In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
the ESP AES 128 bit encryption algorithm combined with AH SHA-1 authentication.
In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
marks all incoming AH packets with the ESP mark. The tunnel mode connection is
tested by <b>carol</b> sending a ping to client <b>alice</b> hiding behind 
gateway <b>moon</b>.