IKE Identifier
with AH Transport mode (HOST)
[IP][AH]

[Interoperability Test Scenario]

Last Update: February 24, 2001

This scenario verifies interoperability when the target HOST is attached to the model network.

Subjects:

Verification of host's action.
IKE with IPsec Authentication Header transport mode.

Verification Points

Parameter Value

IKE PH-1 ID IP address (HOST)

IP address (Network)

FQDN

Mail address

Key-ID

PH-2 ID IP address (HOST)

IP address (Network)

IP address (Range)

FQDN

Mail address

Key-ID

Fixed Parameters

Parameter Value

IKE Exchange mode Aggressive mode

Authentication method Pre-Shared key (DH group 1)

Phase-1 lifetime 24 hour

Phase-2 lifetime 24 hour

Hash Algorithm MD5

Encryption Algorithm DES

IPsec Authentication algorithm HMAC-MD5

MODE Transport

Granularity Host

Physical Network Configuration:

  (3ffe:501:481d:f002::11) (3ffe:501:481d:f002::12)
         HOST-2                  HOST-3
           |(HIF-2y)               |(HIF-3y)
           |                       |
(Net-y)  --+-----------+-----------+-- (3ffe:501:481d:f002::/64)
                       |
                       |(I/F-y) (3ffe:501:481d:f002::1)
                    ROUTER-1
                       |(I/F-z) (3ffe:501:481d:f001::1)
                       |
(Net-z)      ----+-----+------------- (3ffe:501:481d:f001::/64)
                 |
                 |(HIF-1z) (3ffe:501:481d:f001::11)
               HOST-1

Network	Prefix	Network media
Net-y	3ffe:501:481d:f002::/64	Ethernet 10BASE-T
Net-z	3ffe:501:481d:f001::/64	Ethernet 10BASE-T

Test Machine:

Machine Comments Initial status Configuration

HOST-3 Reference Machine Is attached to Net-y with power turned off. -

HOST-2 Reference Machine Is attached to Net-y with power turned off. -
ROUTER-1 Reference Machine Power is turned off.
I/F-z is attached to Net-z while I/F-y is attached to Net-y. Sends RA to Net-x, Net-z and Net-y.

OST-1 Target Machine Is attached to Net-z with power turned off. -

Configuration list:

*DH Key = Diffie-Hellman shared key
*Hash Alg = IKE Authentication Algorithm
*Enc Alg = IKE Encryption Algorithm
*PH1 Lifetime = Phase-1 Lifetime
*PH2 Lifetime = Phase-2 Lifetime
*Protocol = Security Protocol
*AH auth = AH Authentication Algorithm
*Auth Method = Authentication Method
*Upper = Upper Layer Protocol

No. Machine Src Dest IKE IPsec

Exchange
mode
PH1
Local ID

PH1
Remote ID

PH2
Local ID｡｡

PH2
Remote ID
Auth
Method DH Key Hash
Alg Enc
Alg PH1
Lifetime PH2
Lifetime Protocol Mode AH auth Upper

1
HOST-1 HIF-1z HIF-2y Aggressive 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

2
HOST-1 HIF-1z HIF-2y Aggressive 3ffe:501:481d:f001::/64 3ffe:501:481d:f002::/64 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive 3ffe:501:481d:f002::/64 3ffe:501:481d:f001::/64 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

3
HOST-1 HIF-1z HIF-2y Aggressive host1.test.tahi.org host2.test.tahi.org 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive host2.test.tahi.org host1.test.tahi.org 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

4
HOST-1 HIF-1z HIF-2y Aggressive ike1@test.tahi.org ike2@test.tahi.org 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive ike2@test.tahi.org ike1@test.tahi.org 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

5
HOST-1 HIF-1z HIF-2y Aggressive host1.key host2.key 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive host2.key host1.key 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

6
HOST-1 HIF-1z HIF-2y Aggressive 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 3ffe:501:481d:f001::/64 3ffe:501:481d:f002::/64 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 3ffe:501:481d:f002::/64 3ffe:501:481d:f001::/64 DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

7
HOST-1 HIF-1z HIF-2y Aggressive 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 3ffe:501:481d:f001::1-3ffe:501:481d:f001::ffff 3ffe:501:481d:f002:1-3ffe:501:481d:f002::ffff DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 3ffe:501:481d:f002:1-3ffe:501:481d:f002::ffff 3ffe:501:481d:f001::1-3ffe:501:481d:f001::ffff DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

8
HOST-1 HIF-1z HIF-2y Aggressive 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 host1.test.tahi.org host2.test.tahi.org DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 host2.test.tahi.org host1.test.tahi.org DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

9
HOST-1 HIF-1z HIF-2y Aggressive 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 ike1@test.tahi.org ike2@test.tahi.org DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 ike2@test.tahi.org ike1@test.tahi.org DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

10
HOST-1 HIF-1z HIF-2y Aggressive 3ffe:501:481d:f001::11 3ffe:501:481d:f002::11 host1.key host2.key DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

HOST-2 HIF-2y HIF-1z Aggressive 3ffe:501:481d:f002::11 3ffe:501:481d:f001::11 host2.key host1.key DH(1) IKE-TEST MD5 DES 24 Hour 24 Hour AH Transport HMAC-MD5 any

Applications:
ping program (ping)

NOTE:
We select these applications, as typical application for each protocol (ICMP/UDP/TCP).
In this scenario, it is not a subject to verify each application in detail.

Interoperability check

No Action Criteria Comments

Address auto configuration check.

1 Boot ROUTER-1. - -

2 Boot HOST-1. - -

3 Boot HOST-2. - -

4 Boot HOST-3. - -

Availability confirmation.

5 At HOST-2, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 10 HOST-1 *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1. HOST-2 and HOST-1 don't use IPsec.

6 At HOST-3, run "ping" to HOST-1.
Repeat 10 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 10 HOST-1 *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1. HOST-3 and HOST-1 don't use IPsec.

IPsec transport [IP][AH]
(IKE PH1 Auth ID=IP address(HOST))
(IKE PH2 Auth ID=IP address(HOST))

7 At HOST-1 set configuration #1 - -

8 At HOST-2 set configuration #1 - -

9 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

10 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
HOST-3 and HOST-1 don't use IPsec.

IPsec transport [IP][AH]
(IKE PH1 Auth ID=IP address(Network))
(IKE PH2 Auth ID=IP address(HOST))

11 At HOST-1 set configuration #2 - -

12 At HOST-2 set configuration #2 - -

13 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

14 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
HOST-3 and HOST-1 don't use IPsec.

IPsec transport [IP][AH]
(IKE PH1 Auth ID=FQDN)
(IKE PH2 Auth ID=IP address(HOST))

15 At HOST-1 set configuration #3 - -

16 At HOST-2 set configuration #3 - -

17 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

18 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*Original packets go through between HOST-1 and HOST-3.
HOST-3 and HOST-1 don't use IPsec.

IPsec transport [IP][AH]
(IKE PH1 Auth ID=Mail address)
(IKE PH2 Auth ID=IP address(HOST))

19 At HOST-1 set configuration #4 - -

20 At HOST-2 set configuration #4 - -

21 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

22 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3. HOST-3 and HOST-1 don't use IPsec

IPsec transport [IP][AH]
(IKE PH1 Auth ID=Key-ID)
(IKE PH2 Auth ID=IP address(HOST))

23 At HOST-1 set configuration #5 - -

24 At HOST-2 set configuration #5 - -

25 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

26 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3. HOST-3 and HOST-1 don't use IPsec

IPsec transport [IP][AH]
(IKE PH1 Auth ID=IP address(HOST))
(IKE PH2 Auth ID=IP address(Network))

27 At HOST-1 set configuration #6 - -

28 At HOST-2 set configuration #6 - -

29 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

30 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3. HOST-3 and HOST-1 don't use IPsec

IPsec transport [IP][AH]
(IKE PH1 Auth ID=IP address(HOST))
(IKE PH2 Auth ID=IP address(Range))

31 At HOST-1 set configuration #7 - -

32 At HOST-2 set configuration #7 - -

33 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

34 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3. HOST-3 and HOST-1 don't use IPsec

IPsec transport [IP][AH]
(IKE PH1 Auth ID=IP address(HOST))
(IKE PH2 Auth ID=FQDN)

35 At HOST-1 set configuration #8 - -

36 At HOST-2 set configuration #8 - -

37 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

38 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3. HOST-3 and HOST-1 don't use IPsec

IPsec transport [IP][AH]
(IKE PH1 Auth ID=IP address(HOST))
(IKE PH2 Auth ID=Mail address)

39 At HOST-1 set configuration #9 - -

40 At HOST-2 set configuration #9 - -

41 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

42 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3. HOST-3 and HOST-1 don't use IPsec

IPsec transport [IP][AH]
(IKE PH1 Auth ID=IP address(HOST))
(IKE PH2 Auth ID=Key-ID)

43 At HOST-1 set configuration #10 - -

44 At HOST-2 set configuration #10 - -

45 At HOST-2, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-2 sends ICMP Echo Request to HOST-1.
*HOST-2 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-2. AH transport between HOST-1 and HOST-2.(HMAC-MD5)
HOST-2 <-> HOST-1
(ICMP)

46 At HOST-3, run "ping" to HOST-1.
Repeat 20 times, with 64 bytes ICMP payload, interval 1 second.
Ex) # ping6 -s 64 -i 1 -c 20 HOST-1. *HOST-3 sends ICMP Echo Request to HOST-1.
*HOST-3 receives ICMP Echo Reply from HOST-1.
*AH is attached to original packet between HOST-1 and HOST-3. HOST-3 and HOST-1 don't use IPsec

Mark"*"with no number means that we are going to judge that subject.

Parameter			Value
IKE	PH-1	ID	IP address (HOST)
			IP address (Network)
			FQDN
			Mail address
			Key-ID
	PH-2	ID	IP address (HOST)
			IP address (Network)
			IP address (Range)
			FQDN
			Mail address
			Key-ID

Parameter		Value
IKE	Exchange mode	Aggressive mode
	Authentication method	Pre-Shared key (DH group 1)
	Phase-1 lifetime	24 hour
	Phase-2 lifetime	24 hour
	Hash Algorithm	MD5
	Encryption Algorithm	DES
IPsec	Authentication algorithm	HMAC-MD5
	MODE	Transport
	Granularity	Host

Machine	Comments	Initial status	Configuration
HOST-3	Reference Machine	Is attached to Net-y with power turned off.	-
HOST-2	Reference Machine	Is attached to Net-y with power turned off.	-
ROUTER-1	Reference Machine	Power is turned off. I/F-z is attached to Net-z while I/F-y is attached to Net-y.	Sends RA to Net-x, Net-z and Net-y.
OST-1	Target Machine	Is attached to Net-z with power turned off.	-

No	Action	Criteria	Comments
Address auto configuration check.
1	Boot ROUTER-1.	-	-
2	Boot HOST-1.	-	-
3	Boot HOST-2.	-	-
4	Boot HOST-3.	-	-
Availability confirmation.
5	At HOST-2, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 10 HOST-1	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1.	HOST-2 and HOST-1 don't use IPsec.
6	At HOST-3, run "ping" to HOST-1. Repeat 10 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 10 HOST-1	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1.	HOST-3 and HOST-1 don't use IPsec.
IPsec transport [IP][AH] (IKE PH1 Auth ID=IP address(HOST)) (IKE PH2 Auth ID=IP address(HOST))
7	At HOST-1 set configuration #1	-	-
8	At HOST-2 set configuration #1	-	-
9	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
10	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec.
IPsec transport [IP][AH] (IKE PH1 Auth ID=IP address(Network)) (IKE PH2 Auth ID=IP address(HOST))
11	At HOST-1 set configuration #2	-	-
12	At HOST-2 set configuration #2	-	-
13	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
14	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec.
IPsec transport [IP][AH] (IKE PH1 Auth ID=FQDN) (IKE PH2 Auth ID=IP address(HOST))
15	At HOST-1 set configuration #3	-	-
16	At HOST-2 set configuration #3	-	-
17	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
18	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *Original packets go through between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec.
IPsec transport [IP][AH] (IKE PH1 Auth ID=Mail address) (IKE PH2 Auth ID=IP address(HOST))
19	At HOST-1 set configuration #4	-	-
20	At HOST-2 set configuration #4	-	-
21	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
22	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec
IPsec transport [IP][AH] (IKE PH1 Auth ID=Key-ID) (IKE PH2 Auth ID=IP address(HOST))
23	At HOST-1 set configuration #5	-	-
24	At HOST-2 set configuration #5	-	-
25	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
26	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec
IPsec transport [IP][AH] (IKE PH1 Auth ID=IP address(HOST)) (IKE PH2 Auth ID=IP address(Network))
27	At HOST-1 set configuration #6	-	-
28	At HOST-2 set configuration #6	-	-
29	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
30	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec
IPsec transport [IP][AH] (IKE PH1 Auth ID=IP address(HOST)) (IKE PH2 Auth ID=IP address(Range))
31	At HOST-1 set configuration #7	-	-
32	At HOST-2 set configuration #7	-	-
33	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
34	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec
IPsec transport [IP][AH] (IKE PH1 Auth ID=IP address(HOST)) (IKE PH2 Auth ID=FQDN)
35	At HOST-1 set configuration #8	-	-
36	At HOST-2 set configuration #8	-	-
37	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
38	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec
IPsec transport [IP][AH] (IKE PH1 Auth ID=IP address(HOST)) (IKE PH2 Auth ID=Mail address)
39	At HOST-1 set configuration #9	-	-
40	At HOST-2 set configuration #9	-	-
41	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
42	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec
IPsec transport [IP][AH] (IKE PH1 Auth ID=IP address(HOST)) (IKE PH2 Auth ID=Key-ID)
43	At HOST-1 set configuration #10	-	-
44	At HOST-2 set configuration #10	-	-
45	At HOST-2, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-2 sends ICMP Echo Request to HOST-1. HOST-2 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-2.	AH transport between HOST-1 and HOST-2.(HMAC-MD5) HOST-2 <-> HOST-1 (ICMP)
46	At HOST-3, run "ping" to HOST-1. Repeat 20 times, with 64 bytes ICMP payload, interval 1 second. Ex) # ping6 -s 64 -i 1 -c 20 HOST-1.	HOST-3 sends ICMP Echo Request to HOST-1. HOST-3 receives ICMP Echo Reply from HOST-1. *AH is attached to original packet between HOST-1 and HOST-3.	HOST-3 and HOST-1 don't use IPsec

IKE Identifier with AH Transport mode (HOST)[IP][AH]

[Interoperability Test Scenario]

IKE Identifier
with AH Transport mode (HOST)
[IP][AH]