Advanced Search
Volume 33 Issue 01
Jan.  2007
Turn off MathJax
Article Contents
Journal of Beijing University of Aeronautics and Astronautics  > 2007  >  33(01): 63-66.
Peng Jinbing, Long Xiang, Gao Xiaopeng, et al. New solution for IPSEC passing through NAT[J]. Journal of Beijing University of Aeronautics and Astronautics, 2007, 33(01): 63-66. (in Chinese)
Citation: Peng Jinbing, Long Xiang, Gao Xiaopeng, et al. New solution for IPSEC passing through NAT[J]. Journal of Beijing University of Aeronautics and Astronautics, 2007, 33(01): 63-66. (in Chinese)
shu

New solution for IPSEC passing through NAT

  • School of Computer Science and Technology, Beijing University of Aeronautics and Astronautics, Beijing 100083, China

  • Received Date: 10 Jan 2006
  • Publish Date: 31 Jan 2007
    Abstract
  • The application range of IP security protocol (IPSEC) is badly restric ted due to the incompatibility of IPSEC and network address translator (NAT). Th e rule that must to be followed by the solutions for IPSEC passing through NAT i s that IPSEC pass through NAT without any changes to the routers and NAT on the Internet. There are limits to the current three solutions. It can barely be real ized to execute the NAT ahead of executing the IPSEC. It is difficult to deploy the realm specific IP(RSIP). The incompatibility of IPSEC and NAT can only be solved partially by user data packet(UDP) encapsulation of the IP enca psulating security payload(IPSEC ESP) packets. A new solution, UDP encapsulation of IPSEC packets, was developed. The new solution eliminates the impact from NA T to IPSEC by protecting the origin IP addresses and ports of the IPSEC packets through encapsulating the IPSEC packets with UDP header. The feasibility of this solution was demonstrated. The analyse shows that the new solution has evident advantages over the others and can remove the incompatibilities between IPSEC an d NAT effectively and expediently.

     

    • FullText(HTML)
  • loading
    • References(1)
  • [1] Srisuresh P, Egevang K.Traditional IP network address translator . 2001-01 . http://www.ietf.org/rfc/rfc3022.txt  [2] Aboba B, Dixon W.IPSEC-NAT compatibility requirements . 2004-03 .http://www.ietf.org/rfc/rfc3715.txt  [3] Kent S, Atkinson R.Security architecture for the internet protocol . 1998-11 . http://www.ietf.org/rfc/rfc2401.txt  [4] Borella M, Grabelsky D.Realm specific IP:protocol specification . 2001-10 .http://tools.ietf.org/html/rfc3103  [5] Huttunen A, DiBurro L.UDP encapsulation of IPSEC packets . 2005-01 .http://www.ietf.org/rfc/rfc3948.txt  [6] Kivinen T, Volpe V.Negotiation of NAT- traversal in the IKE . 2005-01 .http://www.ietf.org/rfc/rfc3947.txt  [7] Honeynet Project.Know your enemy:passive fingerprinting . 2002-03 .http://project.honeynet.org/papers/finger
    • Relative Articles
    • Supplements(0)
    • Cited By
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索
    Get Citation
    PDF
    XML

    Article Metrics

    Article views(2972) PDF downloads(1942) Cited by()
    Proportional views
    Related

    Copyright © Journal of Beijing University of Aeronautics and Astronautics

    Address: Editorial Department of Journal of Beijing University of Aeronautics and Astronautics, 37 Xueyuan Road, Haidian District, Beijing Post Code: 100191 Email: jbuaa@buaa.edu.cn

    Supported by: Beijing Renhe Information Technology Co., Ltd.  

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return