1.Under IPsec page, Click on "Host Groups "tab and click on "ADD New Host Group" button to open "NEW HOST GROUP" page. Provide "HTTP" as Name under Group name. 2.Select IPv4 radio button and select "Specific" under Address Type and provide the IPv4 address of the Linux PC under IP address and save the settings. 3.Click on "Protocol Groups" tab and click on "ADD New Protocol Group" button to open "NEW Protocol GROUP" page and Provide "HTTP Group" as the "Group Name" select "HTTP " and "HTTPS" under the list of protocols and save the settings. 4.Under Actions tab, click on "Add New Action" button to create a new action . 5.Provide a name for this action and select IKE as the Keying Method and select Digital Certificate Option and from the Server validation Certificates drop down , Select the Root CA certificate and Click on next button. 6.Give key life time for phase1 as 24 hours and DH Group as group 2 IPSEC Security as ESP and phase2 lifetime as 24 hours perfect forward secracy as None.
7.Hash algorithm as SHA256 and 3DES as encryption and save the settings. Under the Security policies tab. 8.select the host group created in step2 above and select the protocol group created in step4 and select the action created in step5 and click on ADDpolicy button to add the policy. Server Configuration: 9.Strongswan is installed in the linux PC. 10. Create a macthing policy in the linux server using strongswan.
Open the web page using the ip address of the device. ESP packets are listed once the IPsec connection is established. This confirms that the IKE digital signature authentication supports certificate trust configuration where CA and peer device certificates and trusted CA certificates used are generated by one common CA., , ,
OUTPUT: PROCESS: PRIORITY: TEST_TYPE: LOE: RESOURCE_HW: RESOURCE_CONSUMEABLES: RESOURCE_MEDIA: SKILL_SET: TEST_CASE_TYPE: TESTCASE_SOURCE: SPEC: FS_41.005_IPSec SPEC_VERSION: SPEC_TAG: 1: MFD should be Upgraded with the latest build. 2: MFD, Windows client and linux CA server are in the same subnet. 3: From Windows 2008 server, generate MFD device certificate, Peer device certificate and trusted root certificate 4: Upload MFD device certificate under "CA-Signed Device Certificate(s)" page in MFD. 5: Upload trusted root certificate generated from the Windows server into Trusted root certificates page in MFD. 6: In the Linux server, copy the Peer device certificate generated from Windows CA under /etc/strongswan/ipsec.d/certs folder and Trusted root certificate generated from Windows 2008 server onto /etc/strongswan/ipsec.d/cacerts folder. 7:Wireshark is installed in the Linux server PC. 8: User is currently in IPSec by navigating through Properties -> Security-> IPsec. 9: HTTP should be configured in the MFD. ATM_OWNER: APPROVE_QE: APPROVED_QE: APPROVE_SE: APPROVED_SE: APPROVE_SPAR: APPROVED_SPAR: ASSOCIATED_TESTCASES: TRAINING: TESTCASE_VERSION: TESTCASE_STATE: TESTCASE_PLATFORM: TESTCASE_PRODUCT: TESTCASE_APPROVALS: CDATE: 1498215685 MDATE: 1498215685 MUSER: q4BVX0J1 AUTHOR: q4BVX0J1 ATM_MCOMMENTS: Imported from spreadsheet HISTORY: ATM_LOCKED: ATM_REQLINK: DB4B9FD0-6C30-1014-B4D5-FA8C56619FB6, 1A698AAA-5658-11E7-94FC-0DE7D40A4651 ATM_REQCOUNT: 2 QA_TEAM: TC_WEIGHTAGE: FILENAME: FILEDESC: FILES: