RTU_A_Out_2SA_DspiDipdst - Router Tunnel Mode AH Outbound 2 SA selection, Different SPI, Different IPdst
Router
RTU_A_Out_2SA_DspiDipdst.seq [-tooloption ...] -pkt RTU_A_2SA_DspiDip.def
-tooloption : v6eval tool option
See also HTR_A_common.def and HTR_common.def
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
(Link0) (Link1)
NET4 NET2 NET0 NET1
HOST1_NET4 -- SG1 +- Router -- NUT -- HOST1_NET1
<==|=tunnel======= (SA1)
NET6 |
HOST1_NET6 -- SG2 +
<====tunnel======= (SA2)
Security Association Database (SAD) for SA1
| source address | NUT_NET0 |
| destination address | SG1_NET2 |
| SPI | 0x1000 |
| mode | tunnel |
| protocol | AH |
| AH algorithm | HMAC-MD5 |
| AH algorithm key | TAHITEST89ABCDEF |
Security Policy Database (SPD) for SA1
| tunnel source address | NUT_NET0 |
| tunnel destination address | SG1_NET2 |
| source address | NET1 |
| destination address | NET4 |
| upper spec | any |
| direction | out |
| protocol | AH |
| mode | tunnel |
Security Association Database (SAD) for SA2
| source address | NUT_NET0 |
| destination address | SG2_NET2 |
| SPI | 0x2000 |
| mode | tunnel |
| protocol | AH |
| AH algorithm | HMAC-MD5 |
| ESP algorithm key | foo0foo1foo2foo3 |
Security Policy Database (SPD) for SA2
| tunnel source address | NUT_NET0 |
| tunnel destination address | SG2_NET2 |
| source address | NET1 |
| destination address | NET6 |
| upper spec | any |
| direction | out |
| protocol | AH |
| mode | tunnel |
Tester Target Tester
(Link0) (Link1)
| | |
| |<--------------------------|
| | ICMP Echo Reply |
| | ToHost1Net4 |
| | |
|<--------------------------| |
| ICMP Echo Reply | |
| ToHost1Net4 | |
| (using SA1) | |
| | |
| | |
| |<--------------------------|
| | ICMP Echo Reply |
| | ToHost1Net6 |
| | |
|<--------------------------| |
| ICMP Echo Reply | |
| ToHost1Net6 | |
| (using SA2) | |
| | |
| | |
v v v
ICMP Echo Reply ToHost1Net4 to Link1
| IP Header | Source Address | HOST1_NET1 |
| Destination Address | HOST1_NET4 | |
| ICMP | Type | 129 (Echo Reply) |
ICMP Echo Reply ToHost1Net4 within AH tunnel using SA1 from Link0
| IP Header | Source Address | NUT_NET0 |
| Destination Address | SG1_NET2 | |
| ESP | SPI | 0x1000 |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| IP Header | Source Address | HOST1_NET1 |
| Destination Address | HOST1_NET4 | |
| ICMP | Type | 129 (Echo Reply) |
ICMP Echo Reply ToHost1Net6 to Link1
| IP Header | Source Address | HOST1_NET1 |
| Destination Address | HOST1_NET6 | |
| ICMP | Type | 129 (Echo Reply) |
ICMP Echo Reply ToHost1Net6 using SA2 from Link0
| IP Header | Source Address | NUT_NET0 |
| Destination Address | SG2_NET2 | |
| AH | SPI | 0x2000 |
| Algorithm | HMAC-MD5 | |
| Key | foo0foo1foo2foo3 | |
| IP Header | Source Address | HOST1_NET1 |
| Destination Address | HOST1_NET6 | |
| ICMP | Type | 129 (Echo Reply) |
PASS: Both ICMP Echo Reply (using SA1, SA2) received
perldoc V6evalTool
IPSEC.html IPsec Test Common Utility