Title

  Test IKEv2.EN.I.1.1.11.2: Non zero RESERVED fields in IKE_AUTH response
  Part A (BASIC)

Purpose

  To verify an IKEv2 device ignores the content of RESERVED filed in IKE messages.

References

  [RFC 4306] - Sections 2.5

Test Setup

  * Network Topology
     Connect the devices according to the Common Topology.
  * Configuration
     In each part, configure the devices according to the Common Configuration.
  * Pre-Sequence and Cleanup Sequence
     IKEv2 on the NUT is disabled after each part.

Procedure

   NUT                  TN1
(End-Node)           (End-Node)
    |                    |
    |------------------->| IKE_SA_INIT request (HDR, SAr1, KEi, Ni)
    |                    | (Judgement #1)
    |<-------------------| IKE_SA_INIT Response (HDR, SAr1, KEr, Nr)
    |                    | (Packet #1)
    |                    |
    |------------------->| IKE_AUTH request (HDR, SK {IDi, AUTH, N, SAi2, TSi, TSr})
    |                    | (Judgement #2)
    |<-------------------| IKE_AUTH response (HDR, SK {IDr, AUTH, N, SAi2, TSi, TSr})
    |                    | (Packet #2)
    |                    |
    |<-------------------| IPsec {Echo Request}
    |                    | (Packet #3)
    |------------------->| IPsec {Echo Reply}
    |                    | (Judgement #3)
    |                    |
    V                    V


 N: USE_TRANSPORT_MODE

Packet #1 See Common Packet #2

Packet #2 See Common Packet #4 All RESERVED fields are set to one.

Packet #3 See Common Packet #19

  Part A (BASIC)
     1. NUT starts to negotiate with TN1 by sending IKE_SA_INIT request.
     2. Observe the messages transmitted on Link A.
     3. TN1 responds with an IKE_SA_INIT response to the NUT.
     4. Observe the messages transmitted on Link A.
     5. After reception of IKE_AUTH request from the NUT, TN1 responds with an IKE_AUTH
        response whose RESERVED fields are set to one to the NUT
     6. TN1 transmits an Echo Request with IPsec ESP using corresponding algorithms to NUT.
     7. Observe the messages transmitted on Link A.

Observable Results

  Part A
       Step 2: Judgment #1
       The NUT transmits an IKE_SA_INIT request including "ENCR_3DES",
       "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed
       algorithms.

       Step 4: Judgment #2
       The NUT transmits an IKE_AUTH request including "ENCR_3DES",
       "AUTH_HMAC_SHA1_96" and "No Extended Sequence Numbers" as proposed algorithms.

       Step 7: Judgment #3
       The NUT transmits an Echo Reply with IPsec ESP using ENCR_3DES an
       AUTH_HMAC_SHA1_96.

Possible Problems

  * None

`Packet #1`	`See Common Packet #2`
`Packet #2`	`See Common Packet #4 All RESERVED fields are set to one.`
`Packet #3`	`See Common Packet #19`