Title

  Test IKEv2.EN.R.2.1.1.2: Use of CHILD_SA
  Part A: (BASIC)


Purpose

  To verify an IKEv2 device properly handles the Initial Exchanges using Pre-shared key


References

  * [RFC 4306] - Sections 1.2


Test Setup

  * Network Topology
     Connect the devices according to the Common Topology.
  * Configuration
     In each part, configure the devices according to the Common Configuration. 
  * Pre-Sequence and Cleanup Sequence
     IKEv2 on the NUT is disabled after each part.


Procedure

   NUT            TN1           TH1
(End-Node)       (SGW)         (Host)
    |              |             |
    |------------->|             | IKE_SA_INIT request (HDR, SAi1, KEi, Ni)
    |              |             | (Packet #1)
    |<-------------|             | IKE_SA_INIT Response (HDR, SAr1, KEr, Nr)
    |              |             | (Judgement #1)
    |              |             |
    |------------->|             | IKE_AUTH request (HDR, SK {IDi, AUTH, SAi2, TSi, TSr})
    |              |             | (Packet #2)
    |<-------------|             | IKE_AUTH Response (HDR, SK {IDr, AUTH, SAr2, TSi, TSr})
    |              |             | (Judgement #2)
    |              |             |
    |<=============+-------------| IPSec {Echo Request}
    |              |             | (Packet #3)
    |==============+------------>| IPSec {Echo Reply}
    |              |             | (Judgement #3)
    |              |             |
    V              V             V
Packet #1 See Common Packet #1
Packet #2 See Common Packet #5
Packet #3 See Common Packet #20

  Part A (BASIC)
     1. TN1 transmits an IKE_SA_INIT request to NUT.
     2. Observe the messages transmitted on Link A.
     3. TN1 transmits an IKE_SA_INIT response to NUT.
     4. Observe the messages transmitted on Link A.
     5. TH1 transmits an Echo Request and TN1 forwards an Echo Request with IPsec ESP using
         corresponding algorithms to NUT.
     6. Observe the messages transmitted on Link A.


Observable Result

  Part A
       Step 2: Judgment #1
       The NUT transmits an IKE_SA_INIT response including "ENCR_3DES",
       "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed
       algorithms.
       Step 4: Judgment #2
       The NUT transmits an IKE_AUTH response including "ENCR_3DES",
       "AUTH_HMAC_SHA1_96" and "No Extended Sequence Numbers" as proposed algorithms.
       Step 6: Judgment #3
       The NUT transmits an Echo Reply with IPsec ESP using corresponding algorithms.


Possible Problems

  * None.