NAME

  RTU_E_Out_2SA_DspiDipdst - Router Tunnel Mode ESP Outbound 2 SA selection, Different SPI, Different IPdst

TARGET

  Router

SYNOPSIS

  RTU_E_Out_2SA_DspiDipdst.seq [-tooloption ...] -pkt RTU_E_2SA_DspiDipdst.def
    -tooloption : v6eval tool option
  See also RTU_E_common.def and RTU_common.def

INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

                           (Link0) (Link1)
            NET4   NET2      NET0   NET1
  HOST1_NET4 -- SG1 +- Router -- NUT -- HOST1_NET1
                 <==|=tunnel======= (SA1)
            NET6    |
  HOST1_NET6 -- SG2 +
                 <====tunnel======= (SA2)

Security Association Database (SAD) for SA1

source address NUT_NET0
destination address SG1_NET2
SPI 0x1000
mode tunnel
protocol ESP
ESP algorithm DES-CBC
ESP algorithm key 01234567

Security Policy Database (SPD) for SA1

tunnel source address NUT_NET0
tunnel destination address SG1_NET2
source address NET1
destination address NET4
upper spec any
direction out
protocol ESP
mode tunnel

Security Association Database (SAD) for SA2

source address NUT_NET0
destination address SG2_NET2
SPI 0x2000
mode tunnel
protocol ESP
ESP algorithm DES-CBC
ESP algorithm key foo0foo1

Security Policy Database (SPD) for SA2

tunnel source address NUT_NET0
tunnel destination address SG2_NET2
source address NET1
destination address NET6
upper spec any
direction out
protocol ESP
mode tunnel

TEST PROCEDURE

 Tester                      Target                      Tester
              (Link0)                     (Link1)
   |                           |                           |
   |                           |<--------------------------|
   |                           |      ICMP Echo Reply      |
   |                           |        ToHost1Net4        |
   |                           |                           |
   |<--------------------------|                           |
   |      ICMP Echo Reply      |                           |
   |        ToHost1Net4        |                           |
   |        (using SA1)        |                           |
   |                           |                           |
   |                           |                           |
   |                           |<--------------------------|
   |                           |      ICMP Echo Reply      |
   |                           |        ToHost1Net6        |
   |                           |                           |
   |<--------------------------|                           |
   |      ICMP Echo Reply      |                           |
   |        ToHost1Net6        |                           |
   |        (using SA2)        |                           |
   |                           |                           |
   |                           |                           |
   v                           v                           v
  1. Send ICMP Echo Reply ToHost1Net4 to Link1
  2. Receive ICMP Echo Reply ToHost1Net4 using SA1 from Link0
  3. Send ICMP Echo Reply ToHost1Net6 to Link1
  4. Receive ICMP Echo Reply ToHost1Net6 using SA2 from Link0

ICMP Echo Reply ToHost1Net4 to Link1

IP Header Source Address HOST1_NET1
Destination Address HOST1_NET4
ICMP Type 129 (Echo Reply)

ICMP Echo Reply ToHost1Net4 using SA1 from Link0

IP Header Source Address NUT_NET0
Destination Address SG1_NET2
ESP SPI 0x1000
Algorithm DES-CBC
Key 01234567
IP Header Source Address HOST1_NET1
Destination Address HOST1_NET4
ICMP Type 129 (Echo Reply)

ICMP Echo Reply ToHost1Net6 to Link1

IP Header Source Address HOST1_NET1
Destination Address HOST1_NET6
ICMP Type 129 (Echo Reply)

ICMP Echo Reply ToHost1Net6 using SA2 from Link0

IP Header Source Address NUT_NET0
Destination Address SG2_NET2
ESP SPI 0x2000
Algorithm DES-CBC
Key foo0foo1
IP Header Source Address HOST1_NET1
Destination Address HOST1_NET6
ICMP Type 129 (Echo Reply)

JUDGEMENT

  PASS: Both ICMP Echo Reply (using SA1, SA2) received

SEE ALSO

  perldoc V6evalTool

  IPSEC.html IPsec Test Common Utility