NAME

  HTR_E_In_2SA_DspiDipsrc_3descbc - Host Transport Mode ESP Inbound 2 SA selection, Different SPI, Different IPsrc, ESP (3DES-CBC)

TARGET

  Host

SYNOPSIS

  HTR_E_In_2SA_DspiDipsrc_3descbc.seq [-tooloption ...] -pkt HTR_E_2SA_DspiDip_3descbc.def
    -tooloption : v6eval tool option
  See also HTR_E_common.def and HTR_common.def

INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

              NET5      NET3
    HOST1_NET5 -- Router -- NUT
         -----transport-----> (SA1)
    HOST2_NET5
         -----transport-----> (SA2)

Security Association Database (SAD) for SA1

</TABLE> <P> Security Policy Database (SPD) for SA1 </P> <TABLE border=``1''> <TR> <TD>source address</TD> <TD><B>HOST1_NET5</B></TD></TR> <TR> <TD>destination address</TD> <TD>NUT_NET3</TD></TR> <TR> <TD>upper spec</TD> <TD>any</TD></TR> <TR> <TD>direction</TD> <TD>in</TD></TR> <TR> <TD>protocol</TD> <TD>ESP</TD></TR> <TR> <TD>mode</TD> <TD>transport</TD></TR> </TABLE> <P> Security Association Database (SAD) for SA2 </P> <TABLE border=``1''> <TR> <TD>source address</TD> <TD><B>HOST2_NET5</B></TD></TR> <TR> <TD>destination address</TD> <TD>NUT_NET3</TD></TR> <TR> <TD>SP/TD <TD><B>0x2000</B></TD></TR> <TR> <TD>mode</TD> <TD>transport</TD></TR> <TR> <TD>protocol</TD> <TD>ESP</TD></TR> <TR> <TD>ESP algorithm</TD> <TD>3DES-CB/TD</TR> <TR> <TD>ESP algorithm key</TD> <TD>foo0foo1foo2foo3foo4foo5</TD></TR> </TABLE> <P> Security Policy Database (SPD) for SA2 </P> <TABLE border=``1''> <TR> <TD>source address</TD> <TD><B>HOST2_NET5</B></TD></TR> <TR> <TD>destination address</TD> <TD>NUT_NET3</TD></TR> <TR> <TD>upper spec</TD> <TD>any</TD></TR> <TR> <TD>direction</TD> <TD>in</TD></TR> <TR> <TD>protocol</TD> <TD>ESP</TD></TR> <TR> <TD>mode</TD> <TD>transport</TD></TR> </TABLE>

TEST PROCEDURE

 Tester                      Target
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |        From Host1         |
   |        (using SA1)        |
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |         To Host1          |
   |                           |
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |        From Host2         |
   |        (using SA2)        |
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |         To Host2          |
   |                           |
   v                           v
  1. Send ICMP Echo Request using SA1 from Host1
  2. Receive ICMP Echo Reply to Host1
  3. Send ICMP Echo Request using SA2 from Host2
  4. Receive ICMP Echo Reply to Host2

ICMP Echo Request using SA1 from Host1

source address HOST1_NET5
destination address NUT_NET3
SPI 0x1000
mode transport
protocol ESP
ESP algorithm 3DES-CBC
ESP algorithm key TAHITEST89ABCDEFGHIJKLMN
IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
ESP SPI 0x1000
Algorithm 3DES-CBC
Key TAHITEST89ABCDEFGHIJKLMN
ICMP Type 128 (Echo Request)

ICMP Echo Reply to Host1

IP Header Source Address NUT_NET3
Destination Address HOST1_NET5
ICMP Type 129 (Echo Reply)

ICMP Echo Request using SA2 from Host2

IP Header Source Address HOST2_NET5
Destination Address NUT_NET3
ESP SPI 0x2000
Algorithm 3DES-CBC
Key foo0foo1foo2foo3foo4foo5
ICMP Type 128 (Echo Request)

ICMP Echo Reply to Host2

IP Header Source Address NUT_NET3
Destination Address HOST2_NET5
ICMP Type 129 (Echo Reply)

JUDGMENT

  PASS: Both ICMP Echo Reply (Host1, Host2) received

SEE ALSO

  perldoc V6evalTool

  IPSEC.html IPsec Test Common Utility