IPsec tunnel mode to IPsec tunnel mode (Security Gateway)
[IP3][AH/ESP][IP2][AH/ESP][IP1]

[Interoperability Test Scenario]

Last Update: February 26, 2000

This scenario verifies interoperability when the target ROUTER is attached to the model network.

Subjects:

Verification of router's action, when it works as Security Gateway.
AH or ESP tunnel mode to AH or ESP tunnel mode packet.

Verification Points:

- Authentication algorithm

HMAC-MD5

- Encryption algorithm

NULL

- MODE:

tunnel

- Granularity:

Network

Logical Network Configuration:

SGW=Security Gateway

 HOST-1 --- SGW-1 -------------------- SGW-2 --- SGW-3 --- HOST-2
             | |                        ^         ^
             | |                        |         |
             | +---SA2(AH/ESP tunnel)---+         |
             |                                    |
             +-----SA1(AH/ESP tunnel)-------------+


 HOST-1 --- SGW-1 -------------------- SGW-2 --- SGW-3 --- HOST-2
             | |                        ^         ^
             | |                        |         |
             | +---SA2(AH/ESP tunnel)---+         |
             |                                    |
             +-----SA1(AH/ESP tunnel)-------------+

Physical Network Configuration:

SGW = Security Gateway

               HOST-2
                 |(3ffe:501:481d:f005::22)
                 |
(Net-v)      ----+-----+--- (3ffe:501:481d:f005::/64)
                       |
                       |(I/F4-v) (3ffe:501:481d:f005::4)
                    ROUTER-4(SGW)
                       |(I/F4-w) (3ffe:501:481d:f004::4)
                       |
(Net-w)    ------+-----+--- (3ffe:501:481d:f004::/64)
                 |
                 |(I/F3-w) (3ffe:501:481d:f004::3)
              ROUTER-3(SGW)
                 |(I/F3-x) (3ffe:501:481d:f003::3)
                 |
(Net-x)      ----+-----+--- (3ffe:501:481d:f003::/64)
                       |
                       |(I/F2-x) (3ffe:501:481d:f003::2)
                    ROUTER-2
                       |(I/F2-y) (3ffe:501:481d:f002::2)
                       |
(Net-y)      ----+-----+--- (3ffe:501:481d:f002::/64)
                 |
                 |(I/F1-y) (3ffe:501:481d:f002::1)
              ROUTER-1(SGW)
                 |(I/F1-z) (3ffe:501:481d:f001::1)
                 |
(Net-z)   --+----+--------- (3ffe:501:481d:f001::/64)
            |
            |(3ffe:501:481d:f001::11)
          HOST-1

Network	Prefix	Network media
Net-v	3ffe:501:481d:f005::/64	Ethernet 10BASE-T
Net-w	3ffe:501:481d:f004::/64	Ethernet 10BASE-T
Net-x	3ffe:501:481d:f003::/64	Ethernet 10BASE-T
Net-y	3ffe:501:481d:f002::/64	Ethernet 10BASE-T
Net-z	3ffe:501:481d:f001::/64	Ethernet 10BASE-T

Test Machines:

Machine Comments Initial status Configuration

HOST-2 Reference Machine Is attached to Net-v with power turned off. -

ROUTER-4 Reference Machine Power is turned off. I/F-4w is attached to Net-w while I/F-4v is attached to Net-v. Sends RA to Net-w and Net-v.
Sends and receives RIPng.

ROUTER-3 Reference Machine Power is turned off. I/F-3x is attached to Net-x while I/F-3w is attached to Net-w. Sends RA to Net-x and Net-w.
Sends and receives RIPng.

ROUTER-2 Reference Machine Power is turned off. I/F-2y is attached to Net-y while I/F-2x is attached to Net-x. Sends RA to Net-y and Net-x.
Sends and receives RIPng.

ROUTER-1 Target Machine Power is turned off. I/F-1z is attached to Net-z while I/F-1y is attached to Net-y. Sends RA to Net-z and Net-y.
Sends and receives RIPng.

HOST-1 Reference Machine Is attached to Net-z with power turned off. -

Configuration List:

*AH auth = AH Authentication Algorithm
*ESP enc = ESP Encryption Algorithm
*ESP auth = ESP Authentication Algorithm

No. Machine Src Dest Protocol Mode SPI AH auth ESP enc ESP auth Upper Port(Src/Dst)

1
ROUTER-1 Net-z Net-v AH tunnel 1011 HMAC-MD5 - - any -

IF-1y IF-4w AH tunnel 1012 HMAC-MD5 - - any -

ROUTER-3 IF-4w IF-1y AH tunnel 2011 HMAC-MD5 - - any -

ROUTER-4 Net-v Net-z AH tunnel 3012 HMAC-MD5 - - any -

2
ROUTER-1 Net-z Net-v ESP tunnel 1021 - NULL HMAC-MD5 any -

IF-1y IF-4w AH tunnel 1022 HMAC-MD5 - - any -

ROUTER-3 IF-4w IF-1y AH tunnel 2021 HMAC-MD5 - - any -

ROUTER-4 Net-v Net-z ESP tunnel 3022 - NULL HMAC-MD5 any -

3
ROUTER-1 Net-z Net-v AH tunnel 1031 HMAC-MD5 - - any -

IF-1y IF-4w ESP tunnel 1032 - NULL HMAC-MD5 any -

ROUTER-3 IF-4w IF-1y ESP tunnel 5031 - NULL HMAC-MD5 any -

ROUTER-4 Net-v Net-z AH tunnel 5032 HMAC-MD5 - - any -

4
ROUTER-1 Net-z Net-v ESP tunnel 1041 - NULL HMAC-MD5 any -

IF-1y IF-4w ESP tunnel 1042 - NULL HMAC-MD5 any -

ROUTER-3 IF-4w IF-1y ESP tunnel 5041 - NULL HMAC-MD5 any -

ROUTER-4 Net-v Net-z ESP tunnel 5042 - NULL HMAC-MD5 any -

Applications:
ping program (ping)

NOTE:
We select only ping.
About other applications or protocols we prepare other scenarios.

Interoperability Check:

No Action Criteria Comments

Address auto configuration check.

1 Boot ROUTER-1. - -

2 Boot ROUTER-2 - -

3 Boot ROUTER-3 - -

4 Boot ROUTER-4 - -

5 Boot HOST-1. - -

6 Boot HOST-2. - -

Availability confirmation.

7 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2. ROUTER-1, ROUTER-3 and ROUTER-4 don't use IPsec.

IPsec duplicate tunnels [IP3][AH][IP2][AH][IP1]

8 At ROUTER-1 set configuration #1 - -

9 At ROUTER-2 set configuration #1 - -

10 At ROUTER-3 set configuration #1 - -

11 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH). IP1 [SRC = HOST-1/HOST-2] - [DST = HOST-2/HOST-1]
IP2 [SRC = IF-1y/IF-4w] - [DST = IF-4w/IF-1y]
IP3 [SRC = IF-1y/IF-3x] - [DST = IF-3x/IF-1y]

12 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH). Original packet will be fragmented to 2 packets.

13 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH). Original packet will be fragmented to 3 packets.

IPsec duplicate tunnels [IP3][AH][IP2][ESP][IP1]

14 At ROUTER-1 set configuration #2 - -

15 At ROUTER-2 set configuration #2 - -

16 At ROUTER-3 set configuration #2 - -

17 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH). IP1 [SRC = HOST-1/HOST-2] -[DST = HOST-2/HOST-1]
IP2 [SRC = IF-1y/IF-4w] - [DST = IF-4w/IF-1y]
IP3 [SRC = IF-1y/IF-3x] -[DST = IF-3x/IF-1y]

18 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH). Original packet will be fragmented to 2 packets.

19 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH). Original packet will be fragmented to 3 packets.

IPsec duplicate tunnels [IP3][ESP][IP2][AH][IP1]

20 At ROUTER-1 set configuration #3 - -

21 At ROUTER-2 set configuration #3 - -

22 At ROUTER-3 set configuration #3 - -

23 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP). IP1 [SRC = HOST-1/HOST-2] - [DST = HOST-2/HOST-1]
IP2 [SRC = IF-1y/IF-4w] - [DST = IF-4w/IF-1y]
IP3 [SRC = IF-1y/IF-3x] - [DST = IF-3x/IF-1y]

24 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP). Original packet will be fragmented to 2 packets.

25 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP). Original packet will be fragmented to 3 packets.

IPsec duplicate tunnels [IP3][ESP][IP2][ESP][IP1]

26 At ROUTER-1 set configuration #4 - -

27 At ROUTER-2 set configuration #4 - -

28 At ROUTER-3 set configuration #4 - -

29 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP). IP1 [SRC = HOST-1/HOST-2] - [DST = HOST-2/HOST-1]
IP2 [SRC = IF-1y/IF-4w] - [DST = IF-4w/IF-1y]
IP3 [SRC = IF-1y/IF-3x] - [DST = IF-3x/IF-1y]

30 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP). Original packet will be fragmented to 2 packets.

31 At HOST-1, run "ping" to HOST-2.
Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second.
Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-2. *HOST-1 sends ICMP Echo Request to HOST-2.
*HOST-1 receives ICMP Echo Reply from HOST-2.
*Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP).
*[IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP). Original packet will be fragmented to 3 packets.

Mark"*"with no number means that we are going to judge that subject.

Machine	Comments	Initial status	Configuration
HOST-2	Reference Machine	Is attached to Net-v with power turned off.	-
ROUTER-4	Reference Machine	Power is turned off. I/F-4w is attached to Net-w while I/F-4v is attached to Net-v.	Sends RA to Net-w and Net-v. Sends and receives RIPng.
ROUTER-3	Reference Machine	Power is turned off. I/F-3x is attached to Net-x while I/F-3w is attached to Net-w.	Sends RA to Net-x and Net-w. Sends and receives RIPng.
ROUTER-2	Reference Machine	Power is turned off. I/F-2y is attached to Net-y while I/F-2x is attached to Net-x.	Sends RA to Net-y and Net-x. Sends and receives RIPng.
ROUTER-1	Target Machine	Power is turned off. I/F-1z is attached to Net-z while I/F-1y is attached to Net-y.	Sends RA to Net-z and Net-y. Sends and receives RIPng.
HOST-1	Reference Machine	Is attached to Net-z with power turned off.	-

No.	Machine	Src	Dest	Protocol	Mode	SPI	AH auth	ESP enc	ESP auth	Upper	Port(Src/Dst)
1	ROUTER-1	Net-z	Net-v	AH	tunnel	1011	HMAC-MD5	-	-	any	-
	ROUTER-1	IF-1y	IF-4w	AH	tunnel	1012	HMAC-MD5	-	-	any	-
	ROUTER-3	IF-4w	IF-1y	AH	tunnel	2011	HMAC-MD5	-	-	any	-
	ROUTER-4	Net-v	Net-z	AH	tunnel	3012	HMAC-MD5	-	-	any	-
2	ROUTER-1	Net-z	Net-v	ESP	tunnel	1021	-	NULL	HMAC-MD5	any	-
	ROUTER-1	IF-1y	IF-4w	AH	tunnel	1022	HMAC-MD5	-	-	any	-
	ROUTER-3	IF-4w	IF-1y	AH	tunnel	2021	HMAC-MD5	-	-	any	-
	ROUTER-4	Net-v	Net-z	ESP	tunnel	3022	-	NULL	HMAC-MD5	any	-
3	ROUTER-1	Net-z	Net-v	AH	tunnel	1031	HMAC-MD5	-	-	any	-
	ROUTER-1	IF-1y	IF-4w	ESP	tunnel	1032	-	NULL	HMAC-MD5	any	-
	ROUTER-3	IF-4w	IF-1y	ESP	tunnel	5031	-	NULL	HMAC-MD5	any	-
	ROUTER-4	Net-v	Net-z	AH	tunnel	5032	HMAC-MD5	-	-	any	-
4	ROUTER-1	Net-z	Net-v	ESP	tunnel	1041	-	NULL	HMAC-MD5	any	-
	ROUTER-1	IF-1y	IF-4w	ESP	tunnel	1042	-	NULL	HMAC-MD5	any	-
	ROUTER-3	IF-4w	IF-1y	ESP	tunnel	5041	-	NULL	HMAC-MD5	any	-
	ROUTER-4	Net-v	Net-z	ESP	tunnel	5042	-	NULL	HMAC-MD5	any	-

No	Action	Criteria	Comments
Address auto configuration check.
1	Boot ROUTER-1.	-	-
2	Boot ROUTER-2	-	-
3	Boot ROUTER-3	-	-
4	Boot ROUTER-4	-	-
5	Boot HOST-1.	-	-
6	Boot HOST-2.	-	-
Availability confirmation.
7	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 1452 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 1452 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2.	ROUTER-1, ROUTER-3 and ROUTER-4 don't use IPsec.
IPsec duplicate tunnels [IP3][AH][IP2][AH][IP1]
8	At ROUTER-1 set configuration #1	-	-
9	At ROUTER-2 set configuration #1	-	-
10	At ROUTER-3 set configuration #1	-	-
11	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH).	IP1 [SRC = HOST-1/HOST-2] - [DST = HOST-2/HOST-1] IP2 [SRC = IF-1y/IF-4w] - [DST = IF-4w/IF-1y] IP3 [SRC = IF-1y/IF-3x] - [DST = IF-3x/IF-1y]
12	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH).	Original packet will be fragmented to 2 packets.
13	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH).	Original packet will be fragmented to 3 packets.
IPsec duplicate tunnels [IP3][AH][IP2][ESP][IP1]
14	At ROUTER-1 set configuration #2	-	-
15	At ROUTER-2 set configuration #2	-	-
16	At ROUTER-3 set configuration #2	-	-
17	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH).	IP1 [SRC = HOST-1/HOST-2] -[DST = HOST-2/HOST-1] IP2 [SRC = IF-1y/IF-4w] - [DST = IF-4w/IF-1y] IP3 [SRC = IF-1y/IF-3x] -[DST = IF-3x/IF-1y]
18	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2 Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH).	Original packet will be fragmented to 2 packets.
19	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (AH).	Original packet will be fragmented to 3 packets.
IPsec duplicate tunnels [IP3][ESP][IP2][AH][IP1]
20	At ROUTER-1 set configuration #3	-	-
21	At ROUTER-2 set configuration #3	-	-
22	At ROUTER-3 set configuration #3	-	-
23	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP).	IP1 [SRC = HOST-1/HOST-2] - [DST = HOST-2/HOST-1] IP2 [SRC = IF-1y/IF-4w] - [DST = IF-4w/IF-1y] IP3 [SRC = IF-1y/IF-3x] - [DST = IF-3x/IF-1y]
24	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2 Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP).	Original packet will be fragmented to 2 packets.
25	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (AH). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP).	Original packet will be fragmented to 3 packets.
IPsec duplicate tunnels [IP3][ESP][IP2][ESP][IP1]
26	At ROUTER-1 set configuration #4	-	-
27	At ROUTER-2 set configuration #4	-	-
28	At ROUTER-3 set configuration #4	-	-
29	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 64 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP).	IP1 [SRC = HOST-1/HOST-2] - [DST = HOST-2/HOST-1] IP2 [SRC = IF-1y/IF-4w] - [DST = IF-4w/IF-1y] IP3 [SRC = IF-1y/IF-3x] - [DST = IF-3x/IF-1y]
30	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 2000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 2000 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2 Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP).	Original packet will be fragmented to 2 packets.
31	At HOST-1, run "ping" to HOST-2. Repeat 10 times, with 3000 bytes ICMP payload, interval 1 second. Ex) # ping6 -I ed0 -s 3000 -i 1 -c 10 HOST-2.	HOST-1 sends ICMP Echo Request to HOST-2. HOST-1 receives ICMP Echo Reply from HOST-2. Original packet[IP1] is encapsulated between ROUTER-1 and ROUTER-4 [IP2] (ESP). [IP2] is encapsulated between ROUTER-1 and ROUTER-3 [IP3] (ESP).	Original packet will be fragmented to 3 packets.

IPsec tunnel mode to IPsec tunnel mode (Security Gateway) [IP3][AH/ESP][IP2][AH/ESP][IP1]

[Interoperability Test Scenario]

IPsec tunnel mode to IPsec tunnel mode (Security Gateway)
[IP3][AH/ESP][IP2][AH/ESP][IP1]