Test Suite for secure devices & routers | Certification support

IKE/IPsec Inspector

Flexible software tools deliver verifiable IT security

Established network protocols, such as Standard Transport Layer Security (TLS) and Internet Key Exchange (IKE)/Internet Protocol Security (IPsec), are recognised standards that today form the basis for secure networks. However, implementation and configuration are extremely complex and can present loopholes for hackers if not performed correctly.

Potential threats associated with cyber security

Systems communicate via public networks

  • Internet, wireless networks
  • Data can be intercepted and changed

Protecting the integrity of the data

  • Sensor data, control signals

Preventing interception by third parties

  • Trade secrets, personal data

Identification of the communication partners

  • Contracts

In many cases, all of these measures are required

  • Banking transactions, Critical infrastructure

achelos test suites secure your network

achelos offers test tools to test your products and solutions for security and conformity in a manufacturer-independent approach. With our IKE/IPsec Inspector test suite, you can find loopholes and errors in the implementation and configuration of your network connections and then eliminate these in a targeted way. The IKE/IPsec inspector tests the complete structure of the IKE connection, all the way up to mutual authentication and reaction to incorrect behaviour, such as

  • Missing or wrong parts of communication
  • Incorrect key material
  • Incorrect certificates
  • Unsuitable cipher suites
  • Incorrect reaction to manipulations

The IKE Inspector from achelos can be used flexibly, all the way up to automated test runs. Extremely efficient test management and various simulation environments are available for this purpose. Implementation of the security protocols is investigated in detail and results are logged for future reference.

Protocols guarantee authenticity, integrity and confidentiality

Internet Protocol Security (IPsec) is one protocol family

  • Encapsulating Security Payload (ESP) defined in RFC 4303
  • ESP secures IP packets
  • For example used by VPN gateways

achelos test suites are based on strict security requirements

The catalogue of test cases is continuously expanded and is based on requirements from the following sources:

  • Functional specifications
  • Technical guidelines (TR)
  • Certifications
  • Cryptographic standards
  • Application notes for Common Criteria certification
  • Evaluation standards
  • Penetration tests
  • Documentation requirements in line with Common Criteria

Get started right away – cyber security is achievable

Use the manufacturer-independent test suites from achelos, developed together with an accredited test center, to secure your IKE network connections. Thanks to its flexible architecture and implementation, the test suites from achelos can be used immediately, regardless of the products involved.

To protect themselves from cyber-attacks achelos supports:

  • Network component manufacturers
  • Evaluators and certification bodies
  • System Operators
  • Company IT departments
  • Government bodies

Automated test procedure for professionals

A large number of test and evaluation bodies are already using the Qumate by achelos test suites to perform tests within the framework of accredited test procedures.

The architecture and implementation of the test suites has a modular structure. Various test suites, tools and simulations can be integrated on the basis of the Qumate by achelos testcenter. Automated tests and detailed test reports are used to measure product quality. All you need is a powerful PC without any special IT infrastructure or a complex laboratory environment.

Architecture of the IKE test environment

Benefits when using IKE/IPsec Inspector

Benefits when using IKE/IPsec Inspector

  • Prevention of IT configuration errors
  • Compliant with security guidelines of the Federal Office for Information Security (BSI)
  • Cost saving thanks to faster certification
  • Efficient testing thanks to high degree of automation
  • Convenient simulation environment and excellent ease-of-use
  • Scope and depth of testing, as well as attack scenarios can be individually selected
  • Reproducible and audit-compliant documentation of test results

Our test suites include the following:

  • The expert knowledge of our BSI-trained employees
  • Continuous further development of the Qumate platform since 2009
  • The practical experience of the established Qumate by achelos testcenter in the field of critical infrastructures
  • A high degree of automation: fast, flexible and with verifiable results

achelos test environment – test coverage

IKE/IPsec Inspector

  • Verifies the Internet Key Exchange implementation on the basis of IKE v.2.
  • Handles test aspects of the IPsec level
  • Defenition bases are:
    • IETF RFC 3602 "The AES-CBC Cipher Algorithm and its use with IPsec"
    • Federal Office for Information Security (BSI) "Requirements of cryptographically secured VPN channels / trusted channel in the German CC certification scheme IKE/ IPsec version 0.0.2"
  • Simulates an IKE responder


Product versions

Product versions

The IKE test suite including test tools is available:


IKE/IPsec Inspector


  • Simulation environment
  • Software Development Kit (SDK)

Heinfried Cznottka

Director Security Solutions


+49 5251 14212-327