HTR_A_Out_2SA_DspiDipdst - Host Transport Mode AH Outbound 2 SA selection, Differnt SPI, Different IPdst
Host
HTR_A_Out_2SA_DspiDipdst.seq [-tooloption ...] -pkt HTR_A_2SA_DspiDip.def
-tooloption : v6eval tool option
See also HTR_A_common.def and HTR_common.def
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
NET5 NET3
HOST1_NET5 -- Router -- NUT
<----transport------ (SA1)
HOST2_NET5
<----transport------ (SA2)
Security Association Database (SAD) for SA1
| source address | NUT_NET3 |
| destination address | HOST1_NET5 |
| SPI | 0x1000 |
| mode | transport |
| protocol | AH |
| AH algorithm | HMAC-MD5 |
| AH algorithm key | TAHITEST89ABCDEF |
Security Policy Database (SPD) for SA1
| source address | NUT_NET3 |
| destination address | HOST1_NET5 |
| upper spec | any |
| direction | out |
| protocol | AH |
| mode | transport |
Security Association Database (SAD) for SA2
| source address | NUT_NET3 |
| destination address | HOST2_NET5 |
| SPI | 0x2000 |
| mode | transport |
| protocol | AH |
| AH algorithm | HMAC-MD5 |
| AH algorithm key | foo0foo1foo2foo3 |
Security Policy Database (SPD) for SA2
| source address | NUT_NET3 |
| destination address | HOST2_NET5 |
| upper spec | any |
| direction | out |
| protocol | AH |
| mode | transport |
Tester Target | | |-------------------------->| | ICMP Echo Request | | From Host1 | | | |<--------------------------| | ICMP Echo Reply | | To Host1 | | (using SA1) | | | | | |-------------------------->| | ICMP Echo Request | | From Host2 | | | |<--------------------------| | ICMP Echo Reply | | To Host2 | | (using SA2) | | | v v
ICMP Echo Request from Host1
| IP Header | Source Address | HOST1_NET5 |
| Destination Address | NUT_NET3 | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Reply using SA1 to Host1
| IP Header | Source Address | NUT_NET3 |
| Destination Address | HOST1_NET5 | |
| AH | SPI | 0x1000 |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| ICMP | Type | 129 (Echo Reply) |
ICMP Echo Request from Host2
| IP Header | Source Address | HOST2_NET5 |
| Destination Address | NUT_NET3 | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Reply using SA2 to Host2
| IP Header | Source Address | NUT_NET3 |
| Destination Address | HOST2_NET5 | |
| AH | SPI | 0x2000 |
| Algorithm | HMAC-MD5 | |
| Key | foo0foo1foo2foo3 | |
| ICMP | Type | 129 (Echo Reply) |
PASS: Both ICMP Echo Reply with AH (using SA1, SA2) received
perldoc V6evalTool
IPSEC.html IPsec Test Common Utility