ATM_ID: 60BB43B0-693F-11F0-90F0-C4D1B6ACCDE0

MFF:

PLANNEDTIMESTAFF:

ID: Not_to_use_for_any_Dashboard/CCC/165423

TESTCASE_HEADLINE: IPSEC_RSA_AUTHENTICATION_ STRONGSWAN

GROUP:

FEATURE:

SUB_FEATURE:

INPUT: <p></p>

PROCEDURE: <p>1 Execute CO_AUTH_WEBUI_AUTHENTICATE_SA.2 Select [Security] → [Certificates] → [Security Certificates] from the Properties Menu on the left side of the page.3 Select [CA-Signed Device Certificate(s)] tab. Click [Create Certificate Signing Request (CSR)].4 Click the 'View/Export' link and save the CSR file to the Windows Workstation. (When finished,close the browser.)5  Please refer the Document shared  IPsec on Strongswan6 Select [Security] followed by [IPsec] from the Properties Menu on the left side of the page.7 Click [Host Groups] to display the IP Host Groups page. Then click [Add New Host Group]8 Enter the following information,when done click [Save]. (Click [OK] to respond to the settings confirmation pop-up which follows)</p><p>Name = “Ubuntu”<br />
Description = N/A<br />
Set the following address options:<br />
IPv4<br />
Address type = Specific<br />
IP Address = 172.16.0.56<br />
7 Click [Actions] to navigate to the IP Actions page. Then click [Add New Action] button.8 Enter the following information,when done click [Next].</p><p>Name = ”IKE – Certificate”<br />
Description = N/A<br />
Keying Method = Internet Key Exchange (IKEv1)<br />
Select 'Digital Signature Authentication' Option.<br />
Make sure the below Certificates are properly selected.<br />
</p>
<ol><li value="1">Device Authentication Certificate – Select the CA Signed Certificate Installed using Stronswan<br />
</li><li value="2">Peer Validation Certificate – Select the XEROX Root RSA Certificate Installed using Strongswan<br />
9 Select the following options then click [Save]. (Click [OK] to respond to the settings confirmation pop-up which follows).<br />
<br />
IKE Phase 1 Settings:<br />
Key Lifetime = 86400 Seconds<br />
<br />
IKE Phase 2 Settings:<br />
IPsec Mode = Transport Mode<br />
IPsec Security = ESP<br />
Perfect Forward Secrecy = DH Group 14 (2048-bit MODP)<br />
Hash = SHA-256<br />
Encryption = AES-CBC-128/256<br />
Key Lifetime = 28800 Seconds<br />
10 Click [Security Policies] to navigate to the IPsec Policies page.11 Create a new policy. Set the following options then click [Add Policy]. (Click [OK] to respond to the settings confirmation popup which follows)<br />
<br />
Host Groups = Ubuntu<br />
Protocol Groups = All<br />
Action = IKE – Certificate<br />
12 Enable Network Troubleshooting session on device to capture and record all network communication to and from the devices.<br />
<br />
Properties -&amp;gt; Security -&amp;gt; Logs -&amp;gt; Network Troubleshooting -&amp;gt; Click 'Start' button followed by [OK] button.<br />
13 Now Enable IPsec MFD 14 At Ubuntu Workstation Configure the ipsec.conf &amp;amp; ipsec.secrets Files.<br />
<br />\
Important: Please refer the Document shared to enable IPsec on Strongswan<br />
15 Test protocol connectivity. From ubuntu,try to ping MFD16 Disable Network Troubleshooting session on device.<br />
<br />
Properties -&amp;gt; Security -&amp;gt; Logs -&amp;gt; Network Troubleshooting -&amp;gt; Click 'Stop' button followed by [Continue] button. <br />
17 Click 'Download Data Log' button to download the capture and analyse the traces.</li></ol>

TEST_COVERED_BY:

SRT_ANALYZATION:

OUTPUT: <p>See CO_AUTH_WEBUI_AUTHENTICATE_SA.The Security Certificates page will be displayed.The Create Certificate Signing Request (CSR) will be displayed.The file will download successfully.N/A. (See Document Shared)The {WEBUI IPSEC PAGE} will be displayed.The {WEBUI IPSEC New Host Group page} will be displayed.1. The {WEBUI IPSEC PAGE} will be displayed.<br />
</p>
<ol><li value="2">The newly created Host group will be displayed on this page.<br />
(Note: Generates event 39 IPsec Configured event)<br />
The {WEBUI IPSEC Add New Action Step 1 of 2 page} will be displayed.The {WEBUI IPSEC Add New Action Step 2 of 2 page} will be displayed.1. The {WEBUI IPSEC PAGE} will be displayed.<br />
</li><li value="2">The newly created action will be displayed on this page.<br />
<br />
(Note: Generates event 39 IPsec Configured event)<br />
The {WEBUI IPSEC Policy page} will be displayed1. The {WEBUI IPSEC Policy page} will be displayed<br />
</li><li value="2">The newly created policy will be displayed on this page.<br />
(Note: Generates event 39 IPsec Configured event) <br />
The session will be started.IPsec will be enabled.N/A. (See Document Shared)The ping will be successful. The Session will be stopped.IPsec will be negotiated.</li></ol>

PROCESS:

PRIORITY:

TEST_TYPE:

LOE:

RESOURCE_HW:

RESOURCE_CONSUMEABLES:

RESOURCE_MEDIA:

SKILL_SET:

TEST_CASE_TYPE:

TESTCASE_SOURCE:

SPEC:

SPEC_NUM:

SPEC_VERSION:

SPEC_TAG:

ATM_OWNER:

APPROVE_QE:

APPROVED_QE:

APPROVE_SE:

APPROVED_SE:

APPROVE_SPAR:

APPROVED_SPAR:

ASSOCIATED_TESTCASES:

TRAINING:

TESTCASE_VERSION:

TESTCASE_STATE:

TESTCASE_PLATFORM:

TESTCASE_PRODUCT:

TESTCASE_FAMILY:

TESTCASE_APPROVALS:

CDATE: 1753438137

MDATE: 1753438137

MUSER: USWU53416

AUTHOR: USWU53416

ATM_MCOMMENTS: Imported from spreadsheet

HISTORY:

ATM_LOCKED:

ATM_REQLINK:

ATM_REQCOUNT: 0

QA_TEAM:

TC_WEIGHTAGE:

FILENAME:

FILEDESC:

FILES:

RELEASE:

COMPETENCY:

AUTOMATION_GROUP:

TESTCASE_STEPS_ARE_RELATED_TO:

REASON_FOR_AUTOMATABLE:

PRECONDITION_TO_BE_DONE:

ACTION_TO_BE_DONE:

COMMON_FUNCTIONALITY:

COMMONALITY_DETAILS:

CONSTRAINTS_DAR:

DEVELOPMENT_COMPLETE_TIME:

PO_SIGNOFF_DATE:

COMPLEXITY_PRECONDITIONS:

COMPLEXITY_OUTPUT_VALIDATION:

AUTOMATABLE:

AUTOMATION_CANDIDATE:

TESTCASE_MODIFICATION_REQUIRED:

APTEST_UPDATE_STATUS:

DEVICE_CATEGORY:

TC_WORK_LOCATION_CAT:

AUTOMATION_TC_VALIDATION: