IKE Lifetime
with AH Transport/Tunnel mode (HOST)
[IP][AH]
[IP1][AH][IP2]

[Interoperability Test Scenario]

Last Update: February 23, 2001

This scenario verifies interoperability when the target HOST is attached to the model network.

Subjects:

Verification of host's action.
IKE with IPsec Authentication Header transport mode.

Verification Points

Parameter Value

IKE Phase-1 Lifetime 1 min

3 min

1024 Byte

1 MByte

Phase-2 Lifetime 1 min

3 min

1024 Byte

1 MByte

Fixed Parameters

Parameter Value

IKE Exchange mode Main mode

Authentication method Pre-Shared key (DH group 1)

Phase-1 lifetime 24 hour (when ph2 lifetime is variable)

Phase-2 lifetime 24 hour (when ph1 lifetime is variable)

Hash Algorithm MD5

Encryption Algorithm DES

IPsec Authentication algorithm HMAC-MD5

MODE Transport

Granularity Host

Physical Network Configuration:

  (3ffe:501:481d:f002::11) (3ffe:501:481d:f002::12)
         HOST-2                  HOST-3
           |(HIF-2y)               |(HIF-3y)
           |                       |
(Net-y)  --+-----------+-----------+-- (3ffe:501:481d:f002::/64)
                       |
                       |(I/F-y) (3ffe:501:481d:f002::1)
                    ROUTER-1
                       |(I/F-z) (3ffe:501:481d:f001::1)
                       |
(Net-z)      ----+-----+------------- (3ffe:501:481d:f001::/64)
                 |
                 |(HIF-1z) (3ffe:501:481d:f001::11)
               HOST-1

Network	Prefix	Network media
Net-y	3ffe:501:481d:f002::/64	Ethernet 10BASE-T
Net-z	3ffe:501:481d:f001::/64	Ethernet 10BASE-T

Test Machine:

Machine Comments Initial status Configuration

HOST-3 Reference Machine Is attached to Net-y with power turned off. -

HOST-2 Reference Machine Is attached to Net-y with power turned off. -
ROUTER-1 Reference Machine Power is turned off.
I/F-z is attached to Net-z while I/F-y is attached to Net-y. Sends RA to Net-z and Net-y.

HOST-1 Target Machine Is attached to Net-z with power turned off. -

Configuration list:

*DH Key = Diffie-Hellman shared key
*Hash Alg = IKE Authentication Algorithm
*Enc Alg = IKE Encryption Algorithm
*PH1 Lifetime = Phase-1 Lifetime
*PH2 Lifetime = Phase-2 Lifetime
*Protocol = Security Protocol
*AH auth = AH Authentication Algorithm
*Auth Method = Authentication Method
*Upper = Upper Layer Protocol

No. Machine Src Dest IKE IPsec

Exchange
mode
Local ID

Remote ID
Auth
Method DH Key Hash
Alg Enc
Alg PH1
Lifetime PH2
Lifetime Protocol Mode AH auth Upper

1
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 1 Min 24 Hour AH Transport HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 1 Min 24 Hour AH Transport HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

2
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 3 Min 24 Hour AH Transport HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 3 Min 24 Hour AH Transport HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

3
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 1024 Byte 24 Hour AH Transport HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 1024 Byte 24 Hour AH Transport HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

4
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 3 Mbyte 24 Hour AH Transport HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 3 Mbyte 24 Hour AH Transport HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

5
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 1 Min AH Transport HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 1 Min AH Transport HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

6
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 3 Min AH Transport HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 3 Min AH Transport HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

7
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 1024 Byte AH Transport HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 1024 Byte AH Transport HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

8
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 3 Mbyte AH Transport HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 3 Mbyte AH Transport HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

9
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 1 Min 24 Hour AH Tunnel HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 1 Min 24 Hour AH Tunnel HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

10
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 3 Min 24 Hour AH Tunnel HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 3 Min 24 Hour AH Tunnel HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

11
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 1024 Byte 24 Hour AH Tunnel HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 1024 Byte 24 Hour AH Tunnel HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

12
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 1 Mbyte 24 Hour AH Tunnel HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 1 Mbyte 24 Hour AH Tunnel HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

13
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 1 Min AH Tunnel HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 1 Min AH Tunnel HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

14
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 3 Min AH Tunnel HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 3 Min AH Tunnel HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

15
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 1024 Byte AH Tunnel HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 1024 Byte AH Tunnel HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

16
HOST-1 HIF-1z HIF-2y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 1 Mbyte AH Tunnel HMAC-MD5 any

HIF-1z HIF-3y Main 3ffe:501:481d:f001::11 3ffe:501:481d:f002::12 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Main 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 1 Mbyte AH Tunnel HMAC-MD5 any

HOST-3 HIF-3y HIF-1z Main 3ffe:501:481d:f002::12 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Tunnel HMAC-MD5 any

Applications:
ping program (ping)

NOTE:
We select these applications, as typical application for each protocol (ICMP/UDP/TCP).
In this scenario, it is not a subject to verify each application in detail.

Interoperability check

No Action Criteria Comments

Address auto configuration check.

1 Boot ROUTER-1. - -

2 Boot HOST-1. - -

3 Boot HOST-2. - -

4 Boot HOST-3. - -

Availability confirmation.

5 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 1452 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1. HOST-2 and HOST-1 don't use IPsec.

6 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 1452 -i 1 -c 10 HOST-1 *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1. HOST-3 and HOST-1 don't use IPsec.

IPsec transport [IP][AH] (IKE auth=MD5)(Phase-1 Lifetime=1min)

7 At HOST-1 set configuration #1 - -

8 At HOST-2 set configuration #1 - -

9 At HOST-3 set configuration #1 - -

10 At HOST-2, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 1Min pasts since Step 11. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

11 *Do this step while doing Step 10

At HOST-3, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though 1Min pasts since Step 11.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec transport [IP][AH] (IKE auth=MD5)(Phase-1 Lifetime=3min)

12 At HOST-1 set configuration #2 - -

13 At HOST-2 set configuration #2 - -

14 At HOST-3 set configuration #2 - -

15 At HOST-2, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 3Min pasts since Step 16. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

16 *Do this step while doing Step 15

At HOST-3, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though 3Min pasts since Step 16.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec transport [IP][AH] (IKE auth=MD5)(Phase-1 Lifetime=1024Byte)

17 At HOST-1 set configuration #3 - -

18 At HOST-2 set configuration #3 - -

19 At HOST-3 set configuration #3 - -

20 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 100 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 100 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when HOST-2 transmits 1024 Byte. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

21 *Do this step while doing Step 20

At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 100 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 100 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though HOST-3 transmits 1024 Byte.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec transport [IP][AH] (IKE auth=MD5)(Phase-1 Lifetime=1MByte)

22 At HOST-1 set configuration #4 - -

23 At HOST-2 set configuration #4 - -

24 At HOST-3 set configuration #4 - -

25 At HOST-2, run "ping" to HOST-1.
Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when HOST-2 transmits 1M Byte. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

26 *Do this step while doing Step 25

At HOST-3, run "ping" to HOST-1.
Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though HOST-3 transmits 1M Byte.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec transport [IP][AH] (IKE auth=MD5)(Phase-2 Lifetime=1min)

27 At HOST-1 set configuration #5 - -

28 At HOST-2 set configuration #5 - -

29 At HOST-3 set configuration #5 - -

30 At HOST-2, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 1Min pasts since Step 31. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

31 *Do this step while doing Step 30

At HOST-3, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though 1Min pasts since Step 31.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec transport [IP][AH] (IKE auth=MD5)(Phase-2 Lifetime=3min)

32 At HOST-1 set configuration #6 - -

33 At HOST-2 set configuration #6 - -

34 At HOST-3 set configuration #6 - -

35 At HOST-2, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 3Min pasts since Step 36. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

36 *Do this step while doing Step 35

At HOST-3, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation occurs when 3Min pasts since Step 36.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec transport [IP][AH] (IKE auth=MD5)(Phase-2 Lifetime=1024Byte)

37 At HOST-1 set configuration #7 - -

38 At HOST-2 set configuration #7 - -

39 At HOST-3 set configuration #7 - -

40 At HOST-2, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 1Min pasts since Step 11. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

41 *Do this step while doing Step 40

At HOST-3, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though 1Min pasts since Step 11.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec transport [IP][AH] (IKE auth=MD5)(Phase-2 Lifetime=1MByte)

42 At HOST-1 set configuration #8 - -

43 At HOST-2 set configuration #8 - -

44 At HOST-3 set configuration #8 - -

45 At HOST-2, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 3Min pasts since Step 16. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

46 *Do this step while doing Step 45

At HOST-3, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though 3Min pasts since Step 16.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-1 Lifetime=1min)

47 At HOST-1 set configuration #9 - -

48 At HOST-2 set configuration #9 - -

49 At HOST-3 set configuration #9 - -

50 At HOST-2, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 1Min pasts since Step 11. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

51 *Do this step while doing Step 10

At HOST-3, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though 1Min pasts since Step 11.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-1 Lifetime=3min)

52 At HOST-1 set configuration #10 - -

53 At HOST-2 set configuration #10 - -

54 At HOST-3 set configuration #10 - -

55 At HOST-2, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 3Min pasts since Step 16. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

56 *Do this step while doing Step 15

At HOST-3, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though 3Min pasts since Step 16.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-1 Lifetime=1024Byte)

57 At HOST-1 set configuration #11 - -

58 At HOST-2 set configuration #11 - -

59 At HOST-3 set configuration #11 - -

60 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 100 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 100 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when HOST-2 transmits 1024 Byte. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

61 *Do this step while doing Step 51

At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 100 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 100 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though HOST-3 transmits 1024 Byte.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-1 Lifetime=1MByte)

62 At HOST-1 set configuration #12 - -

63 At HOST-2 set configuration #12 - -

64 At HOST-3 set configuration #12 - -

65 At HOST-2, run "ping" to HOST-1.
Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when HOST-2 transmits 1M Byte. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

66 *Do this step while doing Step 55

At HOST-3, run "ping" to HOST-1.
Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though HOST-3 transmits 1M Byte.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-2 Lifetime=1min)

67 At HOST-1 set configuration #13 - -

68 At HOST-2 set configuration #13 - -

69 At HOST-3 set configuration #13 - -

70 At HOST-2, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 1Min pasts since Step 31. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

71 *Do this step while doing Step 60

At HOST-3, run "ping" to HOST-1.
Repeat 80 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 80 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though 1Min pasts since Step 31.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-2 Lifetime=3min)

72 At HOST-1 set configuration #14 - -

73 At HOST-2 set configuration #14 - -

74 At HOST-3 set configuration #14 - -

75 At HOST-2, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when 3Min pasts since Step 36. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

76 *Do this step while doing Step 65

At HOST-3, run "ping" to HOST-1.
Repeat 200 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 200 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation occurs when 3Min pasts since Step 36.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-2 Lifetime=1024Byte)

77 At HOST-1 set configuration #15 - -

78 At HOST-2 set configuration #15 - -

79 At HOST-3 set configuration #15 - -

80 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 100 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 100 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when HOST-2 transmits 1024 Byte. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

81 *Do this step while doing Step 70

At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 100 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 100 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though HOST-3 transmits 1024 Byte.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-2 Lifetime=1MByte)

82 At HOST-1 set configuration #16 - -

83 At HOST-2 set configuration #16 - -

84 At HOST-3 set configuration #16 - -

85 At HOST-2, run "ping" to HOST-1.
Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2.
*2nd Key negotiation occurs when HOST-2 transmits 1M Byte. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

86 *Do this step while doing Step 75

At HOST-3, run "ping" to HOST-1.
Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3.
*2nd Key negotiation does not occur even though HOST-3 transmits 1M Byte.

AH transport between HOST-1 and HOST-3.(HMAC-MD5)
HOST-3 <-> HOST-1
(ICMP)

Mark"*"with no number means that we are going to judge that subject.

Parameter		Value
IKE	Phase-1 Lifetime	1 min
		3 min
		1024 Byte
		1 MByte
	Phase-2 Lifetime	1 min
		3 min
		1024 Byte
		1 MByte

Parameter		Value
IKE	Exchange mode	Main mode
	Authentication method	Pre-Shared key (DH group 1)
	Phase-1 lifetime	24 hour (when ph2 lifetime is variable)
	Phase-2 lifetime	24 hour (when ph1 lifetime is variable)
	Hash Algorithm	MD5
	Encryption Algorithm	DES
IPsec	Authentication algorithm	HMAC-MD5
	MODE	Transport
	Granularity	Host

Machine	Comments	Initial status	Configuration
HOST-3	Reference Machine	Is attached to Net-y with power turned off.	-
HOST-2	Reference Machine	Is attached to Net-y with power turned off.	-
ROUTER-1	Reference Machine	Power is turned off. I/F-z is attached to Net-z while I/F-y is attached to Net-y.	Sends RA to Net-z and Net-y.
HOST-1	Target Machine	Is attached to Net-z with power turned off.	-

No	Action	Criteria	Comments
Address auto configuration check.
1	Boot ROUTER-1.	-	-
2	Boot HOST-1.	-	-
3	Boot HOST-2.	-	-
4	Boot HOST-3.	-	-
Availability confirmation.
5	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 1452 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
6	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 1452 -i 1 -c 10 HOST-1	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1.	HOST-3 and HOST-1 don't use IPsec.
IPsec transport [IP][AH] (IKE auth=MD5)(Phase-1 Lifetime=1min)
7	At HOST-1 set configuration #1	-	-
8	At HOST-2 set configuration #1	-	-
9	At HOST-3 set configuration #1	-	-
10	At HOST-2, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 1Min pasts since Step 11.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
11	*Do this step while doing Step 10 At HOST-3, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though 1Min pasts since Step 11.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec transport [IP][AH] (IKE auth=MD5)(Phase-1 Lifetime=3min)
12	At HOST-1 set configuration #2	-	-
13	At HOST-2 set configuration #2	-	-
14	At HOST-3 set configuration #2	-	-
15	At HOST-2, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 3Min pasts since Step 16.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
16	*Do this step while doing Step 15 At HOST-3, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though 3Min pasts since Step 16.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec transport [IP][AH] (IKE auth=MD5)(Phase-1 Lifetime=1024Byte)
17	At HOST-1 set configuration #3	-	-
18	At HOST-2 set configuration #3	-	-
19	At HOST-3 set configuration #3	-	-
20	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 100 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 100 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when HOST-2 transmits 1024 Byte.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
21	*Do this step while doing Step 20 At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 100 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 100 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though HOST-3 transmits 1024 Byte.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec transport [IP][AH] (IKE auth=MD5)(Phase-1 Lifetime=1MByte)
22	At HOST-1 set configuration #4	-	-
23	At HOST-2 set configuration #4	-	-
24	At HOST-3 set configuration #4	-	-
25	At HOST-2, run "ping" to HOST-1. Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when HOST-2 transmits 1M Byte.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
26	*Do this step while doing Step 25 At HOST-3, run "ping" to HOST-1. Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though HOST-3 transmits 1M Byte.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec transport [IP][AH] (IKE auth=MD5)(Phase-2 Lifetime=1min)
27	At HOST-1 set configuration #5	-	-
28	At HOST-2 set configuration #5	-	-
29	At HOST-3 set configuration #5	-	-
30	At HOST-2, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 1Min pasts since Step 31.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
31	*Do this step while doing Step 30 At HOST-3, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though 1Min pasts since Step 31.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec transport [IP][AH] (IKE auth=MD5)(Phase-2 Lifetime=3min)
32	At HOST-1 set configuration #6	-	-
33	At HOST-2 set configuration #6	-	-
34	At HOST-3 set configuration #6	-	-
35	At HOST-2, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 3Min pasts since Step 36.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
36	*Do this step while doing Step 35 At HOST-3, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation occurs when 3Min pasts since Step 36.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec transport [IP][AH] (IKE auth=MD5)(Phase-2 Lifetime=1024Byte)
37	At HOST-1 set configuration #7	-	-
38	At HOST-2 set configuration #7	-	-
39	At HOST-3 set configuration #7	-	-
40	At HOST-2, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 1Min pasts since Step 11.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
41	*Do this step while doing Step 40 At HOST-3, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though 1Min pasts since Step 11.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec transport [IP][AH] (IKE auth=MD5)(Phase-2 Lifetime=1MByte)
42	At HOST-1 set configuration #8	-	-
43	At HOST-2 set configuration #8	-	-
44	At HOST-3 set configuration #8	-	-
45	At HOST-2, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 3Min pasts since Step 16.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
46	*Do this step while doing Step 45 At HOST-3, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though 3Min pasts since Step 16.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-1 Lifetime=1min)
47	At HOST-1 set configuration #9	-	-
48	At HOST-2 set configuration #9	-	-
49	At HOST-3 set configuration #9	-	-
50	At HOST-2, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 1Min pasts since Step 11.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
51	*Do this step while doing Step 10 At HOST-3, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though 1Min pasts since Step 11.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-1 Lifetime=3min)
52	At HOST-1 set configuration #10	-	-
53	At HOST-2 set configuration #10	-	-
54	At HOST-3 set configuration #10	-	-
55	At HOST-2, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 3Min pasts since Step 16.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
56	*Do this step while doing Step 15 At HOST-3, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though 3Min pasts since Step 16.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-1 Lifetime=1024Byte)
57	At HOST-1 set configuration #11	-	-
58	At HOST-2 set configuration #11	-	-
59	At HOST-3 set configuration #11	-	-
60	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 100 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 100 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when HOST-2 transmits 1024 Byte.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
61	*Do this step while doing Step 51 At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 100 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 100 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though HOST-3 transmits 1024 Byte.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-1 Lifetime=1MByte)
62	At HOST-1 set configuration #12	-	-
63	At HOST-2 set configuration #12	-	-
64	At HOST-3 set configuration #12	-	-
65	At HOST-2, run "ping" to HOST-1. Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when HOST-2 transmits 1M Byte.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
66	*Do this step while doing Step 55 At HOST-3, run "ping" to HOST-1. Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though HOST-3 transmits 1M Byte.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-2 Lifetime=1min)
67	At HOST-1 set configuration #13	-	-
68	At HOST-2 set configuration #13	-	-
69	At HOST-3 set configuration #13	-	-
70	At HOST-2, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 1Min pasts since Step 31.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
71	*Do this step while doing Step 60 At HOST-3, run "ping" to HOST-1. Repeat 80 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 80 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though 1Min pasts since Step 31.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-2 Lifetime=3min)
72	At HOST-1 set configuration #14	-	-
73	At HOST-2 set configuration #14	-	-
74	At HOST-3 set configuration #14	-	-
75	At HOST-2, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when 3Min pasts since Step 36.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
76	*Do this step while doing Step 65 At HOST-3, run "ping" to HOST-1. Repeat 200 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 200 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation occurs when 3Min pasts since Step 36.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-2 Lifetime=1024Byte)
77	At HOST-1 set configuration #15	-	-
78	At HOST-2 set configuration #15	-	-
79	At HOST-3 set configuration #15	-	-
80	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 100 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 100 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when HOST-2 transmits 1024 Byte.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
81	*Do this step while doing Step 70 At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 100 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 100 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though HOST-3 transmits 1024 Byte.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)
IPsec tunnel [IP1][AH][IP2] (IKE auth=MD5)(Phase-2 Lifetime=1MByte)
82	At HOST-1 set configuration #16	-	-
83	At HOST-2 set configuration #16	-	-
84	At HOST-3 set configuration #16	-	-
85	At HOST-2, run "ping" to HOST-1. Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-2. 2nd Key negotiation occurs when HOST-2 transmits 1M Byte.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
86	*Do this step while doing Step 75 At HOST-3, run "ping" to HOST-1. Repeat 750 times, with 1400 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 1400 -i 1 -c 750 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. AH is attached to original packet between HOST-1 and HOST-3. 2nd Key negotiation does not occur even though HOST-3 transmits 1M Byte.	AH transport between HOST-1 and HOST-3.(HMAC-MD5) HOST-3 <-> HOST-1 (ICMP)

IKE Lifetime with AH Transport/Tunnel mode (HOST) [IP][AH] [IP1][AH][IP2]

[Interoperability Test Scenario]

IKE Lifetime
with AH Transport/Tunnel mode (HOST)
[IP][AH]
[IP1][AH][IP2]