No.Title ResultLogScriptDump

Section EN-I. End Node - Initiator




Sub-Section 1. Endpoint-to-Endpoint Transport



1Global SetupPASSXXLink0

Group 1. The Initial Exchanges




Sub-Group 1. Header and Payload Formats



2Test IKEv2.EN.I.1.1.1.1: Sending IKE_SA_INIT requestFAILXXLink0
3Test IKEv2.EN.I.1.1.1.2: Sending IKE_AUTH requestFAILXXLink0
4Test IKEv2.EN.I.1.1.1.3: Use of CHILD_SASIGNAL (2)XXLink0

Sub-Group 2. Use of Retransmission Timers



5Test IKEv2.EN.I.1.1.2.1: Retransmission of IKE_SA_INIT requestTBDXXLink0
6Test IKEv2.EN.I.1.1.2.2: Stop of retransmission of IKE_SA_INIT requestTBDXXLink0
7Test IKEv2.EN.I.1.1.2.3: Retransmission of IKE_AUTH requestTBDXXLink0
8Test IKEv2.EN.I.1.1.2.4: Stop of retransmission of IKE_AUTH requestTBDXXLink0

Sub-Group 3. State Synchronization and Connection Timeouts



9Test IKEv2.EN.I.1.1.3.1: State Synchronization with ICMP messageTBDXXLink0
10Test IKEv2.EN.I.1.1.3.2: State Synchronization with IKE messageTBDXXLink0
11Test IKEv2.EN.I.1.1.3.3: Close Connection when repeated attempts failTBDXXLink0
12Test IKEv2.EN.I.1.1.3.4: Close Connection when receiving INITIAL_CONTACTTBDXXLink0
13Test IKEv2.EN.I.1.1.3.5: Sending Liveness checkTBDXXLink0
14Test IKEv2.EN.I.1.1.3.6: Sending Delete Payload for IKE_SATBDXXLink0
15Test IKEv2.EN.I.1.1.3.7: Sending Delete Payload for CHILD_SATBDXXLink0
16Test IKEv2.EN.I.1.1.3.8: Sending Liveness check with unprotected messagesTBDXXLink0

Sub-Group 4. Version Numbers and Forward Compatibility




Test IKEv2.EN.I.1.1.4.1: Unrecognized payload types and critical bit is not set



17Test IKEv2.EN.I.1.1.4.1 Part A: Invalid payload type 1TBDXXLink0
18Test IKEv2.EN.I.1.1.4.1 Part B: Invalid payload type 32TBDXXLink0
19Test IKEv2.EN.I.1.1.4.1 Part C: Invalid payload type 49TBDXXLink0
20Test IKEv2.EN.I.1.1.4.1 Part D: Invalid payload type 255TBDXXLink0

Test IKEv2.EN.I.1.1.4.2: Unrecognized payload types and critical bit is set



21Test IKEv2.EN.I.1.1.4.2 Part A: Invalid payload type 1TBDXXLink0
22Test IKEv2.EN.I.1.1.4.2 Part B: Invalid payload type 32TBDXXLink0
23Test IKEv2.EN.I.1.1.4.2 Part C: Invalid payload type 49TBDXXLink0
24Test IKEv2.EN.I.1.1.4.2 Part D: Invalid payload type 255TBDXXLink0

Sub-Group 5. Cookies



25Test IKEv2.EN.I.1.1.5.1: Retrying IKE_SA_INIT request with a Notify payload of type COOKIETBDXXLink0
26Test IKEv2.EN.I.1.1.5.2: Interaction of COOKIE and INVALID_KE_PAYLOADTBDXXLink0
27Test IKEv2.EN.I.1.1.5.3: Interaction of COOKIE and INVALID_KE_PAYLOAD with unoptimized ResponderTBDXXLink0

Sub-Group 6. Cryptographic Algorithm Negotiation




Test IKEv2.EN.I.1.1.6.1: Cryptographic Algorithm Negotiation for IKE_SA



28Test IKEv2.EN.I.1.1.6.1 Part A: Encryption Algorithm ENCR_AES_CBCTBDXXLink0
29Test IKEv2.EN.I.1.1.6.1 Part B: Encryption Algorithm ENCR_AES_CTRTBDXXLink0
30Test IKEv2.EN.I.1.1.6.1 Part C: Pseudo-random Function PRF_AES128_XCBCTBDXXLink0
31Test IKEv2.EN.I.1.1.6.1 Part D: Integrity Algorithm AUTH_AES_XCBC_96TBDXXLink0
32Test IKEv2.EN.I.1.1.6.1 Part E: D-H Group Group 14TBDXXLink0

Test IKEv2.EN.I.1.1.6.2: Cryptographic Algorithm Negotiation for CHILD_SA



33Test IKEv2.EN.I.1.1.6.2 Part A: Encryption Algorithm ENCR_AES_CBCTBDXXLink0
34Test IKEv2.EN.I.1.1.6.2 Part B: Encryption Algorithm ENCR_AES_CTRTBDXXLink0
35Test IKEv2.EN.I.1.1.6.2 Part C: Encryption Algorithm ENCR_NULLTBDXXLink0
36Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96TBDXXLink0
37Test IKEv2.EN.I.1.1.6.2 Part E: Integrity Algorithm NONETBDXXLink0
38Test IKEv2.EN.I.1.1.6.2 Part F: Extended Sequence NumbersTBDXXLink0

Test IKEv2.EN.I.1.1.6.3: Sending Multiple Transforms for IKE_SA



39Test IKEv2.EN.I.1.1.6.3 Part A: Multiple Encryption AlgorithmsTBDXXLink0
40Test IKEv2.EN.I.1.1.6.3 Part B: Multiple Pseudo-random FunctionsTBDXXLink0
41Test IKEv2.EN.I.1.1.6.3 Part C: Multiple Integrity AlgorithmsTBDXXLink0
42Test IKEv2.EN.I.1.1.6.3 Part D: Multiple D-H GroupsTBDXXLink0
43Test IKEv2.EN.I.1.1.6.4: Multiple Proposals for IKE_SATBDXXLink0

Test IKEv2.EN.I.1.1.6.5: Sending Multiple Transforms for CHILD_SA



44Test IKEv2.EN.I.1.1.6.5 Part A: Multiple Encryption AlgorithmsTBDXXLink0
45Test IKEv2.EN.I.1.1.6.5 Part B: Multiple Integrity AlgorithmsTBDXXLink0
46Test IKEv2.EN.I.1.1.6.5 Part C: Multiple Extended Sequence NumbersTBDXXLink0
47Test IKEv2.EN.I.1.1.6.6: Sending Multiple ProposalsTBDXXLink0
48Test IKEv2.EN.I.1.1.6.7: Receipt of INVALID_KE_PAYLOADTBDXXLink0
49Test IKEv2.EN.I.1.1.6.8: Receipt of NO_PROPOSAL_CHOSENTBDXXLink0
50Test IKEv2.EN.I.1.1.6.9: Response with inconsistent SA Proposal for IKE_SATBDXXLink0
51Test IKEv2.EN.I.1.1.6.10: Response with inconsistent SA Proposal for CHILD_SATBDXXLink0
52Test IKEv2.EN.I.1.1.6.11 Part A: Receiving IKE_SA_INIT response with INVALID_KE_PAYLOADTBDXXLink0
53Test IKEv2.EN.I.1.1.6.11 Part B: Receiving IKE_SA_INIT response with INVALID_KE_PAYLOADTBDXXLink0
54Test IKEv2.EN.I.1.1.6.12: Creating an IKE_SA without a CHILD_SATBDXXLink0

Sub-Group 7. Traffic Selector Negotiation



55Test IKEv2.EN.I.1.1.7.1: Narrowing the range of members of the set of traffic selectorsTBDXXLink0

Sub-Group 8. Error Handling



56Test IKEv2.EN.I.1.1.8.1 Part A: INVALID_IKE_SPI Different IKE_SA Initiator's SPITBDXXLink0
57Test IKEv2.EN.I.1.1.8.1 Part B: INVALID_IKE_SPI Different IKE_SA Responder's SPITBDXXLink0
58Test IKEv2.EN.I.1.1.8.2: INVALID_SELECTORSTBDXXLink0

Sub-Group 10. Authentication of the IKE_SA



59Test IKEv2.EN.I.1.1.10.1: Sending Certificate PayloadTBDXXLink0
60Test IKEv2.EN.I.1.1.10.2: Sending Certificate Request PayloadTBDXXLink0
61Test IKEv2.EN.I.1.1.10.3: RSA Digital SignatureTBDXXLink0
62Test IKEv2.EN.I.1.1.10.4: HEX string PSKTBDXXLink0

Sub-Group 11. Invalid Values



63Test IKEv2.EN.I.1.1.11.1: Non zero RESERVED fields in IKE_SA_INIT responseTBDXXLink0
64Test IKEv2.EN.I.1.1.11.2: Non zero RESERVED fields in IKE_AUTH responseTBDXXLink0
65Test IKEv2.EN.I.1.1.11.3: Version bit is setTBDXXLink0
66Test IKEv2.EN.I.1.1.11.4: Unrecognized Notify Message Type of ErrorTBDXXLink0
67Test IKEv2.EN.I.1.1.11.5: Unrecognized Notify Message Type of StatusTBDXXLink0

Group 2. The CREATE_CHILD_SA Exchange




Sub-Group 1. Header and Payload Formats



68Test IKEv2.EN.I.1.2.1.1: Sending CREATE_CHILD_SA requestTBDXXLink0

Sub-Group 2. Use of Retransmission Timers



69Test IKEv2.EN.I.1.2.2.1: Retransmission of CREATE_CHILD_SA requestTBDXXLink0
70Test IKEv2.EN.I.1.2.2.2: Stop of retransmission of CREATE_CHILD_SA requestTBDXXLink0

Sub-Group 3. Rekeying



71Test IKEv2.EN.I.1.2.3.1: Close the replaced CHILD_SATBDXXLink0
72Test IKEv2.EN.I.1.2.3.2: Receipt of cryptographically valid message on the new SATBDXXLink0
73Test IKEv2.EN.I.1.2.3.3: Lifetime of CHILD_SA expiresTBDXXLink0
74Test IKEv2.EN.I.1.2.3.4 Part A: Sending Multiple Transform for Rekeying CHILD_SATBDXXLink0
75Test IKEv2.EN.I.1.2.3.4 Part B: Sending Multiple Transform for Rekeying CHILD_SATBDXXLink0
76Test IKEv2.EN.I.1.2.3.4 Part C: Sending Multiple Transform for Rekeying CHILD_SATBDXXLink0
77Test IKEv2.EN.I.1.2.3.5: Sending Multiple Proposal for Rekeying CHILD_SATBDXXLink0
78Test IKEv2.EN.I.1.2.3.6: Rekeying FailureTBDXXLink0
79Test IKEv2.EN.I.1.2.3.7: Perfect Forward SecrecyTBDXXLink0
80Test IKEv2.EN.I.1.2.3.8: Use of the old CHILD_SATBDXXLink0

Sub-Group 4. Rekeying IKE_SAs Using a CREATE_CHILD_SA exchange



81Test IKEv2.EN.I.1.2.4.1: Close the replaced IKE_SATBDXXLink0
82Test IKEv2.EN.I.1.2.4.2: Receipt of cryptographically valid message on the new IKE_SATBDXXLink0
83Test IKEv2.EN.I.1.2.4.3: Lifetime of IKE_SA expiresTBDXXLink0
84Test IKEv2.EN.I.1.2.4.4 Part A: Sending Multiple Transform for Rekeying IKE_SATBDXXLink0
85Test IKEv2.EN.I.1.2.4.4 Part B: Sending Multiple Transform for Rekeying IKE_SATBDXXLink0
86Test IKEv2.EN.I.1.2.4.4 Part C: Sending Multiple Transform for Rekeying IKE_SATBDXXLink0
87Test IKEv2.EN.I.1.2.4.4 Part D: Sending Multiple Transform for Rekeying IKE_SATBDXXLink0
88Test IKEv2.EN.I.1.2.4.5: Sending Multiple Proposal for Rekeying IKE_SATBDXXLink0
89Test IKEv2.EN.I.1.2.4.6: Use of the old IKE_SATBDXXLink0
90Test IKEv2.EN.I.1.2.4.7: Changing PRFs when rekeying IKE_SATBDXXLink0

Sub-Group 5. Creating New CHILD_SAs with the CREATE_CHILD_SA Exchange



91Test IKEv2.EN.I.1.2.5.1: Sending CREATE_CHILD_SA requestTBDXXLink0
92Test IKEv2.EN.I.1.2.5.2: Receipt of cryptographically valid message on the new SATBDXXLink0

Sub-Group 6. Exchange Collisions



93Test IKEv2.EN.I.1.2.6.1: Simulataneous CHILD_SA CloseTBDXXLink0
94Test IKEv2.EN.I.1.2.6.2: Simulataneous IKE_SA CloseTBDXXLink0
95Test IKEv2.EN.I.1.2.6.3: Simulataneous CHILD_SA RekeyingTBDXXLink0
96Test IKEv2.EN.I.1.2.6.4: Simulataneous CHILD_SA Rekeying with retransmissionTBDXXLink0
97Test IKEv2.EN.I.1.2.6.5: Simulataneous IKE_SA RekeyingTBDXXLink0
98Test IKEv2.EN.I.1.2.6.6: Simulataneous IKE_SA Rekeying with retransmissionTBDXXLink0
99Test IKEv2.EN.I.1.2.6.7: Closing and Rekeying CHILD_SATBDXXLink0
100Test IKEv2.EN.I.1.2.6.8: Closing a new CHILD_SATBDXXLink0
101Test IKEv2.EN.I.1.2.6.9: Rekeying a new CHILD_SATBDXXLink0
102Test IKEv2.EN.I.1.2.6.10: Rekeying an IKE_SA with half-open CHILD_SAsTBDXXLink0
103Test IKEv2.EN.I.1.2.6.11: Rekeying a CHILD_SA while rekeying an IKE_SATBDXXLink0
104Test IKEv2.EN.I.1.2.6.12: Rekeying an IKE_SA with half-closed CHILD_SAsTBDXXLink0
105Test IKEv2.EN.I.1.2.6.13: Closing a CHILD_SA while rekeying an IKE_SATBDXXLink0
106Test IKEv2.EN.I.1.2.6.14: Closing an IKE_SA while rekeying an IKE_SATBDXXLink0
107Test IKEv2.EN.I.1.2.6.15: Rekeying an IKE_SA while closing the IKE_SATBDXXLink0

Sub-Group 7. Non zero RESERVED fields



108Test IKEv2.EN.I.1.2.7.1: Non zero RESERVED fields in CREATE_CHILD_SA responseTBDXXLink0

Group 3. The INFORMATIONAL Exchange




Sub-Group 1. Header and Payload Formats



109Test IKEv2.EN.I.1.3.1.1: Sending INFORMATIONAL requestTBDXXLink0

Sub-Group 2. Use of Retransmission Timers



110Test IKEv2.EN.I.1.3.2.1: Retransmission of INFORMATIONAL requestTBDXXLink0
111Test IKEv2.EN.I.1.3.2.2: Stop of retransmission of INFORMATIONAL requestTBDXXLink0

Sub-Group 3. Non zero RESERVED fields



112Test IKEv2.EN.I.1.3.3.1: Non zero RESERVED fields in INFORMATIONAL responseTBDXXLink0

Sub-Group 4. Error Handling



113Test IKEv2.EN.I.1.3.4.1: INVALID_SPITBDXXLink0
114Global CleanupTBDXXLink0

Sub-Section 2. Endpoint to Security Gateway Tunnel



115Global SetupTBDXXLink0

Group 1. The Initial Exchanges




Sub-Group 1. Header and Payload Formats



116Test IKEv2.EN.I.2.1.1.1: Sending IKE_AUTH requestTBDXXLink0
117Test IKEv2.EN.I.2.1.1.2: Use of CHILD_SATBDXXLink0

Sub-Group 2. Requesting an Internal Address on a Remote Network



118Test IKEv2.EN.I.2.1.2.1: Sending CFG_REQUESTTBDXXLink0
119Test IKEv2.EN.I.2.1.2.2: Receipt of CFG_REPLYTBDXXLink0
120Test IKEv2.EN.I.2.1.2.3: Non zero RESERVED fileds in Configuration PayloadTBDXXLink0
121Test IKEv2.EN.I.2.1.2.4: Receiving IKE_AUTH response without CFG_REPLYTBDXXLink0
122Test IKEv2.EN.I.2.1.2.5: Receiving unrecognized Configuration AttributesTBDXXLink0
123Global CleanupTBDXXLink0

Section EN-R. End Node - Responder




Sub-Section 1. Endpoint-to-Endpoint Transport



124Global SetupTBDXXLink0

Group 1. The Initial Exchanges




Sub-Group 1. Header and Payload Formats



125Test IKEv2.EN.R.1.1.1.1: Sending IKE_SA_INIT responseTBDXXLink0
126Test IKEv2.EN.R.1.1.1.2: Sending IKE_AUTH responseTBDXXLink0
127Test IKEv2.EN.R.1.1.1.3: Use of CHILD_SATBDXXLink0

Sub-Group 2. Use of Retransmission Timers



128Test IKEv2.EN.R.1.1.2.1: Receipt of retransmitted IKE_SA_INIT requestTBDXXLink0
129Test IKEv2.EN.R.1.1.2.2: Receipt of retransmitted of IKE_AUTH requestTBDXXLink0

Sub-Group 3. State Synchronization and Connection Timeouts



130Test IKEv2.EN.R.1.1.3.1: State Synchronization with ICMP MessageTBDXXLink0
131Test IKEv2.EN.R.1.1.3.2: State Synchronization with IKE MessageTBDXXLink0
132Test IKEv2.EN.R.1.1.3.3: Close Connections when receiving INITIAL_CONTACTTBDXXLink0
133Test IKEv2.EN.R.1.1.3.4: Receiving Liveness checkTBDXXLink0
134Test IKEv2.EN.R.1.1.3.5: Receiving Delete Payload for IKE_SATBDXXLink0
135Test IKEv2.EN.R.1.1.3.6: Receiving Delete Payload for CHILD_SATBDXXLink0

Sub-Group 4. Version Numbers and Forward Compatibility



136Test IKEv2.EN.R.1.1.4.1: Receipt of a larger minor version numberTBDXXLink0
137Test IKEv2.EN.R.1.1.4.2: Receipt of a higher major version numberTBDXXLink0

Test IKEv2.EN.R.1.1.4.3: Unrecognized payload types and critical bit is not set



138Test IKEv2.EN.R.1.1.4.3 Part A: Invalid payload type 1TBDXXLink0
139Test IKEv2.EN.R.1.1.4.3 Part B: Invalid payload type 32TBDXXLink0
140Test IKEv2.EN.R.1.1.4.3 Part C: Invalid payload type 49TBDXXLink0
141Test IKEv2.EN.R.1.1.4.3 Part D: Invalid payload type 255TBDXXLink0

Test IKEv2.EN.R.1.1.4.4: Unrecognized payload types and critical bit is set



142Test IKEv2.EN.R.1.1.4.4 Part A: Invalid payload type 1TBDXXLink0
143Test IKEv2.EN.R.1.1.4.4 Part B: Invalid payload type 32TBDXXLink0
144Test IKEv2.EN.R.1.1.4.4 Part C: Invalid payload type 49TBDXXLink0
145Test IKEv2.EN.R.1.1.4.4 Part D: Invalid payload type 255TBDXXLink0
146Test IKEv2.EN.R.1.1.4.5: Invalid Payload OrderTBDXXLink0

Sub-Group 5. Cookies£´



147Test IKEv2.EN.R.1.1.5.1: CookiesTBDXXLink0
148Test IKEv2.EN.R.1.1.5.2: Invalid CookiesTBDXXLink0
149Test IKEv2.EN.R.1.1.5.3: Interaction of COOKIE and INVALID_KE_PAYLOADTBDXXLink0
150Test IKEv2.EN.R.1.1.5.4: Interaction of COOKIE and INVALID_KE_PAYLOAD with unoptimized InitiatorTBDXXLink0

Sub-Group 6. Cryptographic Algorithm Negotiation




Test IKEv2.EN.R.1.1.6.1: Cryptographic Algorithm Negotiation for IKE_SA



151Test IKEv2.EN.R.1.1.6.1 Part A: Encryption Algorithm ENCR_AES_CBCTBDXXLink0
152Test IKEv2.EN.R.1.1.6.1 Part B: Encryption Algorithm ENCR_AES_CTRTBDXXLink0
153Test IKEv2.EN.R.1.1.6.1 Part C: Pseudo-random Function PRF_AES128_XCBCTBDXXLink0
154Test IKEv2.EN.R.1.1.6.1 Part D: Integrity Algorithm AUTH_AES_XCBC_96TBDXXLink0
155Test IKEv2.EN.R.1.1.6.1 Part E: D-H Group Group 14TBDXXLink0

Test IKEv2.EN.R.1.1.6.2: Cryptographic Algorithm Negotiation for CHILD_SA



156Test IKEv2.EN.R.1.1.6.2 Part A: Encryption Algorithm ENCR_AES_CBCTBDXXLink0
157Test IKEv2.EN.R.1.1.6.2 Part B: Encryption Algorithm ENCR_AES_CTRTBDXXLink0
158Test IKEv2.EN.R.1.1.6.2 Part C: Encryption Algorithm ENCR_NULLTBDXXLink0
159Test IKEv2.EN.R.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96TBDXXLink0
160Test IKEv2.EN.R.1.1.6.2 Part E: Integrity Algorithm NONETBDXXLink0
161Test IKEv2.EN.R.1.1.6.2 Part F: Extended Sequence NumberTBDXXLink0

Test IKEv2.EN.R.1.1.6.3: Receiving Multiple Transforms for IKE_SA



162Test IKEv2.EN.R.1.1.6.3 Part A: Multiple Encryption AlgorithmsTBDXXLink0
163Test IKEv2.EN.R.1.1.6.3 Part B: Multiple Pseudo-Random FunctionsTBDXXLink0
164Test IKEv2.EN.R.1.1.6.3 Part C: Multiple Integrity AlgorithmsTBDXXLink0
165Test IKEv2.EN.R.1.1.6.3 Part D: Multiple D-H GroupsTBDXXLink0

Test IKEv2.EN.R.1.1.6.4: Receiving Multiple Proposals for IKE_SA



166Test IKEv2.EN.R.1.1.6.4 Part A: Multiple Proposals for IKE_SATBDXXLink0
167Test IKEv2.EN.R.1.1.6.4 Part B: Multiple Proposals for IKE_SATBDXXLink0
168Test IKEv2.EN.R.1.1.6.4 Part C: Multiple Proposals for IKE_SATBDXXLink0
169Test IKEv2.EN.R.1.1.6.4 Part D: Multiple Proposals for IKE_SATBDXXLink0

Test IKEv2.EN.R.1.1.6.5: Receiving Multiple Transforms for CHILD_SA



170Test IKEv2.EN.R.1.1.6.5 Part A: Multiple Encryption AlgorithmsTBDXXLink0
171Test IKEv2.EN.R.1.1.6.5 Part B: Multiple Integrity AlgorithmsTBDXXLink0
172Test IKEv2.EN.R.1.1.6.5 Part C: Multiple Extended Sequence NumbersTBDXXLink0

Test IKEv2.EN.R.1.1.6.6: Receiving Multiple Proposals for CHILD_SA



173Test IKEv2.EN.R.1.1.6.6 Part A: Receiving Multiple ProposalsTBDXXLink0
174Test IKEv2.EN.R.1.1.6.6 Part B: Receiving Multiple ProposalsTBDXXLink0
175Test IKEv2.EN.R.1.1.6.6 Part C: Receiving Multiple ProposalsTBDXXLink0
176Test IKEv2.EN.R.1.1.6.7: Sending of INVALID_KE_PAYLOADTBDXXLink0
177Test IKEv2.EN.R.1.1.6.8: INVALID_KE_PAYLOAD in the Initial ExchangeTBDXXLink0
178Test IKEv2.EN.R.1.1.6.9: Creating an IKE_SA without a CHILD_SATBDXXLink0

Sub-Group 7. Traffic Selector Negotiation



179Test IKEv2.EN.R.1.1.7.1: Narrowing the range of members of the set of traffic selectorsTBDXXLink0
180Test IKEv2.EN.R.1.1.7.2: TS_UNACCEPTABLETBDXXLink0
181Test IKEv2.EN.R.1.1.7.3: Narrowing multiple traffic selectorTBDXXLink0

Sub-Group 8. Error Handling




Test IKEv2.EN.R.1.1.8.1: INVALID_IKE_SPI



182Test IKEv2.EN.R.1.1.8.1 Part A: Different IKE_SA Initiator's SPITBDXXLink0
183Test IKEv2.EN.R.1.1.8.1 Part B: Different IKE_SA Responder's SPITBDXXLink0
184Test IKEv2.EN.R.1.1.8.2: INVALID_SYNTAXTBDXXLink0
185Test IKEv2.EN.R.1.1.8.3: INVALID_SELECTORSTBDXXLink0

Sub-Group 10. Authentication of the IKE_SA



186Test IKEv2.EN.R.1.1.10.1: Sending Certificate PayloadTBDXXLink0
187Test IKEv2.EN.R.1.1.10.2: Sending Certificate Request PayloadTBDXXLink0
188Test IKEv2.EN.R.1.1.10.3: RSA Digital SignatureTBDXXLink0
189Test IKEv2.EN.R.1.1.10.4: HEX string PSKTBDXXLink0

Sub-Group 11. Invalid Values



190Test IKEv2.EN.R.1.1.11.1: Non zero RESERVED fields in IKE_SA_INIT responseTBDXXLink0
191Test IKEv2.EN.R.1.1.11.2: Non zero RESERVED fields in IKE_AUTH responseTBDXXLink0
192Test IKEv2.EN.R.1.1.11.3: Version bit is setTBDXXLink0
193Test IKEv2.EN.R.1.1.11.4: Response bit is setTBDXXLink0
194Test IKEv2.EN.R.1.1.11.5 Part A: Unrecognized Notify Message TypeTBDXXLink0
195Test IKEv2.EN.R.1.1.11.5 Part B: Unrecognized Notify Message TypeTBDXXLink0

Group 2. The CREATE_CHILD_SA Exchange




Sub-Group 1. Header and Payload Formats



196Test IKEv2.EN.R.1.2.1.1: Receipt of CREATE_CHILD_SA requestTBDXXLink0

Sub-Group 2. Use of Retransmission Timers



197Test IKEv2.EN.R.1.2.2.1: Receipt of retransmitted CREATE_CHILD_SA requestTBDXXLink0

Sub-Group 3. State Synchronization and Connection Timeouts



198Test IKEv2.EN.R.1.2.3.1: Receiving Delete Payload for Multiple CHILD_SATBDXXLink0

Sub-Group 4. Cryptographic Algorithm Negotiation



199Test IKEv2.EN.R.1.2.4.1: Sending NO_PROPOSAL_CHOSEN for CREATE_CHILD_SATBDXXLink0

Sub-Group 5. Rekeying



200Test IKEv2.EN.R.1.2.5.1: Close the replaced CHILD_SATBDXXLink0
201Test IKEv2.EN.R.1.2.5.2: Receipt of cryptographically protected message on the old SA and the new SATBDXXLink0
202Test IKEv2.EN.R.1.2.5.3 Part A: Receiving Multiple Transform for Rekeying CHILD_SATBDXXLink0
203Test IKEv2.EN.R.1.2.5.3 Part B: Receiving Multiple Transform for Rekeying CHILD_SATBDXXLink0
204Test IKEv2.EN.R.1.2.5.3 Part C: Receiving Multiple Transform for Rekeying CHILD_SATBDXXLink0
205Test IKEv2.EN.R.1.2.5.4 Part A: Receiving Multiple Proposal for Rekeying CHILD_SATBDXXLink0
206Test IKEv2.EN.R.1.2.5.4 Part B: Receiving Multiple Proposal for Rekeying CHILD_SATBDXXLink0
207Test IKEv2.EN.R.1.2.5.4 Part C: Receiving Multiple Proposal for Rekeying CHILD_SATBDXXLink0
208Test IKEv2.EN.R.1.2.5.5: Perfect Forward SecrecyTBDXXLink0
209Test IKEv2.EN.R.1.2.5.6: Use of the old CHILD_SATBDXXLink0

Sub-Group 6. Rekeying IKE_SAs Using a CREATE_CHILD_SA exchange



210Test IKEv2.EN.R.1.2.6.1: Sending CREATE_CHILD_SA responseTBDXXLink0
211Test IKEv2.EN.R.1.2.6.2: Receipt of cryptographically valid message on the old IKE_SATBDXXLink0
212Test IKEv2.EN.R.1.2.6.3: Use of the old IKE_SATBDXXLink0
213Test IKEv2.EN.R.1.2.6.4: Close the replaced IKE_SATBDXXLink0
214Test IKEv2.EN.R.1.2.6.5 Part A: Receiving Multiple Transform for Rekeying IKE_SATBDXXLink0
215Test IKEv2.EN.R.1.2.6.5 Part B: Receiving Multiple Transform for Rekeying IKE_SATBDXXLink0
216Test IKEv2.EN.R.1.2.6.5 Part C: Receiving Multiple Transform for Rekeying IKE_SATBDXXLink0
217Test IKEv2.EN.R.1.2.6.5 Part D: Receiving Multiple Transform for Rekeying IKE_SATBDXXLink0
218Test IKEv2.EN.R.1.2.6.6 Part A: Receiving Multiple Proposal for Rekeying IKE_SATBDXXLink0
219Test IKEv2.EN.R.1.2.6.6 Part B: Receiving Multiple Proposal for Rekeying IKE_SATBDXXLink0
220Test IKEv2.EN.R.1.2.6.6 Part C: Receiving Multiple Proposal for Rekeying IKE_SATBDXXLink0
221Test IKEv2.EN.R.1.2.6.6 Part D: Receiving Multiple Proposal for Rekeying IKE_SATBDXXLink0
222Test IKEv2.EN.R.1.2.6.7: Changing PRFs when rekeying the IKE_SATBDXXLink0
223Test IKEv2.EN.R.1.2.6.8: D-H Transform NONE when rekeying the iKE_SATBDXXLink0

Sub-Group 7. Creating new CHILD_SAs using CREATE_CHILD_SA exchange



224Test IKEv2.EN.R.1.2.7.1: Receipt of cryptographically valid message on the new CHILD_SATBDXXLink0

Sub-Group 8. Error Handling




Test IKEv2.EN.R.1.2.8.1: AUTHENTICATION_FAILED



225Test IKEv2.EN.R.1.2.8.1 Part A: Authentication DataTBDXXLink0
226Test IKEv2.EN.R.1.2.8.1 Part B: Authentication MethodTBDXXLink0

Sub-Group 9. Non zero RESERVED fields



227Test IKEv2.EN.R.1.2.9.1: Non zero RESERVED fields in CREATE_CHILD_SA responseTBDXXLink0

Group 3. The INFORMATIONAL Exchange




Sub-Group 1. Header and Payload Formats



228Test IKEv2.EN.R.1.3.1.1: Sending INFORMATIONAL requestTBDXXLink0

Sub-Group 2. Use of Retransmission Timers



229Test IKEv2.EN.R.1.3.2.1: Retransmission of INFORMATIONAL requestTBDXXLink0

Sub-Group 3. Non zero RESERVED fields



230Test IKEv2.EN.R.1.3.3.1: Non zero RESERVED fields in INFORMATIONAL responseTBDXXLink0
231Global CleanupTBDXXLink0

Sub-Section 2. Endpoint to Security Gateway Tunnel



232Global SetupTBDXXLink0

Group 1. The Initial Exchanges




Sub-Group 1. Header and Payload Formats



233Test IKEv2.EN.R.2.1.1.1: Receipt of IKE_AUTH requestTBDXXLink0
234Test IKEv2.EN.R.2.1.1.2: Use of CHILD_SATBDXXLink0
235Global CleanupTBDXXLink0