Test IKEv2.EN.R.2.1.1.1: Sending IKE_AUTH request Part A: IKE Header Format (BASIC) Part B: Encrypted Payload Format (BASIC) Part C: IDr Payload Format (BASIC) Part D: AUTH Payload Format (BASIC) Part E: SA Payload Format (BASIC) Part F: TSi Payload Format (BASIC) Part G: TSr Payload Format (BASIC)
To verify an IKEv2 device transmits IKE_AUTH request using properly Header and Payloads format
* [RFC 4306] - Sections 1.2, 2.15, 3.1, 3.2, 3.3, 3.5, 3.8, 3.10, 3.13 and 3.14
* Network Topology Connect the devices according to the Common Topology. * Configuration In each part, configure the devices according to the Common Configuration. * Pre-Sequence and Cleanup Sequence IKEv2 on the NUT is disabled after each part.
NUT TN1 (End-Node) (End-Node) | | |<-------------------| IKE_SA_INIT request (HDR, SAi1, KEi, Ni) | | (Packet #1) |------------------->| IKE_SA_INIT response (HDR, SAr1, KEr, Nr) | | (Judgement #1) | | |<-------------------| IKE_AUTH request (HDR, SK {IDi, AUTH, SAi2, TSi, TSr}) | | (Packet #2) |------------------->| IKE_AUTH response (HDR, SK {IDr, AUTH, SAr2, TSi, TSr}) | | (Judgement #2) | | V V
Packet #1 See Common Packet #1 Packet #2 See Common Packet #5
Part A: IKE Header Format (BASIC) 1. TN1 transmits an IKE_SA_INIT request to NUT. 2. Observe the messages transmitted on Link A. 3. TN1 transmits an IKE_SA_INIT request to NUT. 4. Observe the messages transmitted on Link A.
Part B: Encrypted Payload Format (BASIC) 5. TN1 transmits an IKE_SA_INIT request to NUT. 6. Observe the messages transmitted on Link A. 7. TN1 transmits an IKE_SA_INIT request to NUT. 8. Observe the messages transmitted on Link A.
Part C: IDr Payload Format (BASIC) 9. TN1 transmits an IKE_SA_INIT request to NUT. 10. Observe the messages transmitted on Link A. 11. TN1 transmits an IKE_SA_INIT request to NUT. 12. Observe the messages transmitted on Link A.
Part D: AUTH Payload Format (BASIC) 13. TN1 transmits an IKE_SA_INIT request to NUT. 14. Observe the messages transmitted on Link A. 15. TN1 transmits an IKE_SA_INIT request to NUT. 16. Observe the messages transmitted on Link A.
Part E: SA Payload Format (BASIC) 17. TN1 transmits an IKE_SA_INIT request to NUT. 18. Observe the messages transmitted on Link A. 19. TN1 transmits an IKE_SA_INIT request to NUT. 20. Observe the messages transmitted on Link A.
Part F: TSi Payload Format (BASIC) 21. TN1 transmits an IKE_SA_INIT request to NUT. 22. Observe the messages transmitted on Link A. 23. TN1 transmits an IKE_SA_INIT request to NUT. 24. Observe the messages transmitted on Link A.
Part G: TSr Payload Format (BASIC) 25. TN1 transmits an IKE_SA_INIT request to NUT. 26. Observe the messages transmitted on Link A. 27. TN1 transmits an IKE_SA_INIT request to NUT. 28. Observe the messages transmitted on Link A.
Part A Step 2: Judgment #1 The NUT transmits an IKE_SA_INIT response including "ENCR_3DES", "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed algorithms. Step 4: Judgment #2 The NUT transmits an IKE_AUTH response including properly formatted IKE Header containing following values:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! IKE_SA Initiator s SPI ! ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! IKE_SA Responder s SPI ! ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload ! MjVer ! MnVer ! Exchange Type ! Flags ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Message ID ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 87 Header format
* An IKE_SA Initiator's SPI field set to same as the IKE_SA_INIT request's IKE_SA Initiator's SPI field value. * An IKE_SA Responder's SPI field set to same as the IKE_SA_INIT response's IKE_SA Responder's SPI field value. * A Next Payload field set to Encrypted Payload (46). * A Major Version field set to 2. * A Minor Version field set to zero. * An Exchange Type field set to IKE_AUTH (35). * A Flags field set to (00010000)2 = (16)10. * A Message ID field set to 1. * A Length field set to the length of the message (header + payloads) in octets.
Part B Step 6: Judgment #1 The NUT transmits an IKE_SA_INIT response including "ENCR_3DES", "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed algorithms. Step 8: Judgment #2 The NUT transmits an IKE_AUTH response including properly formatted Encrypted Payload containing following values:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload !C! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Initialization Vector ! ! (length is block size for encryption algorithm) ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Encrypted IKE Payloads ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! Padding (0-255 octets) ! +-+-+-+-+-+-+-+-+ --+-+-+-+-+-+-+-+ ! ! Pad Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Integrity Checksum Data ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 88 Encrypted payload
* A Next Payload field set to IDr Payload (36). * A Critical field set to zero. * A RESERVED field set to zero. * A Payload Length field set to length in octets of the header, IV, Encrypted IKE * Payloads, Padding, Pad Length, and Integrity Check sum Data. * An Initialization Vector field set to a randomly chosen value whose length is equal to the block length of the underlying encryption algorithm. * An Encrypted IKE Payloads field set to encrypted IKE Payloads * A Padding field set to any value which to be a multiple of the encryption block size. * A Pad Length field set to the length of the Padding field. * An Integrity Checksum Data set to the cryptographic checksum of the entire message. The checksum must be valid.
Part C Step 10: Judgment #1 The NUT transmits an IKE_SA_INIT response including "ENCR_3DES", "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed algorithms. Step 12: Judgment #2 The NUT transmits an IKE_AUTH response including properly formatted ID Payload containing following values:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload !C! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ID Type ! RESERVED ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Identification Data ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 89 ID Payload format
* A Next Payload field set to AUTH Payload (39). * A Critical field set to zero. * A RESERVED field set to zero. * A Payload Length field set to length of the current payload. * An ID Type field set to ID_IPV6_ADDR (5). * A RESERVED field set to zero. * An Identification Data field set to the NUT address.
Part D Step 14: Judgment #1 The NUT transmits an IKE_SA_INIT response including "ENCR_3DES", "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed algorithms.
Step 16: Judgment #2 The NUT transmits an IKE_AUTH response including properly formatted AUTH Payload containing following values:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload !C! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Auth Method ! RESERVED ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Authentication Data ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 90 AUTH Payload format * A Next Payload field set to SA Payload (33). * A Critical field set to zero. * A RESERVED field set to zero. * A Payload Length field set to length of the current payload. * An Auth Method field set to Shared Key Message Integrity Code (2). * A RESERVED field set to zero. * An Authentication Data field set to correct authentication value.
Part E Step 18: Judgment #1 The NUT transmits an IKE_SA_INIT response including "ENCR_3DES", "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed algorithms.
Step 20: Judgment #2
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------------- ! Next 44 !0! 0 ! Length 40 ! | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--- | ! 0 ! 0 ! Length 36 ! | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ! Number 1 ! Prot ID 3 ! SPI Size 4 ! Trans Cnt 3 ! | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ! SPI value ! | | --- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | ! 3 ! 0 ! Length 8 ! | | Transform | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |SA Payload | ! Type 1 (EN) ! 0 ! Transform ID 3 (3DES) ! | Proposal | --- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | ! 3 ! 0 ! Length 8 ! | | Transform | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | ! Type 3 (IN) ! 0 ! Transform ID 2 (SHA1) ! | | --- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | ! 0 ! 0 ! Length 8 ! | | Transform | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | ! Type 5 (ESN)! 0 ! Transform ID 0 (No) ! | | --- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
Figure 91 SA Payload contents
The NUT transmits an IKE_AUTH response including properly formatted SA Payload containing following values (refer following figures):
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload !C! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ <Proposals> ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 92 SA Payload format
* A Next Payload field set to TSi Payload (44). * A Critical field set to zero. * A RESERVED field set to zero. * A Payload Length field set to length of the current payload.
A Proposals field set to following.
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! 0 (last) or 2 ! RESERVED ! Proposal Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Proposal # ! Protocol ID ! SPI Size !# of Transforms! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! SPI (variable) ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ <Transforms> ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 93 Proposal sub-structure format
* A 0 or 2 field set to zero (last). * A RESREVD field set to zero. * A Proposal Length field set to length of this proposal, including all transforms and attributes. * A Proposal # field set to 1. * A Protocol ID field set to ESP (3). * A SPI Size field set to 4. * A # of Transforms field set to 3. * A SPI field set to the sending entity's SPI (4 octets value)
Transform field set to following (There are 3 Transform Structures).
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! 0 (last) or 3 ! RESERVED ! Transform Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ !Transform Type ! RESERVED ! Transform ID ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Transform Attributes ! ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 94 Transform sub-structure format
* A 0 or 3 field set to 3. * A RESERVED field set to zero. * A Transform Length set to length of the Transform Substructure including Header and Attribute. * A Transform Type field set to ENCR (1). * A RESERVED field set to zero. * A Transform ID set to ENCR_3DES (3). * A 0 or 3 field set to 3. * A RESERVED field set to zero. * A Transform Length set to length of the Transform Substructure including Header and Attribute. * A Transform Type field set to INTEG (3). * A RESERVED field set to zero. * A Transform ID set to AUTH_HMAC_SHA1 (2). * A 0 or 3 field set to zero. * A RESERVED field set to zero. * A Transform Length set to length of the Transform Substructure including Header and Attribute. * A Transform Type field set to ESN (5). * A RESERVED field set to zero. * A Transform ID set to No Extended Sequence Numbers (0).
Part F Step 22: Judgment #1 The NUT transmits an IKE_SA_INIT response including "ENCR_3DES", "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed algorithms.
Step 24: Judgment #2 The NUT transmits an IKE_AUTH response including properly formatted TSi Payload containing following values:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload !C! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Number of TSs ! RESERVED ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ <Traffic Selector> ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 95 TSi Payload format
* A Next Payload field set to TSr Payload (45). * A Critical field set to zero. * A RESERVED field set to zero. * A Payload Length field set to length of the current payload. * A Number of TSs field set to 1. * A RESERVED field set to zero.
Traffic Selectors field set to following.
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! TS Type !IP Protocol ID*| Selector Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Start Port* | End Port* | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Starting Address* ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Ending Address* ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 96 Traffic Selector
* A TS Type set to TS_IPV6_ADDR_RANGE (8). * An IP Protocol ID field set to zero. * A Selector Length field set to length of this Traffic Selector Substructure including the header. * A Start Port field set to zero. * An End Port field set to 65535. * A Starting Address field set to NUT address. * A Ending Address field set to NUT address.
Part G Step 26: Judgment #1 The NUT transmits an IKE_SA_INIT response including "ENCR_3DES", "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed algorithms.
Step 28: Judgment #2 The NUT transmits an IKE_AUTH response including properly formatted TSr Payload containing following values:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload !C! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Number of TSs ! RESERVED ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ <Traffic Selectors> ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 97 TSr Payload format
* A Next Payload field set to zero. * A Critical field set to zero. * A RESERVED field set to zero. * A Payload Length field set to length of the current payload. * A Number of TSs field set to 1. * A RESERVED field set to zero.
Traffic Selectors field set to following.
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! TS Type !IP Protocol ID*| Selector Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Start Port* | End Port* | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Starting Address* ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Ending Address* ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 98 Traffic Selector
* A TS Type set to TS_IPV6_ADDR_RANGE (8). * An IP Protocol ID field set to zero. * A Selector Length field set to length of this Traffic Selector Substructure including the header. * A Start Port field set to zero. * An End Port field set to 65535. * A Starting Address field set to TN1 address. * An Ending Address field set to TN1 address.
* None.