IKE sessions.

Users of VPN-1 NG with Application Intelligence R55W and InterSpect who have applied the solution outlined below, will identify attack attempts to exploit this vulnerability by the following SmatView Tracker logging entries:

Attack Name: VPN Protocol Enforcement Violation
Attack Information: IKE Aggressive Packet Detected

Users of R55:

Users of VPN-1 NG AI R55 will identify dropped logs with rule number 99500 on the log viewer.

Users of VPN-1 NG AI R55, R55W and InterSpect should update their SmartDefense by pressing the Update Now button in the SmartDefense general tab.

To activate the protection (R55, R55W and InterSpect):

1. From the SmartDefense menu, select Application Intelligence > VPN Protocols > Block IKE aggressive exchange.

   

2. Install policy on all modules.