HTR_E_In_2SA_DspiDipsrc_3descbc - Host Transport Mode ESP Inbound 2 SA selection, Different SPI, Different IPsrc, ESP (3DES-CBC)
Host
HTR_E_In_2SA_DspiDipsrc_3descbc.seq [-tooloption ...] -pkt HTR_E_2SA_DspiDip_3descbc.def
-tooloption : v6eval tool option
See also HTR_E_common.def and HTR_common.def
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
NET5 NET3
HOST1_NET5 -- Router -- NUT
-----transport-----> (SA1)
HOST2_NET5
-----transport-----> (SA2)
Security Association Database (SAD) for SA1
source address |
HOST1_NET5 |
destination address |
NUT_NET3 |
SPI |
0x1000 |
mode |
transport |
protocol |
ESP |
ESP algorithm |
3DES-CBC |
ESP algorithm key |
TAHITEST89ABCDEFGHIJKLMN |
</TABLE> <P> Security Policy Database (SPD) for SA1 </P> <TABLE border=``1''> <TR> <TD>source address</TD> <TD><B>HOST1_NET5</B></TD></TR> <TR> <TD>destination address</TD> <TD>NUT_NET3</TD></TR> <TR> <TD>upper spec</TD> <TD>any</TD></TR> <TR> <TD>direction</TD> <TD>in</TD></TR> <TR> <TD>protocol</TD> <TD>ESP</TD></TR> <TR> <TD>mode</TD> <TD>transport</TD></TR> </TABLE> <P> Security Association Database (SAD) for SA2 </P> <TABLE border=``1''> <TR> <TD>source address</TD> <TD><B>HOST2_NET5</B></TD></TR> <TR> <TD>destination address</TD> <TD>NUT_NET3</TD></TR> <TR> <TD>SP/TD
<TD><B>0x2000</B></TD></TR> <TR> <TD>mode</TD> <TD>transport</TD></TR> <TR> <TD>protocol</TD> <TD>ESP</TD></TR> <TR> <TD>ESP algorithm</TD> <TD>3DES-CB/TD
</TR> <TR> <TD>ESP algorithm key</TD>
<TD>foo0foo1foo2foo3foo4foo5</TD></TR> </TABLE>
<P> Security Policy Database (SPD) for SA2 </P> <TABLE
border=``1''> <TR> <TD>source address</TD>
<TD><B>HOST2_NET5</B></TD></TR> <TR>
<TD>destination address</TD>
<TD>NUT_NET3</TD></TR> <TR> <TD>upper
spec</TD> <TD>any</TD></TR> <TR>
<TD>direction</TD> <TD>in</TD></TR>
<TR> <TD>protocol</TD>
<TD>ESP</TD></TR> <TR> <TD>mode</TD>
<TD>transport</TD></TR> </TABLE>
Tester Target
| |
|-------------------------->|
| ICMP Echo Request |
| From Host1 |
| (using SA1) |
| |
|<--------------------------|
| ICMP Echo Reply |
| To Host1 |
| |
| |
|-------------------------->|
| ICMP Echo Request |
| From Host2 |
| (using SA2) |
| |
|<--------------------------|
| ICMP Echo Reply |
| To Host2 |
| |
v v
- Send ICMP Echo Request using SA1 from Host1
- Receive ICMP Echo Reply to Host1
- Send ICMP Echo Request using SA2 from Host2
- Receive ICMP Echo Reply to Host2
ICMP Echo Request using SA1 from Host1
IP Header |
Source Address |
HOST1_NET5 |
|
Destination Address |
NUT_NET3 |
ESP |
SPI |
0x1000 |
|
Algorithm |
3DES-CBC |
|
Key |
TAHITEST89ABCDEFGHIJKLMN |
ICMP |
Type |
128 (Echo Request) |
ICMP Echo Reply to Host1
IP Header |
Source Address |
NUT_NET3 |
|
Destination Address |
HOST1_NET5 |
ICMP |
Type |
129 (Echo Reply) |
ICMP Echo Request using SA2 from Host2
IP Header |
Source Address |
HOST2_NET5 |
|
Destination Address |
NUT_NET3 |
ESP |
SPI |
0x2000 |
|
Algorithm |
3DES-CBC |
|
Key |
foo0foo1foo2foo3foo4foo5 |
ICMP |
Type |
128 (Echo Request) |
ICMP Echo Reply to Host2
IP Header |
Source Address |
NUT_NET3 |
|
Destination Address |
HOST2_NET5 |
ICMP |
Type |
129 (Echo Reply) |
PASS: Both ICMP Echo Reply (Host1, Host2) received
perldoc V6evalTool
IPSEC.html IPsec Test Common Utility