IKE test

last update Sep. 26, 2007


Status of IKEv1 for IPv6 Ready Logo Program


Requirement


parameter

BASIC

ADVANCED

Exchange type

Phase-1

Main mode

Aggressive mode

Phase-2

Quick mode

-

ISAKMP SA

Encryption Algorithm *1

3DES-CBC

DES-CBC, AES-CBC (128bit)

Hash Algorithm

SHA1

MD5

Authentication Method

Pre-shared key

Digital Signature (RSA)

Diffie-Hellman Group

2

1,5,14

Life Type

Seconds

-

IPsec SA

Encapsulation mode

End-Node

Transport

Tunnel

SGW

Tunnel

-

Security Protocol

ESP with Authentication

ESP
(without Authentication)

Encryption Algorithm

3DES-CBC

DES-CBC ,AES-CBC (128bit), ESP-NULL

Hash Algorithm

HMAC-SHA1

HMAC-MD5 ,
AES-XCBC

Life Type

Seconds

-

IKE Phase-1

Sending multiple proposal

-

Support

IKE Phase-2

PFS

-

Support

Commit bit

-

Support

Re-key

Support

-

Sending multiple proposal

-

Support

IPsec Transmission

Encapsulation mode

End-Node

Transport

Tunnel

SGW

Tunnel

-

Security Protocol

ESP with Authentication

ESP
(without Authentication)

Encryption Algorithm

3DES-CBC

DES-CBC ,AES-CBC (128bit), ESP-NULL

Hash Algorithm

HMAC-SHA1

HMAC-MD5 ,
AES-XCBC

Anti-replay

Sender

Receiver


Guidelines for Implementation and Priorities in Testing


IKEv1 Test Specification rev 1.0


Test Suite

The Test Suite correspondent to above specificaion is available.
If you want to try it, prepare a FreeBSD/i386 (6.2-RELEASE or higher) install PC and install both of TAHI platform and Test scripts listed below.

IPv6 Forum, IPv6 Logo Comittee