ESP Tunnel mode (HOST)
[IP2][ESP][IP1]

[Interoperability Test Scenario]

Last Update: February 26, 2000

This scenario verifies interoperability when the target HOST is attached to the model network.

Subjects:

Verification of host's action.
ESP tunnel mode.
Verification Points:

- Authentication algorithm:

HMAC-MD5
HMAC-SHA1

- Encryption algorithm:

NULL
DES-CBC

- MODE:

Tunnel

- Granularity:

Network
Host
Protocol(ICMP/UDP/TCP)

Physical Network Configuration:

  (3ffe:501:481d:f002::11) (3ffe:501:481d:f002::12)
         HOST-2                  HOST-3
           |(HIF-2y)               |(HIF-3y)
           |                       |
(Net-y)  --+-----------+-----------+-- (3ffe:501:481d:f002::/64)
                       |
                       |(I/F-y) (3ffe:501:481d:f002::1)
                    ROUTER-1
                       |(I/F-z) (3ffe:501:481d:f001::1)
                       |
(Net-z)      ----+-----+------------- (3ffe:501:481d:f001::/64)
                 |
                 |(HIF-1z) (3ffe:501:481d:f001::11)
               HOST-1

Network	Prefix	Network media
Net-y	3ffe:501:481d:f002::/64	Ethernet 10BASE-T
Net-z	3ffe:501:481d:f001::/64	Ethernet 10BASE-T

Test Machine:

Machine Comments Initial status Configuration

HOST-3 Reference Machine Is attached to Net-y with power turned off. -

HOST-2 Reference Machine Is attached to Net-y with power turned off. -

ROUTER-1 Reference Machine Power is turned off.
I/F-z is attached to Net-z while I/F-y is attached to Net-y. Sends RA to Net-z and Net-y.
Sends and receives RIPng..

HOST-1 Target Machine Is attached to Net-z with power turned off. -

Configuration list

*AH auth = AH Authentication Algorithm
*ESP enc = ESP Encryption Algorithm
*ESP auth = ESP Authentication Algorithm

No. Machine Src Dest Protocol Mode SPI AH auth ESP enc ESP auth Upper Port(Src/Dst)

1 HOST-1 HIF-1z HIF-2y ESP Tunnel 1011 - NULL HMAC-MD5 any -

HOST-2 HIF-2y HIF-1z ESP Tunnel 5011 - NULL HMAC-MD5 any -

2 HOST-1 HIF-1z HIF-2y ESP Tunnel 1021 - NULL HMAC-SHA1 any -

HOST-2 HIF-2y HIF-1z ESP Tunnel 5021 - NULL HMAC-SHA1 any -

3
HOST-1 HIF-1z HIF-2y ESP Tunnel 1031 - DES-CBC NULL any -

HOST-2 HIF-2y HIF-1z ESP Tunnel 5031 - DES-CBC NULL any -

4 HOST-1 HIF-1z HIF-2y ESP Tunnel 1041 - DES-CBC HMAC-MD5 any -

HOST-2 HIF-2y HIF-1z ESP Tunnel 5041 - DES-CBC HMAC-MD5 any -

5 HOST-1 HIF-1z HIF-2y ESP Tunnel 1051 - DES-CBC HMAC-SHA1 any -

HOST-2 HIF-2y HIF-1z ESP Tunnel 5051 - DES-CBC HMAC-SHA1 any -

6
HOST-1 HIF-1z HIF-2y ESP Tunnel 1061 - NULL HMAC-MD5 ICMP -

HOST-2 HIF-2y HIF-1z ESP Tunnel 5061 - NULL HMAC-MD5 ICMP -

7 HOST-1 HIF-1z HIF-2y ESP Tunnel 1071 - NULL HMAC-MD5 UDP any

HOST-2 HIF-2y HIF-1z ESP Tunnel 5071 - NULL HMAC-MD5 UDP any

8 HOST-1 HIF-1z HIF-2y ESP Tunnel 1081 - NULL HMAC-MD5 TCP any

HOST-2 HIF-2y HIF-1z ESP Tunnel 5081 - NULL HMAC-MD5 TCP any

9 HOST-1 HIF-1z HIF-2y ESP Tunnel 1091 - NULL HMAC-MD5 UDP 3000/any

HOST-2 HIF-2y HIF-1z ESP Tunnel 5091 - NULL HMAC-MD5 UDP any/3000

10 HOST-1 HIF-1z HIF-2y ESP Tunnel 1101 - NULL HMAC-MD5 UDP any/3000

HOST-2 HIF-2y HIF-1z ESP Tunnel 5101 - NULL HMAC-MD5 UDP 3000/any

11 HOST-1 HIF-1z HIF-2y ESP Tunnel 1111 - NULL HMAC-MD5 TCP 21/any

HOST-2 HIF-2y HIF-1z ESP Tunnel 5111 - NULL HMAC-MD5 TCP any/21

12 HOST-1 HIF-1z HIF-2y ESP Tunnel 1121 - NULL HMAC-MD5 TCP any/21

HOST-2 HIF-2y HIF-1z ESP Tunnel 5121 - NULL HMAC-MD5 TCP 21/any

Applications:
ping program (ping)
UDP echo program (UDP echo)
ftp program (ftp)
telnet program (telnet)

NOTE:
We select these applications, as typical application for each protocol (ICMP/UDP/TCP).
In this scenario, it is not a subject to verify each application in detail.

Interoperability check

No Action Criteria Comments

Address auto configuration check.

1 Boot ROUTER-1. - -

2 Boot HOST-1. - -

3 Boot HOST-2. - -

4 Boot HOST-3. - -

Availability confirmation.

5 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1. HOST-2 and HOST-1 don't use IPsec.

6 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-1 *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1. HOST-2 and HOST-1 don't use IPsec.

7 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 1452 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-1 *HOST-2 sends UDP Echo Request to HOST-1
*HOST-2 receives UDP Echo Reply from HOST-1
HOST-2 and HOST-1 don't use IPsec.

8 At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 1452 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-1 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
HOST-2 and HOST-1 don't use IPsec.

9 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1. HOST-2 and HOST-1 don't use IPsec.

10 At HOST-3, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-3 downloads file correctly from HOST-1. HOST-2 and HOST-1 don't use IPsec.

IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=NULL) (ESP auth=HMAC-MD5)

11 At HOST-1 set configuration #1 - -

12 At HOST-2 set configuration #1 - -

13 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(ICMP)

14 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

15 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(ICMP)

16 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
The packet will be fragmented to 3 packets.
(ICMP)

17 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(UDP)

18 At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

19 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(TCP)

20 At HOST-3, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-3 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=NULL) (ESP auth=HMAC-SHA1)

21 At HOST-1 set configuration #2 - -

22 At HOST-2 set configuration #2 - -

23 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
(ICMP)

24 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(ICMP)

25 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
The packet will be fragmented to 3 packets.
(ICMP)

26 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(UDP)

27 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
(TCP)

IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=DES-CBC)

28 At HOST-1 set configuration #3 - -

29 At HOST-2 set configuration #3 - -

30 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC without authentication.
HOST-2 <-> HOST-1
(ICMP)

31 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC without authentication.
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(ICMP)

32 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC without authentication.
HOST-2 <-> HOST-1
The packet will be fragmented to 3 packets.
(ICMP)

33 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC without authentication.
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(UDP)

34 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC without authentication.
HOST-2 <-> HOST-1
(TCP)

IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=DES-CBC) (ESP auth=HMAC-MD5)

35 At HOST-1 set configuration #4 - -

36 At HOST-2 set configuration #4 - -

37 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(ICMP)

38 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(ICMP)

39 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
The packet will be fragmented to 3 packets.
(ICMP)

40 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(UDP)

41 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(TCP)

IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=DES-CBC) (ESP auth=HMAC-SHA1)

42 At HOST-1 set configuration #5 - -

43 At HOST-2 set configuration #5 - -

44 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
(ICMP)

45 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(ICMP)

46 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
The packet will be fragmented to 3 packets.
(ICMP)

47 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
The packet will be fragmented to 2 packets.
(UDP)

48 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = DES-CBC
ESP auth = HMAC-SHA1
HOST-2 <-> HOST-1
(TCP)

IPsec Tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [ICMP]) (ESP enc=NULL) (ESP auth=HMAC-MD5)

49 At HOST-1 set configuration #6 - -

50 At HOST-2 set configuration #6 - -

51 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(ICMP)

52 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

53 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

54 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [UDP]) (ESP enc=NULL) (ESP auth=HMAC-MD5)

55 At HOST-1 set configuration #7 - -

56 At HOST-2 set configuration #7 - -

57 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

58 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(UDP)

59 At HOST-3, run UDP echo program*1 to communicate with HOST-1.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

60 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [TCP]) (ESP enc=NULL) (ESP auth=HMAC-MD5)

61 At HOST-1 set configuration #8 - -

62 At HOST-2 set configuration #8 - -

63 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

64 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

65 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(TCP)

66 At HOST-3, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-3 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
-

IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (ESP enc=NULL) (ESP auth=HMAC-MD5)

67 At HOST-1 set configuration #9 - -

68 At HOST-2 set configuration #9 - -

69 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

70
At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000
*HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(UDP)

71 At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000 *HOST-1 sends UDP Echo Request to HOST-2.
*HOST-1 receives UDP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

72 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 4000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 4000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

73 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (ESP enc=NULL) (ESP auth=HMAC-MD5) Reverse direction

74 At HOST-1 set configuration #10 - -

75 At HOST-2 set configuration #10 - -

76 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

77 At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000 *HOST-1 sends UDP Echo Request to HOST-2.
*HOST-1 receives UDP Echo Reply from HOST-2.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(UDP Port=3000)

78 At HOST-2 run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

79 At HOST-1 run UDP echo program*1 to communicate with HOST-2 destination port is 4000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 4000 *HOST-1 sends UDP Echo Request to HOST-2.
*HOST-1 receives UDP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

80 At HOST-1, run "ftp" to HOST-2.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [TCP] Port=21) (ESP enc=NULL) (ESP auth=HMAC-MD5)

81 At HOST-1 set configuration #11 - -

82 At HOST-2 set configuration #11 - -

83 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

84 At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-2 sends UDP Echo Request to HOST-1.
*HOST-2 receives UDP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

85 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-1.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header.
*ftp control port is encrypted.
*ftp data port is encrypted. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(FTP)

86 At HOST-1, run "ftp" to HOST-2.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

87 At HOST-2, run "telnet" to HOST-1. *HOST-2 communicates with HOST-1.
*Original packets go through between HOST-1 and HOST-2.
-

IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [TCP] Port=21) (ESP enc=NULL) (ESP auth=HMAC-MD5) Reverse direction

88 At HOST-1 set configuration #12 - -

89 At HOST-2 set configuration #12 - -

90 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2 *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

91 At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000 *HOST-1 sends UDP Echo Request to HOST-2.
*HOST-1 receives UDP Echo Reply from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

92 At HOST-1, run "ftp" to HOST-2.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-2.
*Original packets are encapsulated between HOST-1 and HOST-2.
*Encapsulating packets include ESP header.
*ftp control port is encrypted.
*ftp data port is encrypted. ESP tunnel between HOST-1 and HOST-2.
ESP enc = NULL
ESP auth = HMAC-MD5
HOST-2 <-> HOST-1
(FTP)

93 At HOST-2, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

94 At HOST-1, run "telnet" to HOST-2. *HOST-1 communicates with HOST-2.
*Original packets go through between HOST-1 and HOST-2.
-

Mark"*"with no number means that we are going to judge that subject.

No	Action	Criteria	Comments
Address auto configuration check.
1	Boot ROUTER-1.	-	-
2	Boot HOST-1.	-	-
3	Boot HOST-2.	-	-
4	Boot HOST-3.	-	-
Availability confirmation.
5	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
6	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-1	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
7	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 1452 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-1	HOST-2 sends UDP Echo Request to HOST-1 HOST-2 receives UDP Echo Reply from HOST-1	HOST-2 and HOST-1 don't use IPsec.
8	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 1452 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-1	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
9	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	*HOST-2 downloads file correctly from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
10	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	*HOST-3 downloads file correctly from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=NULL) (ESP auth=HMAC-MD5)
11	At HOST-1 set configuration #1	-	-
12	At HOST-2 set configuration #1	-	-
13	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (ICMP)
14	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	-
15	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (ICMP)
16	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 The packet will be fragmented to 3 packets. (ICMP)
17	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (UDP)
18	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	-
19	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. *Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (TCP)
20	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	HOST-3 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-3.	-
IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=NULL) (ESP auth=HMAC-SHA1)
21	At HOST-1 set configuration #2	-	-
22	At HOST-2 set configuration #2	-	-
23	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 (ICMP)
24	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (ICMP)
25	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 The packet will be fragmented to 3 packets. (ICMP)
26	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (UDP)
27	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. *Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 (TCP)
IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=DES-CBC)
28	At HOST-1 set configuration #3	-	-
29	At HOST-2 set configuration #3	-	-
30	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC without authentication. HOST-2 <-> HOST-1 (ICMP)
31	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC without authentication. HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (ICMP)
32	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC without authentication. HOST-2 <-> HOST-1 The packet will be fragmented to 3 packets. (ICMP)
33	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC without authentication. HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (UDP)
34	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. *Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC without authentication. HOST-2 <-> HOST-1 (TCP)
IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=DES-CBC) (ESP auth=HMAC-MD5)
35	At HOST-1 set configuration #4	-	-
36	At HOST-2 set configuration #4	-	-
37	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (ICMP)
38	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (ICMP)
39	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 The packet will be fragmented to 3 packets. (ICMP)
40	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (UDP)
41	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. *Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (TCP)
IPsec tunnel [IP2][ESP][IP1] (granularity=HOST) (ESP enc=DES-CBC) (ESP auth=HMAC-SHA1)
42	At HOST-1 set configuration #5	-	-
43	At HOST-2 set configuration #5	-	-
44	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 (ICMP)
45	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (ICMP)
46	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 The packet will be fragmented to 3 packets. (ICMP)
47	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-1	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 The packet will be fragmented to 2 packets. (UDP)
48	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. *Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-2 <-> HOST-1 (TCP)
IPsec Tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [ICMP]) (ESP enc=NULL) (ESP auth=HMAC-MD5)
49	At HOST-1 set configuration #6	-	-
50	At HOST-2 set configuration #6	-	-
51	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (ICMP)
52	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	-
53	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
54	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [UDP]) (ESP enc=NULL) (ESP auth=HMAC-MD5)
55	At HOST-1 set configuration #7	-	-
56	At HOST-2 set configuration #7	-	-
57	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
58	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (UDP)
59	At HOST-3, run UDP echo program*1 to communicate with HOST-1. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	-
60	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [TCP]) (ESP enc=NULL) (ESP auth=HMAC-MD5)
61	At HOST-1 set configuration #8	-	-
62	At HOST-2 set configuration #8	-	-
63	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
64	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
65	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. *Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (TCP)
66	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	HOST-3 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-3.	-
IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (ESP enc=NULL) (ESP auth=HMAC-MD5)
67	At HOST-1 set configuration #9	-	-
68	At HOST-2 set configuration #9	-	-
69	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
70	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (UDP)
71	At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000	HOST-1 sends UDP Echo Request to HOST-2. HOST-1 receives UDP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
72	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 4000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 4000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
73	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (ESP enc=NULL) (ESP auth=HMAC-MD5) Reverse direction
74	At HOST-1 set configuration #10	-	-
75	At HOST-2 set configuration #10	-	-
76	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
77	At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000	HOST-1 sends UDP Echo Request to HOST-2. HOST-1 receives UDP Echo Reply from HOST-2. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (UDP Port=3000)
78	At HOST-2 run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
79	At HOST-1 run UDP echo program*1 to communicate with HOST-2 destination port is 4000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 4000	HOST-1 sends UDP Echo Request to HOST-2. HOST-1 receives UDP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
80	At HOST-1, run "ftp" to HOST-2. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-2. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [TCP] Port=21) (ESP enc=NULL) (ESP auth=HMAC-MD5)
81	At HOST-1 set configuration #11	-	-
82	At HOST-2 set configuration #11	-	-
83	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
84	At HOST-2, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-2 sends UDP Echo Request to HOST-1. HOST-2 receives UDP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-2.	-
85	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-1. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header. ftp control port is encrypted. *ftp data port is encrypted.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (FTP)
86	At HOST-1, run "ftp" to HOST-2. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-2. Original packets go through between HOST-1 and HOST-2.	-
87	At HOST-2, run "telnet" to HOST-1.	HOST-2 communicates with HOST-1. Original packets go through between HOST-1 and HOST-2.	-
IPsec tunnel [IP2][ESP][IP1] (granularity=UPPER Protocol [TCP] Port=21) (ESP enc=NULL) (ESP auth=HMAC-MD5) Reverse direction
88	At HOST-1 set configuration #12	-	-
89	At HOST-2 set configuration #12	-	-
90	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
91	At HOST-1, run UDP echo program*1 to communicate with HOST-2 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-2 3000	HOST-1 sends UDP Echo Request to HOST-2. HOST-1 receives UDP Echo Reply from HOST-2. *Original packets go through between HOST-1 and HOST-2.	-
92	At HOST-1, run "ftp" to HOST-2. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-2. Original packets are encapsulated between HOST-1 and HOST-2. Encapsulating packets include ESP header. ftp control port is encrypted. *ftp data port is encrypted.	ESP tunnel between HOST-1 and HOST-2. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-1 (FTP)
93	At HOST-2, run "ftp" to HOST-1. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-2. Original packets go through between HOST-1 and HOST-2.	-
94	At HOST-1, run "telnet" to HOST-2.	HOST-1 communicates with HOST-2. Original packets go through between HOST-1 and HOST-2.	-

Machine	Comments	Initial status	Configuration
HOST-3	Reference Machine	Is attached to Net-y with power turned off.	-
HOST-2	Reference Machine	Is attached to Net-y with power turned off.	-
ROUTER-1	Reference Machine	Power is turned off. I/F-z is attached to Net-z while I/F-y is attached to Net-y.	Sends RA to Net-z and Net-y. Sends and receives RIPng..
HOST-1	Target Machine	Is attached to Net-z with power turned off.	-

No.	Machine	Src	Dest	Protocol	Mode	SPI	AH auth	ESP enc	ESP auth	Upper	Port(Src/Dst)
1	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1011	-	NULL	HMAC-MD5	any	-
1	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5011	-	NULL	HMAC-MD5	any	-
2	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1021	-	NULL	HMAC-SHA1	any	-
2	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5021	-	NULL	HMAC-SHA1	any	-
3	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1031	-	DES-CBC	NULL	any	-
3	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5031	-	DES-CBC	NULL	any	-
4	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1041	-	DES-CBC	HMAC-MD5	any	-
4	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5041	-	DES-CBC	HMAC-MD5	any	-
5	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1051	-	DES-CBC	HMAC-SHA1	any	-
5	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5051	-	DES-CBC	HMAC-SHA1	any	-
6	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1061	-	NULL	HMAC-MD5	ICMP	-
6	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5061	-	NULL	HMAC-MD5	ICMP	-
7	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1071	-	NULL	HMAC-MD5	UDP	any
7	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5071	-	NULL	HMAC-MD5	UDP	any
8	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1081	-	NULL	HMAC-MD5	TCP	any
8	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5081	-	NULL	HMAC-MD5	TCP	any
9	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1091	-	NULL	HMAC-MD5	UDP	3000/any
9	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5091	-	NULL	HMAC-MD5	UDP	any/3000
10	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1101	-	NULL	HMAC-MD5	UDP	any/3000
10	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5101	-	NULL	HMAC-MD5	UDP	3000/any
11	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1111	-	NULL	HMAC-MD5	TCP	21/any
11	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5111	-	NULL	HMAC-MD5	TCP	any/21
12	HOST-1	HIF-1z	HIF-2y	ESP	Tunnel	1121	-	NULL	HMAC-MD5	TCP	any/21
12	HOST-2	HIF-2y	HIF-1z	ESP	Tunnel	5121	-	NULL	HMAC-MD5	TCP	21/any

ESP Tunnel mode (HOST) [IP2][ESP][IP1]

[Interoperability Test Scenario]

ESP Tunnel mode (HOST)
[IP2][ESP][IP1]