AH tunnel mode (HOST)
[IP2][AH][IP1]

[Interoperability Test Scenario]

Last Update: February 26, 2000

This scenario verifies interoperability when the target HOST is attached to the model network.

Subjects:

Verification of host's action.
Authentication Header tunnel mode.
Verification Points:

- Authentication algorithm:

HMAC-MD5
HMAC-SHA1

- MODE:

Tunnel

- Granularity:

Network
Host
Protocol(ICMP/UDP/TCP)

Physical Network Configuration:

  (3ffe:501:481d:f002::11) (3ffe:501:481d:f002::12)
         HOST-2                  HOST-3
           |(HIF-2y)               |(HIF-3y)
           |                       |
(Net-y)  --+-----------+-----------+-- (3ffe:501:481d:f002::/64)
                       |
                       |(I/F-y) (3ffe:501:481d:f002::1)
                    ROUTER-1
                       |(I/F-z) (3ffe:501:481d:f001::1)
                       |
(Net-z)      ----+-----+------------- (3ffe:501:481d:f001::/64)
                 |
                 |(HIF-1z) (3ffe:501:481d:f001::11)
               HOST-1

Network	Prefix	Network media
Net-y	3ffe:501:481d:f002::/64	Ethernet 10BASE-T
Net-z	3ffe:501:481d:f001::/64	Ethernet 10BASE-T

Test Machine:

Machine Comments Initial status Configuration

HOST-3 Reference Machine Is attached to Net-y with power turned off. -

HOST-2 Reference Machine Is attached to Net-y with power turned off. -

ROUTER-1 Reference Machine Power is turned off.
I/F-z is attached to Net-z while I/F-y is attached to Net-y. Sends RA to Net-z and Net-y.
Sends and receives RIPng..

HOST-1 Target Machine Is attached to Net-z with power turned off. -

Configuration list:

*AH auth = AH Authentication Algorithm
*ESP enc = ESP Encryption Algorithm
*ESP auth = ESP Authentication Algorithm

No. Machine Src Dest Protocol Mode SPI Auth Alg ESP enc ESP auth Upper Port(Src/Dst)

1
HOST-1 HIF-1z HIF-2y AH Tunnel 1011 HMAC-MD5 - - any -

HOST-2 HIF-2y HIF-1z AH Tunnel 5011 HMAC-MD5 - - any -

2 HOST-1 HIF-1z HIF-2y AH Tunnel 1021 HMAC-SHA1 - - any -

HOST-2 HIF-2y HIF-1z AH Tunnel 5021 HMAC-SHA1 - - any -

3
HOST-1 HIF-1z HIF-2y AH Tunnel 1031 HMAC-MD5 - - ICMP -

HOST-2 HIF-2y HIF-1z AH Tunnel 5031 HMAC-MD5 - - ICMP -

4 HOST-1 HIF-1z HIF-2y AH Tunnel 1041 HMAC-MD5 - - UDP any

HOST-2 HIF-2y HIF-1z AH Tunnel 5041 HMAC-MD5 - - UDP any

5 HOST-1 HIF-1z HIF-2y AH Tunnel 1051 HMAC-MD5 - - TCP any

HOST-2 HIF-2y HIF-1z AH Tunnel 5051 HMAC-MD5 - - TCP any

6 HOST-1 HIF-1z HIF-2y AH Tunnel 1061 HMAC-MD5 - - UDP 3000/any

HOST-2 HIF-2y HIF-1z AH Tunnel 5061 HMAC-MD5 - - UDP any/3000

7 HOST-1 HIF-1z HIF-2y AH Tunnel 1071 HMAC-MD5 - - UDP any/3000

HOST-2 HIF-2y HIF-1z AH Tunnel 5071 HMAC-MD5 - - UDP 3000/any

8 HOST-1 HIF-1z HIF-2y AH Tunnel 1081 HMAC-MD5 - - TCP 21/any

HOST-2 HIF-2y HIF-1z AH Tunnel 5081 HMAC-MD5 - - TCP any/21

9 HOST-1 HIF-1z HIF-2y AH Tunnel 1091 HMAC-MD5 - - TCP any/21

HOST-2 HIF-2y HIF-1z AH Tunnel 5091 HMAC-MD5 - - TCP 21/any

Applications:
ping program (ping)
UDP echo program (UDP echo)
ftp program (ftp)
telnet program (telnet)

NOTE:
We select these applications, as typical application for each protocol (ICMP/UDP/TCP).
In this scenario, it is not a subject to verify each application in detail.

Interoperability check

No Action Criteria Comments

Address auto configuration check.

1 Boot ROUTER-1. - -

2 Boot HOST-1. - -

3 Boot HOST-2. - -

4 Boot HOST-3. - -

Availability confirmation.

5 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1. HOST-2 and HOST-1 don't use IPsec.

6 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-1 *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1. HOST-2 and HOST-1 don't use IPsec.

7 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 1452 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-1 *HOST-2 sends UDP Echo Request to HOST-1
*HOST-2 receives UDP Echo Reply from HOST-1
HOST-2 and HOST-1 don't use IPsec.

8 At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 1452 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-1 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
HOST-2 and HOST-1 don't use IPsec.

9 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1. HOST-2 and HOST-1 don't use IPsec.

10 At HOST-3, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-3 downloads file correctly from HOST-1. HOST-2 and HOST-1 don't use IPsec.

IPsec tunnel [IP2][AH][IP1] (granularity=HOST) (AH auth=HMAC-MD5)

11 At HOST-1 set configuration #1 - -

12 At HOST-2 set configuration #1 - -

13 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

14 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

15 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(ICMP)

16 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
The packet will be fragmented to 3 packets.
(ICMP)

17 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(UDP)

18 At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

19 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(TCP)

20 At HOST-3, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-3 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

IPsec tunnel [IP2][AH][IP1] (granularity=HOST) (AH auth=HMAC-SHA1)

21 At HOST-1 set configuration #2 - -

22 At HOST-2 set configuration #2 - -

23 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1)
HOST-2 <-> HOST-1
(ICMP)

24 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1)
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(ICMP)

25 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1)
HOST-2 <-> HOST-1
The packet will be fragmented to 3 packets.
(ICMP)

26 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1)
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(UDP)

27 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1)
HOST-2 <-> HOST-1
(TCP)

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [ICMP]) (AH auth=HMAC-MD5)

28 At HOST-1 set configuration #3 - -

29 At HOST-2 set configuration #3 - -

30 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

31 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

32 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

33 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP]) (AH auth=HMAC-MD5)

34 At HOST-1 set configuration #4 - -

35 At HOST-2 set configuration #4 - -

36 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

37 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(UDP)

38 At HOST-3, run UDP echo program*1 to communicate with HOST-1.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

39 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP]) (AH auth=HMAC-MD5)

40 At HOST-1 set configuration #5 - -

41 At HOST-2 set configuration #5 - -

42 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

43 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

44 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(TCP)

45 At HOST-3, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-3 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (AH auth=HMAC-MD5)

46 At HOST-1 set configuration #6 - -

47 At HOST-2 set configuration #6 - -

48 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

49
At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000
*HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(UDP)

50 At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000 *HOST-1 sends UDP Echo Request to HOST-2.
*HOST-1 receives UDP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

51 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 4000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 4000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

52 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (AH auth=HMAC-MD5) Reverse direction

53 At HOST-1 set configuration #7 - -

54 At HOST-2 set configuration #7 - -

55 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

56 At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000 *HOST-1 sends UDP Echo Request to HOST-2.
*HOST-1 receives UDP Echo Reply from HOST-2.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header. AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(UDP Port=3000)

57 At HOST-2 run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

58 At HOST-1 run UDP echo program*1 to communicate with HOST-2 destination port is 4000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 4000 *HOST-1 sends UDP Echo Request to HOST-2.
*HOST-1 receives UDP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

59 At HOST-1, run "ftp" to HOST-2.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP] Port=21) (AH auth=HMAC-MD5)

60 At HOST-1 set configuration #8 - -

61 At HOST-2 set configuration #8 - -

62 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

63 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

64 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header.
*ftp control port is authenticated
*ftp data port is authenticated AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(FTP)

65 At HOST-1, run "ftp" to HOST-2.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

66 At HOST-2, run "telnet" to HOST-1. *HOST-2 communicates with HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP] Port=21) (AH auth=HMAC-MD5) Reverse direction

67 At HOST-1 set configuration #9 - -

68 At HOST-2 set configuration #9 - -

69 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

70 At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000 *HOST-1 sends UDP Echo Request to HOST-2.
*HOST-1 receives UDP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

71 At HOST-1, run "ftp" to HOST-2.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-2.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include AH header.
*ftp control port is authenticated
*ftp data port is authenticated AH tunnel between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(FTP)

72 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

73 At HOST-1, run "telnet" to HOST-2. *HOST-1 communicates with HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

Mark"*"with no number means that we are going to judge that subject.

No	Action	Criteria	Comments
Address auto configuration check.
1	Boot ROUTER-1.	-	-
2	Boot HOST-1.	-	-
3	Boot HOST-2.	-	-
4	Boot HOST-3.	-	-
Availability confirmation.
5	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
6	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-1	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
7	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 1452 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-1	HOST-2 sends UDP Echo Request to HOST-1 HOST-2 receives UDP Echo Reply from HOST-1	HOST-2 and HOST-1 don't use IPsec.
8	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 1452 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-1	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
9	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	*HOST-2 downloads file correctly from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
10	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	*HOST-3 downloads file correctly from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
IPsec tunnel [IP2][AH][IP1] (granularity=HOST) (AH auth=HMAC-MD5)
11	At HOST-1 set configuration #1	-	-
12	At HOST-2 set configuration #1	-	-
13	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
14	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	-
15	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (ICMP)
16	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 The packet will be fragmented to 3 packets. (ICMP)
17	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (UDP)
18	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	-
19	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. *Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (TCP)
20	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	HOST-3 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-3.	-
IPsec tunnel [IP2][AH][IP1] (granularity=HOST) (AH auth=HMAC-SHA1)
21	At HOST-1 set configuration #2	-	-
22	At HOST-2 set configuration #2	-	-
23	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1) HOST-2 <-> HOST-1 (ICMP)
24	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1) HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (ICMP)
25	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1) HOST-2 <-> HOST-1 The packet will be fragmented to 3 packets. (ICMP)
26	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1) HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (UDP)
27	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. *Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-SHA1) HOST-2 <-> HOST-1 (TCP)
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [ICMP]) (AH auth=HMAC-MD5)
28	At HOST-1 set configuration #3	-	-
29	At HOST-2 set configuration #3	-	-
30	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
31	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	-
32	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
33	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP]) (AH auth=HMAC-MD5)
34	At HOST-1 set configuration #4	-	-
35	At HOST-2 set configuration #4	-	-
36	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
37	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (UDP)
38	At HOST-3, run UDP echo program*1 to communicate with HOST-1. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	-
39	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP]) (AH auth=HMAC-MD5)
40	At HOST-1 set configuration #5	-	-
41	At HOST-2 set configuration #5	-	-
42	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
43	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
44	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. *Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (TCP)
45	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	HOST-3 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-3.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (AH auth=HMAC-MD5)
46	At HOST-1 set configuration #6	-	-
47	At HOST-2 set configuration #6	-	-
48	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
49	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (UDP)
50	At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000	HOST-1 sends UDP Echo Request to HOST-2. HOST-1 receives UDP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
51	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 4000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 4000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
52	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (AH auth=HMAC-MD5) Reverse direction
53	At HOST-1 set configuration #7	-	-
54	At HOST-2 set configuration #7	-	-
55	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
56	At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000	HOST-1 sends UDP Echo Request to HOST-2. HOST-1 receives UDP Echo Reply from HOST-2. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header.	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (UDP Port=3000)
57	At HOST-2 run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
58	At HOST-1 run UDP echo program*1 to communicate with HOST-2 destination port is 4000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 4000	HOST-1 sends UDP Echo Request to HOST-2. HOST-1 receives UDP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
59	At HOST-1, run "ftp" to HOST-2. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-2. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP] Port=21) (AH auth=HMAC-MD5)
60	At HOST-1 set configuration #8	-	-
61	At HOST-2 set configuration #8	-	-
62	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
63	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
64	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header. ftp control port is authenticated *ftp data port is authenticated	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (FTP)
65	At HOST-1, run "ftp" to HOST-2. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-2. Original packets go through between HOST-1 and HOST-2.	-
66	At HOST-2, run "telnet" to HOST-1.	HOST-2 communicates with HOST-1. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP] Port=21) (AH auth=HMAC-MD5) Reverse direction
67	At HOST-1 set configuration #9	-	-
68	At HOST-2 set configuration #9	-	-
69	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
70	At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000	HOST-1 sends UDP Echo Request to HOST-2. HOST-1 receives UDP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
71	At HOST-1, run "ftp" to HOST-2. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-2. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include AH header. ftp control port is authenticated *ftp data port is authenticated	AH tunnel between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (FTP)
72	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-2.	-
73	At HOST-1, run "telnet" to HOST-2.	HOST-1 communicates with HOST-2. Original packets go through between HOST-1 and HOST-2.	-

Machine	Comments	Initial status	Configuration
HOST-3	Reference Machine	Is attached to Net-y with power turned off.	-
HOST-2	Reference Machine	Is attached to Net-y with power turned off.	-
ROUTER-1	Reference Machine	Power is turned off. I/F-z is attached to Net-z while I/F-y is attached to Net-y.	Sends RA to Net-z and Net-y. Sends and receives RIPng..
HOST-1	Target Machine	Is attached to Net-z with power turned off.	-

No.	Machine	Src	Dest	Protocol	Mode	SPI	Auth Alg	ESP enc	ESP auth	Upper	Port(Src/Dst)
1	HOST-1	HIF-1z	HIF-2y	AH	Tunnel	1011	HMAC-MD5	-	-	any	-
1	HOST-2	HIF-2y	HIF-1z	AH	Tunnel	5011	HMAC-MD5	-	-	any	-
2	HOST-1	HIF-1z	HIF-2y	AH	Tunnel	1021	HMAC-SHA1	-	-	any	-
2	HOST-2	HIF-2y	HIF-1z	AH	Tunnel	5021	HMAC-SHA1	-	-	any	-
3	HOST-1	HIF-1z	HIF-2y	AH	Tunnel	1031	HMAC-MD5	-	-	ICMP	-
3	HOST-2	HIF-2y	HIF-1z	AH	Tunnel	5031	HMAC-MD5	-	-	ICMP	-
4	HOST-1	HIF-1z	HIF-2y	AH	Tunnel	1041	HMAC-MD5	-	-	UDP	any
4	HOST-2	HIF-2y	HIF-1z	AH	Tunnel	5041	HMAC-MD5	-	-	UDP	any
5	HOST-1	HIF-1z	HIF-2y	AH	Tunnel	1051	HMAC-MD5	-	-	TCP	any
5	HOST-2	HIF-2y	HIF-1z	AH	Tunnel	5051	HMAC-MD5	-	-	TCP	any
6	HOST-1	HIF-1z	HIF-2y	AH	Tunnel	1061	HMAC-MD5	-	-	UDP	3000/any
6	HOST-2	HIF-2y	HIF-1z	AH	Tunnel	5061	HMAC-MD5	-	-	UDP	any/3000
7	HOST-1	HIF-1z	HIF-2y	AH	Tunnel	1071	HMAC-MD5	-	-	UDP	any/3000
7	HOST-2	HIF-2y	HIF-1z	AH	Tunnel	5071	HMAC-MD5	-	-	UDP	3000/any
8	HOST-1	HIF-1z	HIF-2y	AH	Tunnel	1081	HMAC-MD5	-	-	TCP	21/any
8	HOST-2	HIF-2y	HIF-1z	AH	Tunnel	5081	HMAC-MD5	-	-	TCP	any/21
9	HOST-1	HIF-1z	HIF-2y	AH	Tunnel	1091	HMAC-MD5	-	-	TCP	any/21
9	HOST-2	HIF-2y	HIF-1z	AH	Tunnel	5091	HMAC-MD5	-	-	TCP	21/any

AH tunnel mode (HOST) [IP2][AH][IP1]

[Interoperability Test Scenario]

AH tunnel mode (HOST)
[IP2][AH][IP1]