Cryptography is the backbone of secure network communications, yet it's often the most misunderstood topic for CCNA candidates. On the 200-301 exam, objective 5.5 requires you to understand how encryption, hashing, and digital signatures protect data in transit and at rest. As a network engineer, you'll configure VPNs, SSH, and secure management protocols daily—knowing the 'why' behind the algorithms is just as important as the CLI commands. This chapter demystifies cryptography fundamentals with a focus on what you need for the exam and real-world deployment.
Jump to a section
Imagine you need to send a sensitive document from New York to London using a courier. You have a briefcase with a lock, but the courier doesn't have a key—only you and the recipient do. This is symmetric encryption: both sides share the same key (the lock combination) to lock and unlock the briefcase. But how do you securely share that combination with the recipient without the courier intercepting it? Enter asymmetric encryption: you send the recipient an open briefcase with a special lock that only you can unlock (your private key). The recipient places their own lock on the briefcase (their public key), so now only they can open it. This hybrid approach uses asymmetric encryption to exchange a symmetric session key, then uses symmetric encryption for the bulk data transfer—just like how TLS works. Hashing is like a tamper-evident seal: you compute a unique checksum (hash) of the document before sending. If the seal is broken (hash doesn't match), the recipient knows the document was altered. Digital signatures combine hashing with asymmetric encryption: you encrypt the hash with your private key. The recipient decrypts it with your public key and compares the hash to verify both authenticity and integrity.
What is Cryptography and Why Does It Matter?
Cryptography is the practice of securing communication by converting plaintext into ciphertext (encryption) and back (decryption). In networking, it ensures: - Confidentiality: Only authorized parties can read the data. - Integrity: Data hasn't been altered in transit. - Authentication: The sender is who they claim to be. - Non-repudiation: The sender cannot deny sending the message.
For CCNA 200-301, you need to understand how these principles apply to protocols like SSH, IPsec, and TLS. Cisco devices use cryptography for secure remote access (SSH), VPNs (IPsec), and management plane protection.
Symmetric vs. Asymmetric Encryption
Symmetric Encryption uses a single shared key for both encryption and decryption. It's fast and efficient for bulk data but has a key distribution problem: how do you securely share the key? Common algorithms include:
AES (Advanced Encryption Standard): Key sizes 128, 192, 256 bits. AES-128 is the minimum for CCNA.
DES (Data Encryption Standard): 56-bit key, considered insecure. Avoid.
3DES (Triple DES): 168-bit key, slower, deprecated in modern networks.
Asymmetric Encryption uses a pair of keys: a public key (shared openly) and a private key (kept secret). Data encrypted with one key can only be decrypted with the other. It solves key distribution but is computationally expensive. Common algorithms:
RSA (Rivest-Shamir-Adleman): Key sizes 1024, 2048, 4096 bits. 2048-bit is standard.
Diffie-Hellman (DH): Used for key exchange, not encryption. DH groups define key strength (Group 1: 768-bit, Group 2: 1024-bit, Group 14: 2048-bit, Group 19: 256-bit ECDHE).
ECC (Elliptic Curve Cryptography): Faster and stronger per bit than RSA. Used in modern VPNs.
Hashing and Digital Signatures
Hashing is a one-way function that produces a fixed-size output (hash) from any input. It's used for integrity verification and password storage. Common algorithms:
MD5: 128-bit hash, deprecated due to collisions.
SHA-1: 160-bit hash, deprecated.
SHA-2: Family including SHA-256 (256-bit), SHA-384 (384-bit), SHA-512 (512-bit). SHA-256 is the minimum for CCNA.
Digital Signatures combine hashing with asymmetric encryption. The sender hashes the message and encrypts the hash with their private key. The recipient decrypts the hash with the sender's public key and compares it to a freshly computed hash. If they match, the message is authentic and unaltered.
HMAC (Hash-based Message Authentication Code)
HMAC uses a shared secret key combined with a hash function to provide integrity and authenticity. Unlike digital signatures, HMAC is symmetric—both sides know the key. It's used in IPsec and TLS. Common HMAC variants: HMAC-MD5, HMAC-SHA-1, HMAC-SHA-256.
Key Exchange and Diffie-Hellman
Diffie-Hellman (DH) allows two parties to securely agree on a shared symmetric key over an insecure channel. It uses modular exponentiation. The process: 1. Both parties agree on a large prime p and a generator g (public values). 2. Each chooses a private random number (a and b). 3. They compute public values: A = g^a mod p, B = g^b mod p. 4. They exchange A and B. 5. Each computes the shared secret: s = B^a mod p = A^b mod p.
An eavesdropper sees p, g, A, B but cannot compute s without solving the discrete logarithm problem.
Perfect Forward Secrecy (PFS)
PFS ensures that if a long-term private key is compromised, past session keys are not exposed. It's achieved by using ephemeral Diffie-Hellman (DHE or ECDHE) where the DH keys are generated per session and discarded. IPsec with PFS adds an additional DH exchange during rekeying.
Cisco IOS Cryptography Commands
To generate an RSA key pair for SSH:
Router(config)# crypto key generate rsa general-keys modulus 2048To verify:
Router# show crypto key mypubkey rsaTo configure SSH:
Router(config)# ip domain-name example.com
Router(config)# crypto key generate rsa
Router(config)# line vty 0 15
Router(config-line)# transport input ssh
Router(config-line)# login localTo view SSH status:
Router# show ip sshFor IPsec, you configure ISAKMP (IKE) and IPsec transform sets. Example IKE policy:
Router(config)# crypto isakmp policy 10
Router(config-isakmp)# encryption aes 256
Router(config-isakmp)# hash sha256
Router(config-isakmp)# authentication pre-share
Router(config-isakmp)# group 14
Router(config-isakmp)# lifetime 86400Interaction with Related Protocols
SSH: Uses RSA for host authentication and Diffie-Hellman for key exchange. Symmetric encryption (AES) protects the session.
IPsec: Uses IKE (UDP 500) for key exchange and IPsec transform sets for encryption (ESP) and authentication (AH). ESP encrypts and optionally authenticates payloads.
TLS/SSL: Uses RSA or ECDHE for key exchange, symmetric encryption (AES-GCM) for data, and HMAC for integrity.
802.1X: Uses EAP-TLS with certificates for authentication, often relying on RSA.
Common Pitfalls
Using weak keys: DES, MD5, SHA-1 are deprecated. Use AES-256, SHA-256, DH Group 14 or higher.
Not enabling PFS: Without PFS, if the private key is stolen, all past sessions can be decrypted.
Mismatched parameters: VPN tunnels fail if encryption, hash, or DH groups don't match on both sides.
Generate RSA key pair
On a Cisco router, the first step to enable SSH is generating an RSA key pair. Use the command `crypto key generate rsa general-keys modulus 2048`. The modulus determines key strength; 2048 bits is the minimum for security. This command creates a public/private key pair stored in NVRAM. The router uses the private key to prove its identity and the public key is shared with clients. If you skip domain name configuration (`ip domain-name`), the command will fail. After generation, verify with `show crypto key mypubkey rsa`.
Configure SSH server
Enable SSH on the VTY lines: `line vty 0 15` then `transport input ssh`. Also configure local authentication: `username admin secret cisco` and `login local`. Optionally set SSH version: `ip ssh version 2`. SSHv2 is more secure than v1. Use `ip ssh time-out 60` and `ip ssh authentication-retries 2` to set timeouts. Verify with `show ip ssh` which displays version, timeout, and authentication retries.
Configure ISAKMP policy for IPsec
For site-to-site VPN, define an IKE policy: `crypto isakmp policy 10`. Set parameters: `encryption aes 256`, `hash sha256`, `authentication pre-share`, `group 14`, `lifetime 86400`. These must match on both peers. Group 14 uses 2048-bit DH. The pre-shared key is configured with `crypto isakmp key cisco123 address 10.1.1.1`. Verify with `show crypto isakmp policy`.
Define IPsec transform set
Transform sets define encryption and authentication for ESP: `crypto ipsec transform-set MYSET esp-aes 256 esp-sha256-hmac`. This uses AES-256 encryption and SHA-256 HMAC for integrity. You can also use `esp-aes 128` or `esp-3des`. Mode is transport or tunnel; for site-to-site, use tunnel mode (default). Verify with `show crypto ipsec transform-set`.
Create crypto ACL and map
An ACL defines interesting traffic to encrypt: `access-list 100 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255`. Then create a crypto map: `crypto map MYMAP 10 ipsec-isakmp`. Inside, set peer: `set peer 10.2.2.2`, transform-set: `set transform-set MYSET`, match address: `match address 100`. Apply to interface: `interface GigabitEthernet0/0` then `crypto map MYMAP`.
Verify IPsec tunnel
Use `show crypto isakmp sa` to see IKE phase 1 status (MM_ACTIVE means established). `show crypto ipsec sa` displays IPsec phase 2 security associations, including encryption and hash algorithms, packet counts, and lifetime. Look for `encaps: 0` and `decaps: 0` — if non-zero, traffic is encrypting. `ping` from a source behind the VPN to trigger traffic. Troubleshoot with `debug crypto isakmp` and `debug crypto ipsec`.
Scenario 1: Secure Remote Management with SSH
A large enterprise with hundreds of routers and switches needs to replace Telnet with SSH for remote CLI access. The network engineer configures AAA (TACACS+ or RADIUS) for centralized authentication, but SSH requires RSA keys on each device. On older hardware, generating 2048-bit keys may take minutes; for thousands of devices, automation scripts (e.g., Ansible) push configurations. The engineer sets ip ssh version 2 and disables Telnet on VTY lines. Common mistake: forgetting to configure a domain name before key generation—the command fails silently. Performance is not an issue because SSH uses minimal CPU after session establishment. If a device runs out of RSA key storage (rare), the engineer must delete old keys: crypto key zeroize rsa.
Scenario 2: Site-to-Site IPsec VPN Between Branches
A company has a main office and 50 branch offices connected via VPN over the internet. The engineer configures IKE policies with AES-256, SHA-256, DH Group 14, and pre-shared keys. For scalability, they use a dynamic crypto map for branches with dynamic IPs, but static maps for main office. They enable Dead Peer Detection (DPD) to detect tunnel failures: crypto isakmp keepalive 10 3 periodic. Without DPD, a tunnel may appear up but actually be dead. They also configure PFS (group 14) in the transform set: set pfs group14. If a branch has a NAT device, they need to enable NAT-T: crypto isakmp nat-traversal 20. Misconfiguration example: mismatch in DH group causes IKE to fail—debug crypto isakmp shows 'no acceptable policy'.
Scenario 3: Certificate-Based Authentication for VPN
A financial institution requires stronger authentication than pre-shared keys. They deploy a PKI with a private CA. On Cisco routers, the engineer enrolls certificates: crypto pki trustpoint CA then enrollment url http://ca-server. After enrollment, they configure ISAKMP with authentication rsa-sig. The router uses its certificate to authenticate. Common pitfall: clock not synchronized—certificates are time-sensitive. NTP must be configured. Also, CRL (Certificate Revocation List) checking can cause delays; engineers often disable CRL for performance in lab environments but not in production.
What CCNA 200-301 Tests on Cryptography
Objective 5.5 covers the fundamentals: symmetric vs asymmetric encryption, hashing, digital signatures, and their application in SSH, IPsec, and TLS. Expect 3-5 questions. Key areas:
- Algorithm strengths: Know that AES-128 is the minimum encryption, SHA-256 minimum hash, DH Group 14 minimum for key exchange. DES and MD5 are insecure.
- SSH configuration: Commands ip domain-name, crypto key generate rsa, transport input ssh, ip ssh version 2. Show commands: show ip ssh, show crypto key mypubkey rsa.
- IPsec phases: IKE phase 1 (ISAKMP) for key exchange, phase 2 (IPsec) for data encryption. Know main mode vs aggressive mode (main is default, aggressive is faster but less secure).
- Digital signatures vs HMAC: Digital signatures use asymmetric keys (non-repudiation), HMAC uses symmetric keys (no non-repudiation).
Common Wrong Answers and Why
"DES is still acceptable for legacy compatibility" — Cisco exams treat DES as insecure and not recommended. Always choose AES.
"SSH uses RSA for encryption" — SSH uses RSA for host authentication and DH for key exchange; the session is encrypted with symmetric AES.
"HMAC provides non-repudiation" — HMAC is symmetric, so both parties can create the same MAC. Non-repudiation requires asymmetric digital signatures.
"IKE phase 2 uses ISAKMP" — IKE phase 1 uses ISAKMP (UDP 500) to establish the IKE SA; phase 2 uses IPsec (ESP or AH) to protect data.
Specific Values and Commands to Memorize
RSA modulus: 2048 bits minimum.
DH groups: Group 14 (2048-bit) is the minimum for CCNA.
IKE lifetime: default 86400 seconds (24 hours).
IPsec lifetime: default 3600 seconds (1 hour) or 4608000 KB.
SSH version: 2.
show crypto isakmp sa — look for MM_ACTIVE.
show crypto ipsec sa — look for encaps/decaps packet counts.
Decision Rule for Scenario Questions
If a question asks which algorithm to use for a secure VPN, eliminate DES, MD5, SHA-1, DH Group 1, and RSA 512. Choose AES-256, SHA-256, DH Group 14 or higher. For integrity without non-repudiation, choose HMAC-SHA-256. For non-repudiation, choose digital signatures (RSA).
Symmetric encryption uses one shared key; asymmetric uses public/private key pair.
AES-128 is the minimum symmetric encryption; DES and 3DES are deprecated.
SHA-256 is the minimum hash algorithm; MD5 and SHA-1 are insecure.
Diffie-Hellman Group 14 (2048-bit) is the minimum for key exchange.
SSH uses RSA for host authentication and DH for key exchange; session encrypted with AES.
IKE phase 1 (UDP 500) establishes ISAKMP SA; IKE phase 2 (ESP) encrypts data.
HMAC provides integrity and authenticity but not non-repudiation.
Perfect Forward Secrecy (PFS) ensures past sessions remain secure if private key is compromised.
These come up on the exam all the time. Here's how to tell them apart.
Symmetric Encryption
Single shared key for encryption and decryption
Fast and efficient for bulk data
Key distribution is a challenge
Examples: AES, DES, 3DES
Used for data encryption in TLS, IPsec, SSH
Asymmetric Encryption
Public/private key pair
Slow, used for key exchange or digital signatures
No key distribution problem but requires PKI
Examples: RSA, Diffie-Hellman, ECC
Used for key exchange, authentication, non-repudiation
Mistake
SSH encrypts the entire session using RSA public key encryption.
Correct
SSH uses RSA only for host authentication and Diffie-Hellman for key exchange; the actual session is encrypted with a symmetric cipher like AES.
Candidates confuse the role of RSA because SSH uses RSA keys for identity, but bulk encryption is always symmetric for performance.
Mistake
MD5 is still acceptable for integrity checks in modern networks.
Correct
MD5 is considered broken due to collision attacks; SHA-256 or higher is required for security.
MD5 was widely used for years and some older documentation still references it, but the exam expects modern standards.
Mistake
Digital signatures and HMAC provide the same level of security.
Correct
Digital signatures use asymmetric keys and provide non-repudiation; HMAC uses symmetric keys and does not provide non-repudiation.
Both provide integrity and authenticity, but the key management differs; candidates overlook the non-repudiation aspect.
Mistake
IPsec IKE phase 2 uses ISAKMP to negotiate IPsec SAs.
Correct
IKE phase 1 uses ISAKMP (UDP 500) to establish the IKE SA; phase 2 uses IPsec (ESP or AH) and is protected by the IKE SA.
The acronyms are confusing: ISAKMP is part of IKE phase 1, not phase 2.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Encryption is a two-way function: you can encrypt plaintext to ciphertext and decrypt back to plaintext using a key. Hashing is one-way: you cannot reverse a hash to the original input. Encryption provides confidentiality; hashing provides integrity. On the exam, know that MD5 and SHA are hashes, AES and DES are encryption. Also note that hashing does not use a key (unless HMAC).
RSA can encrypt a symmetric key, but it does not provide Perfect Forward Secrecy (PFS) by itself. Diffie-Hellman allows two parties to agree on a shared secret without transmitting it, and with ephemeral keys (DHE/ECDHE), it provides PFS. Even if an attacker steals the RSA private key, they cannot decrypt past sessions if DH was used. On the exam, know that DH is for key agreement, RSA is for encryption/signing.
The crypto ACL (access-list) defines which traffic should be encrypted by the IPsec tunnel. It is applied using the 'match address' command in the crypto map. Only traffic matching the permit statements will be encrypted. It does not filter traffic like a regular ACL; it's just a selector. Common mistake: thinking the ACL is applied to the interface for filtering—it is not; it's only used by the crypto engine.
On the client side, you can use 'ssh -v' verbose mode to see the key exchange and encryption algorithm. On the Cisco router, use 'show ssh' to see active sessions and 'show ip ssh' to see the server configuration. The output includes the encryption algorithm (e.g., aes256-ctr). If you see 'none' or 'des', the session is not secure. The exam may ask which command shows the encryption algorithm—'show ip ssh' does not show per-session details; 'show ssh' does.
ESP (Encapsulating Security Payload) provides encryption (confidentiality) and optionally authentication. AH (Authentication Header) provides authentication and integrity but no encryption. In practice, ESP is almost always used because confidentiality is needed. AH is rarely used because it does not work with NAT (AH authenticates IP headers, which NAT changes). On the exam, know that ESP encrypts the payload and uses protocol number 50; AH uses protocol 51.
Yes, Cisco routers can use the same RSA key pair for multiple services. The key pair is stored in NVRAM and used for SSH, IPsec with certificates, and HTTPS. However, for security, some engineers generate separate keys for different services. The command 'crypto key generate rsa' creates a general-purpose key. To view all keys, use 'show crypto key mypubkey rsa'.
A transform set defines the encryption and authentication algorithms for the IPsec SA (phase 2). For example, 'crypto ipsec transform-set MYSET esp-aes 256 esp-sha256-hmac' specifies AES-256 encryption and SHA-256 HMAC for integrity. The transform set is applied to a crypto map. Both peers must have matching transform sets. The exam may ask which command defines the encryption algorithm—it's the transform set, not the ISAKMP policy.
You've just covered Cryptography Basics for CCNA — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?