ATM_ID: 60E3503A-693F-11F0-90F0-C4D1B6ACCDE0

MFF:

PLANNEDTIMESTAFF:

ID: Not_to_use_for_any_Dashboard/CCC/165469

TESTCASE_HEADLINE: IPSEC_SA_LIFETIME_Strongswan

GROUP:

FEATURE:

SUB_FEATURE:

INPUT: <p>Verify IPsec re-negotiation after key life time expires.</p>

PROCEDURE: <p>1 Execute CO_AUTH_WEBUI_AUTHENTICATE_SA.<br />
2 Select [Security] followed by [IPsec] from the Properties Menu on the left side of the page.3 Click [Actions] to navigate to the IP Actions page. Then click [Add New Action] button.4 Enter the following information,when done click [Next].<br />
Name = ”Require Preshared Key 1”<br />
Description = N/A<br />
Keying Method = Internet Key Exchange (IKEv1)<br />
Pre-shared Key Passphrase = ”ObsidianOrder1” </p><p>5 Select the following options then click [Save]. (Click [OK] to respond to the settings confirmation pop-up which follows).<br />
IKE Phase 1 Settings:<br />
Key Lifetime = 86400 Seconds</p><p>IKE Phase 2 Settings:<br />
IPsec Mode = Transport Mode<br />
IPsec Security = ESP<br />
Perfect Forward Secrecy = DH Group 14 (2048-bit MODP)<br />
Hash = SHA-256<br />
Encryption = AES-CBC-128/256<br />
Key Lifetime = 28800 Seconds<br />
6 Click [Host Groups] to display the IP Host Groups page.  Then click [Add New Host Group]7 Enter the following information,when done click [Save]. (Click [OK] to respond to the settings confirmation pop-up which follows)</p><p>Name = “Windows 10 Client”<br />
Description = N/A<br />
Set the following address options:<br />
IPv4<br />
Address type = Specific<br />
IP Address = 172.16.0.102</p><p>8 Click [Security Policies] to navigate to the IPsec Policies page.9 Create a new policy. Set the following options then click [Add Policy]. (Click [OK] to respond to the settings confirmation popup which follows)</p><p>Host Groups = Windows 10 Client<br />
Protocol Groups = All<br />
Action = Require Preshared Key 1 </p><p>10 At Windows 10 Workstation,enable the Firewall and the IPsec Policy rule created.                                                                 Important: Please refer the Document 'How to Set up IPsec on Windows 10'.11 Test protocol connectivity. From the Windows workstation execute the following commands:</p><p>LPR -S 172.16.0.10 -P lp &amp;lt;location of 16MPS.ps&amp;gt;<br />
12 In the ESS enter the below command in /var path.</p><p>tcpdump -w ipsec.pcap ip host &amp;lt;WINDOWS IP&amp;gt;</p><p>13 In the ESS of WINDOWS enter the below command</p><p>ping -i 5 &amp;lt;DEVICE IP&amp;gt;14 Wait for 24+ Hours and stop the ping and tcpdump commands running in the ESS.15 In MFD,using WinSCP navigate to:<br />
/var</p><p>and copy the ipsec.pcap file to the local drive of PC.16 Open the copied ipsec.pcap file with Wire Shark tool and verify that the IPsec Phase-1 and Phase-2 re-negotiation happened at the specified time intervals.</p>

TEST_COVERED_BY:

SRT_ANALYZATION:

OUTPUT: <p>See CO_AUTH_WEBUI_AUTHENTICATE_SA.The {WEBUI IPSEC PAGE} will be displayed.The {WEBUI IPSEC Add New Action Step 1 of 2 page} will be displayed.The {WEBUI IPSEC Add New Action Step 2 of 2 page} will be displayed.1. The {WEBUI IPSEC PAGE} will be displayed.</p><p></p>
<ol><li value="2">The newly created action will be displayed on this page.<br />
<br />
(Note: Generates event 39 IPsec Configured event)The {WEBUI IPSEC New Host Group page} will be displayed.1. The {WEBUI IPSEC PAGE} will be displayed.<br />
</li><li value="2">The newly created Host group will be displayed on this page.<br />
The {WEBUI IPSEC Policy page} will be displayed1. The {WEBUI IPSEC Policy page} will be displayed<br />
</li><li value="2">The newly created policy will be displayed on this page.<br />
</li><li value="3">It will be the bottom-most policy<br />
(Note: Generates event 39 IPsec Configured event) <br />
N/A. (See Document Shared)The print job will succeed. IPsec will be negotiated.The command will start executing by giving output similar to <br />
<br />\
tcpdump: listening on eth0,link-type EN10MB (Ethernet),capture size 262144 bytesThe ping command will be executed successfully and the output will be similar to the below:<br />
<br />
<br />
PING 172.16.0.52 (172.16.0.52) 56(84) bytes of data.<br />
64 bytes from 172.16.0.52: icmp_seq=1 ttl=64 time=2.82 ms<br />
64 bytes from 172.16.0.52: icmp_seq=1 ttl=64 time=3.71 ms<br />
64 bytes from 172.16.0.52: icmp_seq=1 ttl=63 time=13.9 ms<br />
64 bytes from 172.16.0.52: icmp_seq=1 ttl=63 time=24.7 ms<br />
<br />
The command execution stopped successfullyThe packet capture file copied to the local folder successfully.The “isakmp” Main mode packets will be captured at 24 hours time interval and Quick mode packets will be captured at 8 hours time interval.</li></ol>

PROCESS:

PRIORITY:

TEST_TYPE:

LOE:

RESOURCE_HW:

RESOURCE_CONSUMEABLES:

RESOURCE_MEDIA:

SKILL_SET:

TEST_CASE_TYPE:

TESTCASE_SOURCE:

SPEC:

SPEC_NUM:

SPEC_VERSION:

SPEC_TAG:

ATM_OWNER:

APPROVE_QE:

APPROVED_QE:

APPROVE_SE:

APPROVED_SE:

APPROVE_SPAR:

APPROVED_SPAR:

ASSOCIATED_TESTCASES:

TRAINING:

TESTCASE_VERSION:

TESTCASE_STATE:

TESTCASE_PLATFORM:

TESTCASE_PRODUCT:

TESTCASE_FAMILY:

TESTCASE_APPROVALS:

CDATE: 1753438137

MDATE: 1753438137

MUSER: USWU53416

AUTHOR: USWU53416

ATM_MCOMMENTS: Imported from spreadsheet

HISTORY:

ATM_LOCKED:

ATM_REQLINK:

ATM_REQCOUNT: 0

QA_TEAM:

TC_WEIGHTAGE:

FILENAME:

FILEDESC:

FILES:

RELEASE:

COMPETENCY:

AUTOMATION_GROUP:

TESTCASE_STEPS_ARE_RELATED_TO:

REASON_FOR_AUTOMATABLE:

PRECONDITION_TO_BE_DONE:

ACTION_TO_BE_DONE:

COMMON_FUNCTIONALITY:

COMMONALITY_DETAILS:

CONSTRAINTS_DAR:

DEVELOPMENT_COMPLETE_TIME:

PO_SIGNOFF_DATE:

COMPLEXITY_PRECONDITIONS:

COMPLEXITY_OUTPUT_VALIDATION:

AUTOMATABLE:

AUTOMATION_CANDIDATE:

TESTCASE_MODIFICATION_REQUIRED:

APTEST_UPDATE_STATUS:

DEVICE_CATEGORY:

TC_WORK_LOCATION_CAT:

AUTOMATION_TC_VALIDATION: