ESP tunnel mode (Security Gateway)
[IP2][ESP][IP1]

[Interoperability Test Scenario]

Last Update: February 26, 2000

This scenario verifies interoperability when the target ROUTER is attached to the model network.

• Subjects:

Verification of router's action, when it works as Security Gateway.
Using ESP tunnel mode.

Verification Points:


- Authentication algorithm


HMAC-MD5
HMAC-SHA1


- Encryption algorithm


NULL
DES-CBC


- MODE:


tunnel


- Granularity:


Network
Host
Protocol(ICMP/UDP/TCP)

• Physical Network Configuration:

SGW=Security Gateway

(3ffe:501:481d:f004::11)    (3ffe:501:481d:f004::12)
                 HOST-3      HOST-4
                   |           |
        (Net-w)  --+-----+-----+--- (3ffe:501:481d:f004::/64)
                         |
                         |(I/F3-w) (3ffe:501:481d:f004::3)
                      ROUTER-3(SGW)
                         |(I/F3-x) (3ffe:501:481d:f003::3)
                         |
        (Net-x)      ----+-----+--- (3ffe:501:481d:f003::/64)
                               |
                               |(I/F2-x) (3ffe:501:481d:f003::2)
                            ROUTER-2
                               |(I/F2-y) (3ffe:501:481d:f002::2)
                               |
        (Net-y)      ----+-----+--- (3ffe:501:481d:f002::/64)
                         |
                         |(I/F1-y) (3ffe:501:481d:f002::1)
                      ROUTER-1(SGW)
                         |(I/F1-z) (3ffe:501:481d:f001::1)
                         |
        (Net-z)   --+----+-----+--- (3ffe:501:481d:f001::/64)
                    |          |
                  HOST-1     HOST-2
(3ffe:501:481d:f001::11)    (3ffe:501:481d:f001::12)

Network	Prefix	Network media
Net-w	3ffe:501:481d:f004::/64	Ethernet 10BASE-T
Net-x	3ffe:501:481d:f003::/64	Ethernet 10BASE-T
Net-y	3ffe:501:481d:f002::/64	Ethernet 10BASE-T
Net-z	3ffe:501:481d:f001::/64	Ethernet 10BASE-T

• Test Machines:

Machine	Comments	Initial status	Configuration
HOST-3	Reference Machine	Is attached to Net-w with power turned off.	-
HOST-4	Reference Machine	Is attached to Net-w with power turned off.	-
ROUTER-3	Reference Machine	Power is turned off. I/F-w is attached to Net-w while I/F-x is attached to Net-x.	Sends RA to Net-w and Net-x Sends and receives RIPng.
ROUTER-2	Reference Machine	Power is turned off. I/F-x is attached to Net-x while I/F-y is attached to Net-y.	Sends RA to Net-x and Net-y. Sends and receives RIPng.
ROUTER-1	Target Machine	Power is turned off. I/F-z is attached to Net-z while I/F-y is attached to Net-y.	Sends RA to Net-z and Net-y. Sends and receives RIPng.
HOST-1	Reference Machine	Is attached to Net-z with power turned off.	-
HOST-2	Reference Machine	Is attached to Net-z with power turned off.	-

• Configuration List:
  
  *AH auth = AH Authentication Algorithm
  *ESP enc = ESP Encryption Algorithm
  *ESP auth = ESP Authentication Algorithm

No.	Machine	Src	Dest	Protocol	Mode	SPI	AH auth	ESP enc	ESP auth	Upper	Port(Src/Dst)
1	ROUTER-1	Net-z	Net-w	ESP	tunnel	1011	-	NULL	HMAC-MD5	any	-
	ROUTER-3	Net-w	Net-z	ESP	tunnel	5011	-	NULL	HMAC-MD5	any	-
2	ROUTER-1	Net-z	Net-w	ESP	tunnel	1021	-	NULL	HMAC-SHA1	any	-
	ROUTER-3	Net-w	Net-z	ESP	tunnel	5021	-	NULL	HMAC-SHA1	any	-
3	ROUTER-1	Net-z	Net-w	ESP	tunnel	1031	-	DES-CBC	NULL	any	-
	ROUTER-3	Net-w	Net-z	ESP	tunnel	5031	-	DES-CBC	NULL	any	-
4	ROUTER-1	Net-z	Net-w	ESP	tunnel	1041	-	DES-CBC	HMAC-MD5	any	-
	ROUTER-3	Net-w	Net-z	ESP	tunnel	5041	-	DES-CBC	HMAC-MD5	any	-
5	ROUTER-1	Net-z	Net-w	ESP	tunnel	1051	-	DES-CBC	HMAC-SHA1	any	-
	ROUTER-3	Net-w	Net-z	ESP	tunnel	5051	-	DES-CBC	HMAC-SHA1	any	-
6	ROUTER-1	HOST-1	HOST-3	ESP	tunnel	1061	-	NULL	HMAC-MD5	any	-
	ROUTER-3	HOST-3	HOST-1	ESP	tunnel	5061	-	NULL	HMAC-MD5	any	-
7	ROUTER-1	HOST-1	HOST-3	ESP	tunnel	1071	-	NULL	HMAC-MD5	ICMP	-
	ROUTER-3	HOST-3	HOST-1	ESP	tunnel	5071	-	NULL	HMAC-MD5	ICMP	-
8	ROUTER-1	HOST-1	HOST-3	ESP	tunnel	1081	-	NULL	HMAC-MD5	UDP	any
	ROUTER-3	HOST-3	HOST-1	ESP	tunnel	5081	-	NULL	HMAC-MD5	UDP	any
9	ROUTER-1	HOST-1	HOST-3	ESP	tunnel	1091	-	NULL	HMAC-MD5	TCP	any
	ROUTER-3	HOST-3	HOST-1	ESP	tunnel	5091	-	NULL	HMAC-MD5	TCP	any
10	ROUTER-1	HOST-1	HOST-3	ESP	tunnel	1101	-	NULL	HMAC-MD5	UDP	any/3000
	ROUTER-3	HOST-3	HOST-1	ESP	tunnel	5101	-	NULL	HMAC-MD5	UDP	3000/any
11	ROUTER-1	HOST-1	HOST-3	ESP	tunnel	1111	-	NULL	HMAC-MD5	UDP	3000/any
	ROUTER-3	HOST-3	HOST-1	ESP	tunnel	5111	-	NULL	HMAC-MD5	UDP	any/3000
12	ROUTER-1	HOST-1	HOST-3	ESP	tunnel	1121	-	NULL	HMAC-MD5	TCP	any/21
	ROUTER-3	HOST-3	HOST-1	ESP	tunnel	5121	-	NULL	HMAC-MD5	TCP	21/any
13	ROUTER-1	HOST-1	HOST-3	ESP	tunnel	1131	-	NULL	HMAC-MD5	TCP	21/any
	ROUTER-3	HOST-3	HOST-1	ESP	tunnel	5131	-	NULL	HMAC-MD5	TCP	any/21

• Applications:

  ping program (ping)
  UDP echo program (UDP echo)
  ftp program (ftp)
  telnet program (telnet)
  
  NOTE: 
  We select these applications, as typical application for each protocol  (ICMP/UDP/TCP).
  In this scenario, it is not a subject to verify each application in detail.

• Interoperability Check:

No	Action	Criteria	Comments
Address auto configuration check.
1	Boot ROUTER-1.	-	-
2	Boot ROUTER-2	-	-
3	Boot ROUTER-3	-	-
4	Boot HOST-1.	-	-
5	Boot HOST-2.	-	-
6	Boot HOST-3.	-	-
7	Boot HOST-4.	-	-
Availability confirmation.
8	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3.	ROUTER-1 and ROUTER-3 don't use IPsec.
9	At HOST-2, run "ping" to HOST-4.  Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-4.	*HOST-2 sends ICMP Echo Request to HOST-4. *HOST-2 receives ICMP Echo Reply from HOST-4.	ROUTER-1 and ROUTER-3 don't use IPsec.
10	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 1452 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3.	ROUTER-1 and ROUTER-3 don't use IPsec.
11	At HOST-2, run UDP echo program*1 to communicate with HOST-4 destination port is 3000. Repeat 10 times, with 1452 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 1452 -i 1 -c 10 HOST-4 3000	*HOST-2 sends UDP Echo Request to HOST-4. *HOST-2 receives UDP Echo Reply from HOST-4.	ROUTER-1 and ROUTER-3 don't use IPsec.
12	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3.	ROUTER-1 and ROUTER-3 don't use IPsec.
13	At HOST-2, run "ftp" to HOST-4. Get 5k bytes file.	*HOST-2 downloads file correctly from HOST-4.	ROUTER-1 and ROUTER-3 don't use IPsec.
IPsec tunnel (granularity=Network) (ESP enc=NULL) (ESP auth=HMAC-MD5)
14	At ROUTER-1 set configuration #1	-	-
15	At ROUTER-3 set configuration #1	-	-
16	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 (ICMP)
17	At HOST-2, run "ping" to HOST-4.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4.	*HOST-2 sends ICMP Echo Request to HOST-4. *HOST-2 receives ICMP Echo Reply from HOST-4. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-MD5 HOST-2 <-> HOST-4 (ICMP)
18	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (ICMP)
19	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 Original packet will be fragmented to 3 packets. (ICMP)
20	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (UDP)
21	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 (TCP)
IPsec tunnel (granularity=Network) (ESP enc=NULL) (ESP auth=HMAC-SHA1)
22	At ROUTER-1 set configuration #2	-	-
23	At ROUTER-3 set configuration #2	-	-
24	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 (ICMP)
25	At HOST-2, run "ping" to HOST-4.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4.	*HOST-2 sends ICMP Echo Request to HOST-4. *HOST-2 receives ICMP Echo Reply from HOST-4. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-2 <-> HOST-4 (ICMP)
26	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (ICMP)
27	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 Original packet will be fragmented to 3 packets. (ICMP)
28	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (UDP)
29	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 (TCP)
IPsec tunnel (granularity=NETWORK) (ESP enc=DES-CBC) (ESP auth=none)
30	At ROUTER-1 set configuration #3	-	-
31	At ROUTER-3 set configuration #3	-	-
32	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC Without Authentication HOST-1 <-> HOST-3 (ICMP)
33	At HOST-2, run "ping" to HOST-4.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4.	*HOST-2 sends ICMP Echo Request to HOST-4. *HOST-2 receives ICMP Echo Reply from HOST-4. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC Without Authentication HOST-2 <-> HOST-4 (ICMP)
34	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC Without Authentication HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (ICMP)
35	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC Without Authentication HOST-1 <-> HOST-3 Original packet will be fragmented to 3 packets. (ICMP)
36	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC Without Authentication HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (UDP)
37	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC Without Authentication HOST-1 <-> HOST-3 (TCP)
IPsec tunnel (granularity=Network) (ESP enc=DES-CBC) (ESP auth=HMAC-MD5)
38	At ROUTER-1 set configuration #4	-	-
39	At ROUTER-3 set configuration #4	-	-
40	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 (ICMP)
41	At HOST-2, run "ping" to HOST-4.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4.	*HOST-2 sends ICMP Echo Request to HOST-4. *HOST-2 receives ICMP Echo Reply from HOST-4. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-2 <-> HOST-4 (ICMP)
42	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (ICMP)
43	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 Original packet will be fragmented to 3 packets. (ICMP)
44	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (UDP)
45	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-MD5 HOST-1 <-> HOST-3 (TCP)
IPsec tunnel (granularity=Network) (ESP enc=DES-CBC) (ESP auth=HMAC-SHA1)
46	At ROUTER-1 set configuration #5	-	-
47	At ROUTER-3 set configuration #5	-	-
48	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 (ICMP)
49	At HOST-2, run "ping" to HOST-4.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4.	*HOST-2 sends ICMP Echo Request to HOST-4. *HOST-2 receives ICMP Echo Reply from HOST-4. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-2 <-> HOST-4 (ICMP)
50	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (ICMP)
51	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 Original packet will be fragmented to 3 packets. (ICMP)
52	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 2000 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 2000 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 Original packet will be fragmented to 2 packets. (UDP)
53	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = DES-CBC ESP auth = HMAC-SHA1 HOST-1 <-> HOST-3 (TCP)
IPsec tunnel (granularity=HOST) (algorithm=NULL)
54	At ROUTER-1 set configuration #6	-	-
55	At ROUTER-3 set configuration #6	-	-
56	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (ICMP)
57	At HOST-2, run "ping" to HOST-4.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4.	*HOST-2 sends ICMP Echo Request to HOST-4. *HOST-2 receives ICMP Echo Reply from HOST-4. *Original packets go through between ROUTER-1 and ROUTER-3.	-
58	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (UDP)
59	At HOST-2, run UDP echo program*1 to communicate with HOST-4 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-4 3000	*HOST-2 sends UDP Echo Request to HOST-4. *HOST-2 receives UDP Echo Reply from HOST-4. *Original packets go through between ROUTER-1 and ROUTER-3.	-
60	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (TCP)
61	At HOST-2, run "ftp" to HOST-4. Get 5k bytes file.	*HOST-2 downloads file correctly from HOST-4. *Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel (granularity=UPPER Protocol [ICMP]) (algorithm=NULL)
62	At ROUTER-1 set configuration #7	-	-
63	At ROUTER-3 set configuration #7	-	-
64	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (ICMP)
65	At HOST-2, run "ping" to HOST-4.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-4.	*HOST-2 sends ICMP Echo Request to HOST-4. *HOST-2 receives ICMP Echo Reply from HOST-4. *Original packet is encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packet includes ESP header.	-
66	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
67	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel (granularity=UPPER Protocol [UDP]) (algorithm=NULL)
68	At ROUTER-1 set configuration #8	-	-
69	At ROUTER-3 set configuration #8	-	-
70	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
71	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (UDP)
72	At HOST-2, run UDP echo program*1 to communicate with HOST-4 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-4 3000	*HOST-2 sends UDP Echo Request to HOST-4. *HOST-2 receives UDP Echo Reply from HOST-4. *Original packets go through between ROUTER-1 and ROUTER-3.	-
73	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel (granularity=UPPER Protocol [TCP]) (algorithm=NULL)
74	At ROUTER-1 set configuration #9	-	-
75	At ROUTER-3 set configuration #9	-	-
76	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
77	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
78	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (TCP)
79	At HOST-2, run "ftp" to HOST-4. Get 5k bytes file.	*HOST-2 downloads file correctly from HOST-4. *Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel (granularity=UPPER Protocol [UDP] Port=3000) (algorithm=NULL)
80	At ROUTER-1 set configuration #10	-	-
81	At ROUTER-3 set configuration #10	-	-
82	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
83	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (UDP)
84	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 4000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 4000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
85	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	*HOST-3 sends UDP Echo Request to HOST-1. *HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
86	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel (granularity=UPPER Protocol [UDP] Port=3000) (algorithm=NULL) Reverse direction
87	At ROUTER-1 set configuration #11	-	-
88	At ROUTER-3 set configuration #11	-	-
89	At HOST-3, run "ping" to HOST-1.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1.	*HOST-3 sends ICMP Echo Request to HOST-1. *HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
90	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	*HOST-3 sends UDP Echo Request to HOST-1. *HOST-3 receives UDP Echo Reply from HOST-1. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (UDP)
91	At HOST-3 run UDP echo program*1 to communicate with HOST-1 destination port is 4000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 4000	*HOST-3 sends UDP Echo Request to HOST-1. *HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
92	At HOST-1 run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
93	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	*HOST-3 downloads file correctly from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel (granularity=UPPER Protocol [TCP] Port=21) (algorithm=NULL)
94	At ROUTER-1 set configuration #12	-	-
95	At ROUTER-3 set configuration #12	-	-
96	At HOST-1, run "ping" to HOST-3.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-3.	*HOST-1 sends ICMP Echo Request to HOST-3. *HOST-1 receives ICMP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
97	At HOST-1, run UDP echo program*1 to communicate with HOST-3 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-3 3000	*HOST-1 sends UDP Echo Request to HOST-3. *HOST-1 receives UDP Echo Reply from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
98	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header. *FTP control port is encrypted. *FTP data port isn't encrypted.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (FTP)
99	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	*HOST-3 downloads file correctly from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
100	At HOST-1, run "telnet" to HOST-3.	*HOST-1 communicates with HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
IPsec tunnel (granularity=UPPER Protocol [TCP] Port=21) (algorithm=NULL) Reverse direction
101	At ROUTER-1 set configuration #13	-	-
102	At ROUTER-3 set configuration #13	-	-
103	At HOST-3, run "ping" to HOST-1.  Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-1	*HOST-3 sends ICMP Echo Request to HOST-1. *HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
104	At HOST-3, run UDP echo program*1 to communicate with HOST-1 destination port is 3000. Repeat 10 times, with 64 bytes UDP payload, interval 1 second. Ex) # echo6c -I ed0 -s 64 -i 1 -c 10 HOST-1 3000	*HOST-3 sends UDP Echo Request to HOST-1. *HOST-3 receives UDP Echo Reply from HOST-1. *Original packets go through between ROUTER-1 and ROUTER-3.	-
105	At HOST-3, run "ftp" to HOST-1. Get 5k bytes file.	*HOST-3 downloads file correctly from HOST-1. *Original packets are encapsulated between ROUTER-1 and ROUTER-3. *Encapsulating packets include ESP header. *FTP control port is encrypted. *FTP data port isn't encrypted.	ESP tunnel between ROUTER-1 and ROUTER-3. ESP enc = NULL Without Authentication HOST-1 <-> HOST-3 (FTP)
106	At HOST-1, run "ftp" to HOST-3. Get 5k bytes file.	*HOST-1 downloads file correctly from HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-
107	At HOST-3, run "telnet" to HOST-1.	*HOST-1 communicates with HOST-3. *Original packets go through between ROUTER-1 and ROUTER-3.	-

Mark"*"with no number means that we are going to judge that subject.