AH tunnel mode (Security Gateway)
[IP2][AH][IP1]

[Interoperability Test Scenario]

Last Update: February 26, 2000

This scenario verifies interoperability when the target ROUTER is attached to the model network.

Subjects:

Verification of router's action, when it works as Security Gateway.
Authentication Header(AH) tunnel mode.
Verification Points:

- Authentication algorithm

HMAC-MD5
HMAC-SHA1

- MODE:

tunnel

- Granularity:
Network
Host
Protocol(ICMP/UDP/TCP)

Physical Network Configuration:

SGW=Security Gateway

(3ffe:501:481d:f004::11)    (3ffe:501:481d:f004::12)
                 HOST-3      HOST-4
                   |           |
        (Net-w)  --+-----+-----+--- (3ffe:501:481d:f004::/64)
                         |
                         |(I/F3-w) (3ffe:501:481d:f004::3)
                      ROUTER-3(SGW)
                         |(I/F3-x) (3ffe:501:481d:f003::3)
                         |
        (Net-x)      ----+-----+--- (3ffe:501:481d:f003::/64)
                               |
                               |(I/F2-x) (3ffe:501:481d:f003::2)
                            ROUTER-2
                               |(I/F2-y) (3ffe:501:481d:f002::2)
                               |
        (Net-y)      ----+-----+--- (3ffe:501:481d:f002::/64)
                         |
                         |(I/F1-y) (3ffe:501:481d:f002::1)
                      ROUTER-1(SGW)
                         |(I/F1-z) (3ffe:501:481d:f001::1)
                         |
        (Net-z)   --+----+-----+--- (3ffe:501:481d:f001::/64)
                    |          |
                  HOST-1     HOST-2
(3ffe:501:481d:f001::11)    (3ffe:501:481d:f001::12)

Network	Prefix	Network media
Net-w	3ffe:501:481d:f004::/64	Ethernet 10BASE-T
Net-x	3ffe:501:481d:f003::/64	Ethernet 10BASE-T
Net-y	3ffe:501:481d:f002::/64	Ethernet 10BASE-T
Net-z	3ffe:501:481d:f001::/64	Ethernet 10BASE-T

Test Machines:

Machine Comments Initial status Configuration

HOST-3 Reference Machine Is attached to Net-w with power turned off. -

HOST-4 Reference Machine Is attached to Net-w with power turned off. -

ROUTER-3 Reference Machine Power is turned off. I/F-w is attached to Net-w while I/F-x is attached to Net-x. Sends RA to Net-w and Net-x
Sends and receives RIPng.

ROUTER-2 Reference Machine Power is turned off. I/F-x is attached to Net-x while I/F-y is attached to Net-y. Sends RA to Net-x and Net-y.
Sends and receives RIPng.

ROUTER-1 Target Machine Power is turned off. I/F-z is attached to Net-z while I/F-y is attached to Net-y. Sends RA to Net-z and Net-y.
Sends and receives RIPng.

HOST-1 Reference Machine Is attached to Net-z with power turned off. -

HOST-2 Reference Machine Is attached to Net-z with power turned off. -

Configuration List:

*AH auth = AH Authentication Algorithm
*ESP enc = ESP Encryption Algorithm
*ESP auth = ESP Authentication Algorithm

No. Machine Src Dest Protocol Mode SPI AH auth ESP enc ESP auth Upper Port(Src/Dst)

1
ROUTER-1 Net-z Net-w AH tunnel 1011 HMAC-MD5 - - any -

ROUTER-3 Net-w Net-z AH tunnel 5011 HMAC-MD5 - - any -

2 ROUTER-1 Net-z Net-w AH tunnel 1021 HMAC-SHA1 - - any -

ROUTER-3 Net-w Net-z AH tunnel 5021 HMAC-SHA1 - - any -

3
ROUTER-1 HOST-1 HOST-3 AH tunnel 1031 HMAC-MD5 - - any -

ROUTER-3 HOST-3 HOST-1 AH tunnel 5031 HMAC-MD5 - - any -

4 ROUTER-1 HOST-1 HOST-3 AH tunnel 1041 HMAC-MD5 - - ICMP -

ROUTER-3 HOST-3 HOST-1 AH tunnel 5041 HMAC-MD5 - - ICMP -

5 ROUTER-1 HOST-1 HOST-3 AH tunnel 1051 HMAC-MD5 - - UDP any

ROUTER-3 HOST-3 HOST-1 AH tunnel 5051 HMAC-MD5 - - UDP any

6 ROUTER-1 HOST-1 HOST-3 AH tunnel 1061 HMAC-MD5 - - TCP any

ROUTER-3 HOST-3 HOST-1 AH tunnel 5061 HMAC-MD5 - - TCP any

7 ROUTER-1 HOST-1 HOST-3 AH tunnel 1071 HMAC-MD5 - - UDP any/3000

ROUTER-3 HOST-3 HOST-1 AH tunnel 5071 HMAC-MD5 - - UDP 3000/any

8 ROUTER-1 HOST-1 HOST-3 AH tunnel 1081 HMAC-MD5 - - UDP 3000/any

ROUTER-3 HOST-3 HOST-1 AH tunnel 5081 HMAC-MD5 - - UDP any/3000

9 ROUTER-1 HOST-1 HOST-3 AH tunnel 1091 HMAC-MD5 - - TCP any/21

ROUTER-3 HOST-3 HOST-1 AH tunnel 5091 HMAC-MD5 - - TCP 21/any

10 ROUTER-1 HOST-1 HOST-3 AH tunnel 1101 HMAC-MD5 - - TCP 21/any

ROUTER-3 HOST-3 HOST-1 AH tunnel 5101 HMAC-MD5 - - TCP any/21

Applications:
ping program (ping)
UDP echo program (UDP echo)
ftp program (ftp)
telnet program (telnet)

NOTE:
We select these applications, as typical application for each protocol (ICMP/UDP/TCP).
In this scenario, it is not a subject to verify each application in detail.

Interoperability Check:

No Action Criteria Comments

Address auto configuration check.

1 Boot ROUTER-1. - -

2 Boot ROUTER-2 - -

3 Boot ROUTER-3 - -

4 Boot HOST-1. - -

5 Boot HOST-2. - -

6 Boot HOST-3. - -

7 Boot HOST-4. - -

Availability confirmation.

8 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3. ROUTER-1 and ROUTER-3 don't use IPsec.

9 At HOST-2, run "ping" to HOST-4.
Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-4. *HOST-2 sends ICMP Echo Request to HOST-4.
*HOST-2 receives ICMP Echo Reply from HOST-4. ROUTER-1 and ROUTER-3 don't use IPsec.

10 At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 1452 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-3 3000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
ROUTER-1 and ROUTER-3 don't use IPsec.

11 At HOST-2, run UDP echo program*1 to communicate with HOST-4 destination port is 3000.
Repeat 10 times, with 1452 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-4 3000 *HOST-2 sends UDP Echo Request to HOST-4.
*HOST-2 receives UDP Echo Reply from HOST-4.
ROUTER-1 and ROUTER-3 don't use IPsec.

12 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3. ROUTER-1 and ROUTER-3 don't use IPsec.

13 At HOST-2, run "ftp" to HOST-4.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-4. ROUTER-1 and ROUTER-3 don't use IPsec.

IPsec tunnel [IP2][AH][IP1] (granularity=Network) (AH auth=HMAC-MD5)

14 At ROUTER-1 set configuration #1 - -

15 At ROUTER-3 set configuration #1 - -

16 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(ICMP)

17 At HOST-2, run "ping" to HOST-4.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3. *HOST-2 sends ICMP Echo Request to HOST-4.
*HOST-2 receives ICMP Echo Reply from HOST-4.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-2 <-> HOST-4
(ICMP)

18 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
Original packet will be fragmented to 2 packets.
(ICMP)

19 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
Original packet will be fragmented to 3 packets.
(ICMP)

20 At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-3 3000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
Original packet will be fragmented to 2 packets.
(UDP)

21 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(TCP)

IPsec tunnel [IP2][AH][IP1] (granularity=NETWORK) (AH auth=HMAC-SHA1)

22 At ROUTER-1 set configuration #2 - -

23 At ROUTER-3 set configuration #2 - -

24 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1)
HOST-1 <-> HOST-3
(ICMP)

25 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1)
HOST-1 <-> HOST-3
Original packet will be fragmented to 2 packets.
(ICMP)

26 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1)
HOST-1 <-> HOST-3
Original packet will be fragmented to 3 packets.
(ICMP)

27 At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 2000 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-3 3000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1)
HOST-1 <-> HOST-3
Original packet will be fragmented to 2 packets.
(UDP)

28 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1)
HOST-1 <-> HOST-3
(TCP)

IPsec tunnel [IP2][AH][IP1] (granularity=HOST) (algorithm=HMAC-MD5)

29 At ROUTER-1 set configuration #3 - -

30 At ROUTER-3 set configuration #3 - -

31 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(ICMP)

32 At HOST-2, run "ping" to HOST-4.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4. *HOST-2 sends ICMP Echo Request to HOST-4.
*HOST-2 receives ICMP Echo Reply from HOST-4.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

33 At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(UDP)

34 At HOST-2, run UDP echo program*1 to communicate with HOST-4 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000 *HOST-2 sends UDP Echo Request to HOST-4.
*HOST-2 receives UDP Echo Reply from HOST-4.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

35 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(TCP)

36 At HOST-2, run "ftp" to HOST-4.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-4.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [ICMP]) (AH auth=HMAC-MD5)

37 At ROUTER-1 set configuration #4 - -

38 At ROUTER-3 set configuration #4 - -

39 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(ICMP)

40 At HOST-2, run "ping" to HOST-4.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4. *HOST-2 sends ICMP Echo Request to HOST-4.
*HOST-2 receives ICMP Echo Reply from HOST-4.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

41 At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

42 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP]) (AH auth=HMAC-MD5)

43 At ROUTER-1 set configuration #5 - -

44 At ROUTER-3 set configuration #5 - -

45 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

46 At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(UDP)

47 At HOST-2, run UDP echo program*1 to communicate with HOST-4.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-4 3000 *HOST-2 sends UDP Echo Request to HOST-4.
*HOST-2 receives UDP Echo Reply from HOST-4.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

48 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP]) (AH auth=HMAC-MD5)

49 At ROUTER-1 set configuration #6 - -

50 At ROUTER-3 set configuration #6 - -

51 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

52 At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

53 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(TCP)

54 At HOST-2, run "ftp" to HOST-4.
Get 5k bytes file. *HOST-2 downloads file correctly from HOST-4.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (AH auth=HMAC-MD5)

55 At ROUTER-1 set configuration #7 - -

56 At ROUTER-3 set configuration #7 - -

57 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

58
At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000
*HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(UDP)

59 At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

60 At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 4000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 4000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

61 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (AH auth=HMAC-MD5) Reverse direction

62 At ROUTER-1 set configuration #8 - -

63 At ROUTER-3 set configuration #8 - -

64 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

65 At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header. AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(UDP)

66 At HOST-1 run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

67 At HOST-3 run UDP echo program*1 to communicate with HOST-1 destination port is 4000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 4000 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

68 At HOST-3, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-3 downloads file correctly from HOST-1.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP] Port=21) (AH auth=HMAC-MD5)

69 At ROUTER-1 set configuration #9 - -

70 At ROUTER-3 set configuration #9 - -

71 At HOST-1, run "ping" to HOST-3.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3. *HOST-1 sends ICMP Echo Request to HOST-3.
*HOST-1 receives ICMP Echo Reply from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

72 At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000 *HOST-1 sends UDP Echo Request to HOST-3.
*HOST-1 receives UDP Echo Reply from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

73 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header.
*ftp control port is authenticated
*ftp data port is authenticated AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(FTP)

74 At HOST-3, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-3 downloads file correctly from HOST-1.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

75 At HOST-1, run "telnet" to HOST-3. *HOST-1 communicates with HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP] Port=21) (AH auth=HMAC-MD5) Reverse direction

76 At ROUTER-1 set configuration #10 - -

77 At ROUTER-3 set configuration #10 - -

78 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

79 At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000.
Repeat 10 times, with 64 bytes UDP payload, interval 1 second.
Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000 *HOST-3 sends UDP Echo Request to HOST-1.
*HOST-3 receives UDP Echo Reply from HOST-1.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

80 At HOST-3, run "ftp" to HOST-1.
Get 5k bytes file. *HOST-3 downloads file correctly from HOST-1.
*Original packets are encapsulated between ROUTER-1 and ROUTER-3.
*Encapsulating packets include AH header.
*FTP control port is authenticated
*FTP data port isn't authenticated AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5)
HOST-1 <-> HOST-3
(FTP)

81 At HOST-1, run "ftp" to HOST-3.
Get 5k bytes file. *HOST-1 downloads file correctly from HOST-3.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

82 At HOST-3, run "telnet" to HOST-1. *HOST-3 communicates with HOST-1.
*Original packets go through between ROUTER-1 and ROUTER-3.
-

Mark"*"with no number means that we are going to judge that subject.

No	Action	Criteria	Comments
Address auto configuration check.
1	Boot ROUTER-1.	-	-
2	Boot ROUTER-2	-	-
3	Boot ROUTER-3	-	-
4	Boot HOST-1.	-	-
5	Boot HOST-2.	-	-
6	Boot HOST-3.	-	-
7	Boot HOST-4.	-	-
Availability confirmation.
8	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3.	ROUTER-1 and ROUTER-3 don't use IPsec.
9	At HOST-2, run "ping" to HOST-4. Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-4.	HOST-2 sends ICMP Echo Request to HOST-4. HOST-2 receives ICMP Echo Reply from HOST-4.	ROUTER-1 and ROUTER-3 don't use IPsec.
10	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 1452 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3.	ROUTER-1 and ROUTER-3 don't use IPsec.
11	At HOST-2, run UDP echo program*1 to communicate with HOST-4 destination port is 3000. Repeat 10 times, with 1452 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-4 3000	HOST-2 sends UDP Echo Request to HOST-4. HOST-2 receives UDP Echo Reply from HOST-4.	ROUTER-1 and ROUTER-3 don't use IPsec.
12	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3.	ROUTER-1 and ROUTER-3 don't use IPsec.
13	At HOST-2, run "ftp" to HOST-4. Get 5k bytes file.	*HOST-2 downloads file correctly from HOST-4.	ROUTER-1 and ROUTER-3 don't use IPsec.
IPsec tunnel [IP2][AH][IP1] (granularity=Network) (AH auth=HMAC-MD5)
14	At ROUTER-1 set configuration #1	-	-
15	At ROUTER-3 set configuration #1	-	-
16	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (ICMP)
17	At HOST-2, run "ping" to HOST-4. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	HOST-2 sends ICMP Echo Request to HOST-4. HOST-2 receives ICMP Echo Reply from HOST-4. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-2 <-> HOST-4 (ICMP)
18	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (ICMP)
19	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 Original packet will be fragmented to 3 packets. (ICMP)
20	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (UDP)
21	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (TCP)
IPsec tunnel [IP2][AH][IP1] (granularity=NETWORK) (AH auth=HMAC-SHA1)
22	At ROUTER-1 set configuration #2	-	-
23	At ROUTER-3 set configuration #2	-	-
24	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1) HOST-1 <-> HOST-3 (ICMP)
25	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1) HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (ICMP)
26	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1) HOST-1 <-> HOST-3 Original packet will be fragmented to 3 packets. (ICMP)
27	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1) HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (UDP)
28	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-SHA1) HOST-1 <-> HOST-3 (TCP)
IPsec tunnel [IP2][AH][IP1] (granularity=HOST) (algorithm=HMAC-MD5)
29	At ROUTER-1 set configuration #3	-	-
30	At ROUTER-3 set configuration #3	-	-
31	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (ICMP)
32	At HOST-2, run "ping" to HOST-4. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4.	HOST-2 sends ICMP Echo Request to HOST-4. HOST-2 receives ICMP Echo Reply from HOST-4. *Original packets go through between ROUTER-1 and ROUTER-3.	-
33	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (UDP)
34	At HOST-2, run UDP echo program*1 to communicate with HOST-4 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	HOST-2 sends UDP Echo Request to HOST-4. HOST-2 receives UDP Echo Reply from HOST-4. *Original packets go through between ROUTER-1 and ROUTER-3.	-
35	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (TCP)
36	At HOST-2, run "ftp" to HOST-4. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-4. Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [ICMP]) (AH auth=HMAC-MD5)
37	At ROUTER-1 set configuration #4	-	-
38	At ROUTER-3 set configuration #4	-	-
39	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (ICMP)
40	At HOST-2, run "ping" to HOST-4. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4.	HOST-2 sends ICMP Echo Request to HOST-4. HOST-2 receives ICMP Echo Reply from HOST-4. *Original packets go through between ROUTER-1 and ROUTER-3.	-
41	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
42	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-3. Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP]) (AH auth=HMAC-MD5)
43	At ROUTER-1 set configuration #5	-	-
44	At ROUTER-3 set configuration #5	-	-
45	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
46	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (UDP)
47	At HOST-2, run UDP echo program*1 to communicate with HOST-4. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-4 3000	HOST-2 sends UDP Echo Request to HOST-4. HOST-2 receives UDP Echo Reply from HOST-4. *Original packets go through between ROUTER-1 and ROUTER-3.	-
48	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-3. Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP]) (AH auth=HMAC-MD5)
49	At ROUTER-1 set configuration #6	-	-
50	At ROUTER-3 set configuration #6	-	-
51	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
52	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
53	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (TCP)
54	At HOST-2, run "ftp" to HOST-4. Get 5k bytes file.	HOST-2 downloads file correctly from HOST-4. Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (AH auth=HMAC-MD5)
55	At ROUTER-1 set configuration #7	-	-
56	At ROUTER-3 set configuration #7	-	-
57	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
58	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (UDP)
59	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
60	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 4000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 4000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
61	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-3. Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [UDP] Port=3000) (AH auth=HMAC-MD5) Reverse direction
62	At ROUTER-1 set configuration #8	-	-
63	At ROUTER-3 set configuration #8	-	-
64	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
65	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header.	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (UDP)
66	At HOST-1 run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
67	At HOST-3 run UDP echo program*1 to communicate with HOST-1 destination port is 4000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 4000	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
68	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	HOST-3 downloads file correctly from HOST-1. Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP] Port=21) (AH auth=HMAC-MD5)
69	At ROUTER-1 set configuration #9	-	-
70	At ROUTER-3 set configuration #9	-	-
71	At HOST-1, run "ping" to HOST-3. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	HOST-1 sends ICMP Echo Request to HOST-3. HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
72	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	HOST-1 sends UDP Echo Request to HOST-3. HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
73	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-3. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header. ftp control port is authenticated *ftp data port is authenticated	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (FTP)
74	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	HOST-3 downloads file correctly from HOST-1. Original packets go through between ROUTER-1 and ROUTER-3.	-
75	At HOST-1, run "telnet" to HOST-3.	HOST-1 communicates with HOST-3. Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel [IP2][AH][IP1] (granularity=UPPER Protocol [TCP] Port=21) (AH auth=HMAC-MD5) Reverse direction
76	At ROUTER-1 set configuration #10	-	-
77	At ROUTER-3 set configuration #10	-	-
78	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
79	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	HOST-3 sends UDP Echo Request to HOST-1. HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
80	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	HOST-3 downloads file correctly from HOST-1. Original packets are encapsulated between ROUTER-1 and ROUTER-3. Encapsulating packets include AH header. FTP control port is authenticated *FTP data port isn't authenticated	AH tunnel between ROUTER-1 and ROUTER-3.(HMAC-MD5) HOST-1 <-> HOST-3 (FTP)
81	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	HOST-1 downloads file correctly from HOST-3. Original packets go through between ROUTER-1 and ROUTER-3.	-
82	At HOST-3, run "telnet" to HOST-1.	HOST-3 communicates with HOST-1. Original packets go through between ROUTER-1 and ROUTER-3.	-

Machine	Comments	Initial status	Configuration
HOST-3	Reference Machine	Is attached to Net-w with power turned off.	-
HOST-4	Reference Machine	Is attached to Net-w with power turned off.	-
ROUTER-3	Reference Machine	Power is turned off. I/F-w is attached to Net-w while I/F-x is attached to Net-x.	Sends RA to Net-w and Net-x Sends and receives RIPng.
ROUTER-2	Reference Machine	Power is turned off. I/F-x is attached to Net-x while I/F-y is attached to Net-y.	Sends RA to Net-x and Net-y. Sends and receives RIPng.
ROUTER-1	Target Machine	Power is turned off. I/F-z is attached to Net-z while I/F-y is attached to Net-y.	Sends RA to Net-z and Net-y. Sends and receives RIPng.
HOST-1	Reference Machine	Is attached to Net-z with power turned off.	-
HOST-2	Reference Machine	Is attached to Net-z with power turned off.	-

No.	Machine	Src	Dest	Protocol	Mode	SPI	AH auth	ESP enc	ESP auth	Upper	Port(Src/Dst)
1	ROUTER-1	Net-z	Net-w	AH	tunnel	1011	HMAC-MD5	-	-	any	-
1	ROUTER-3	Net-w	Net-z	AH	tunnel	5011	HMAC-MD5	-	-	any	-
2	ROUTER-1	Net-z	Net-w	AH	tunnel	1021	HMAC-SHA1	-	-	any	-
2	ROUTER-3	Net-w	Net-z	AH	tunnel	5021	HMAC-SHA1	-	-	any	-
3	ROUTER-1	HOST-1	HOST-3	AH	tunnel	1031	HMAC-MD5	-	-	any	-
3	ROUTER-3	HOST-3	HOST-1	AH	tunnel	5031	HMAC-MD5	-	-	any	-
4	ROUTER-1	HOST-1	HOST-3	AH	tunnel	1041	HMAC-MD5	-	-	ICMP	-
4	ROUTER-3	HOST-3	HOST-1	AH	tunnel	5041	HMAC-MD5	-	-	ICMP	-
5	ROUTER-1	HOST-1	HOST-3	AH	tunnel	1051	HMAC-MD5	-	-	UDP	any
5	ROUTER-3	HOST-3	HOST-1	AH	tunnel	5051	HMAC-MD5	-	-	UDP	any
6	ROUTER-1	HOST-1	HOST-3	AH	tunnel	1061	HMAC-MD5	-	-	TCP	any
6	ROUTER-3	HOST-3	HOST-1	AH	tunnel	5061	HMAC-MD5	-	-	TCP	any
7	ROUTER-1	HOST-1	HOST-3	AH	tunnel	1071	HMAC-MD5	-	-	UDP	any/3000
7	ROUTER-3	HOST-3	HOST-1	AH	tunnel	5071	HMAC-MD5	-	-	UDP	3000/any
8	ROUTER-1	HOST-1	HOST-3	AH	tunnel	1081	HMAC-MD5	-	-	UDP	3000/any
8	ROUTER-3	HOST-3	HOST-1	AH	tunnel	5081	HMAC-MD5	-	-	UDP	any/3000
9	ROUTER-1	HOST-1	HOST-3	AH	tunnel	1091	HMAC-MD5	-	-	TCP	any/21
9	ROUTER-3	HOST-3	HOST-1	AH	tunnel	5091	HMAC-MD5	-	-	TCP	21/any
10	ROUTER-1	HOST-1	HOST-3	AH	tunnel	1101	HMAC-MD5	-	-	TCP	21/any
10	ROUTER-3	HOST-3	HOST-1	AH	tunnel	5101	HMAC-MD5	-	-	TCP	any/21

AH tunnel mode (Security Gateway) [IP2][AH][IP1]

[Interoperability Test Scenario]

AH tunnel mode (Security Gateway)
[IP2][AH][IP1]