RTU_E_In_2SA_DspiSipsrc - Router Tunnel Mode ESP Inbound 2 SA selection, Different SPI, Same IPsrc
Router
RTU_E_In_2SA_DspiSipsrc.seq [-tooloption ...] -pkt RTU_E_2SA_DspiSip.def
-tooloption : v6eval tool option
See also RTU_E_common.def and RTU_common.def
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
(Link0) (Link1)
NET4 NET2 NET0 NET1
HOST1_NET4 -- SG1 -- Router -- NUT -- HOST1_NET1
=====tunnel======> (SA1)
=====tunnel======> (SA2)
Security Association Database (SAD) for SA1
| source address | SG1_NET2 |
| destination address | NUT_NET0 |
| SPI | 0x1000 |
| mode | tunnel |
| protocol | ESP |
| ESP algorithm | DES-CBC |
| ESP algorithm key | TAHITEST |
Security Association Database (SAD) for SA2
| source address | SG1_NET2 |
| destination address | NUT_NET0 |
| SPI | 0x2000 |
| mode | tunnel |
| protocol | ESP |
| ESP algorithm | DES-CBC |
| ESP algorithm key | foo0foo1 |
Security Policy Database (SPD)
| No SPD entry |
Tester Target Tester
(Link0) (Link1)
| | |
|-------------------------->| |
| ICMP Echo Request | |
| From Host1Net4 | |
| (using SA1) | |
| | |
| |-------------------------->|
| | ICMP Echo Request |
| | From Host1Net4 |
| | |
| | |
|-------------------------->| |
| ICMP Echo Request | |
| From Host1Net4 | |
| (using SA2) | |
| | |
| |-------------------------->|
| | ICMP Echo Request |
| | From Host1Net4 |
| | |
| | |
v v v
ICMP Echo Request FromHost1Net4 using SA1 to Link0
| IP Header | Source Address | SG1_NET2 |
| Destination Address | NUT_NET0 | |
| ESP | SPI | 0x1000 |
| Algorithm | DES-CBC | |
| Key | TAHITEST | |
| IP Header | Source Address | HOST1_NET4 |
| Destination Address | HOST1_NET1 | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Request FromHost1Net4 from Link1
| IP Header | Source Address | HOST1_NET4 |
| Destination Address | HOST1_NET1 | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Request FromHost1Net6 using SA2 to Link0
| IP Header | Source Address | SG1_NET2 |
| Destination Address | NUT_NET0 | |
| ESP | SPI | 0x2000 |
| Algorithm | DES-CBC | |
| Key | foo0foo1 | |
| IP Header | Source Address | HOST1_NET4 |
| Destination Address | HOST1_NET1 | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Request FromHost1Net4 from Link1
| IP Header | Source Address | HOST1_NET4 |
| Destination Address | HOST1_NET1 | |
| ICMP | Type | 128 (Echo Request) |
PASS: Both ICMP Echo Request (using SA1, SA2) received
perldoc V6evalTool
IPSEC.html IPsec Test Common Utility