NAME

  RTU_E_In_2SA_DspiDipsrc - Router Tunnel Mode ESP Inbound 2 SA selection, Different SPI, Different IPsrc

TARGET

  Router

SYNOPSIS

  RTU_E_In_2SA_DspiDipsrc.seq [-tooloption ...] -pkt RTU_E_2SA_DspiDip.def
    -tooloption : v6eval tool option
  See also RTU_E_common.def and RTU_common.def

INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

                           (Link0) (Link1)
            NET4   NET2      NET0   NET1
  HOST1_NET4 -- SG1 +- Router -- NUT -- HOST1_NET1
                 ===|=tunnel======> (SA1)
            NET6    |
  HOST1_NET6 -- SG2 +
                 =====tunnel======> (SA2)

Security Association Database (SAD) for SA1

source address SG1_NET2
destination address NUT_NET0
SPI 0x1000
mode tunnel
protocol ESP
ESP algorithm DES-CBC
ESP algorithm key TAHITEST

Security Policy Database (SPD) for SA1

No SPD entry

Security Association Database (SAD) for SA2

source address SG2_NET2
destination address NUT_NET0
SPI 0x2000
mode tunnel
protocol ESP
ESP algorithm DES-CBC
ESP algorithm key foo0foo1

Security Policy Database (SPD) for SA2

No SPD entry

TEST PROCEDURE

 Tester                      Target                      Tester
              (Link0)                     (Link1)
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |       From Host1Net4      |                           |
   |        (using SA1)        |                           |
   |                           |                           |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |       From Host1Net4      |
   |                           |                           |
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |       From Host1Net6      |                           |
   |        (using SA2)        |                           |
   |                           |                           |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |       From Host1Net6      |
   |                           |                           |
   |                           |                           |
   v                           v                           v
  1. Send ICMP Echo Request FromHost1Net4 using SA1 to Link0
  2. Receive ICMP Echo Request FromHost1Net4 from Link1
  3. Send ICMP Echo Request FromHost1Net6 using SA2 to Link0
  4. Receive ICMP Echo Request FromHost1Net6 from Link1

ICMP Echo Request FromHost1Net4 using SA1 to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
ESP SPI 0x1000
Algorithm DES-CBC
Key TAHITEST
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request FromHost1Net4 from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request FromHost1Net6 using SA2 to Link0

IP Header Source Address SG2_NET2
Destination Address NUT_NET0
ESP SPI 0x2000
Algorithm DES-CBC
Key foo0foo1
IP Header Source Address HOST1_NET6
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request FromHost1Net6 from Link1

IP Header Source Address HOST1_NET6
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

JUDGMENT

  PASS: Both ICMP Echo Request (using SA1, SA2) received

SEE ALSO

  perldoc V6evalTool

  IPSEC.html IPsec Test Common Utility