Interworking between IP security and NAT-PT under IPv4/IPv6 co-existent environments

被引:0
作者
Ye, RG [1 ]
Yu, SY [1 ]
Yang, HW [1 ]
Song, C [1 ]
机构
[1] Chinese Acad Sci, Comp Network Informat Ctr, Beijing 100080, Peoples R China
来源
Network Architectures, Management, and Applications II, Pts 1 and 2 | 2005年 / 5626卷
关键词
IPv4/IPv6; transition; NAT-PT; IP security; NAT traversal;
D O I
10.1117/12.575599
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Similar to conventional NAT gateways, NAT-PT gateways break traditional TCP/IP's end-to-end argument property; hence, any IP-based applications protected by IPSec protocol cannot traverse NAT-PT gateways properly. The interworking issues between IPSec and NAT-PT gateways under IPv4/IPv6 co-existent environments were studied: This paper first pointed out the deficiency of current NAT-Traversal scheme when interworking with NAT-PT gateways and proposed an enhanced scheme, which enabled interworking between IPSec and NAT-PT gateways and served the following three scenarios: 1) secure communication between IPv6 hosts and IPv4 hosts; 2) secure communication between IPv6 subnets and IPv4 subnets; 3) secure communication between remote IPv6 hosts and legacy IPv4 subnets.
引用
收藏
页码:1245 / 1253
页数:9
相关论文
共 9 条
[1]  
[Anonymous], 2401 IETF RFC
[2]   Methods and protocols for secure key negotiation using IKE [J].
Borella, MS .
IEEE NETWORK, 2000, 14 (04) :18-29
[3]  
Harkins Dan, 1998, 2409 IETF RFC
[4]  
HUTTUNEN B, 2004, IETF DRAFT FEB
[5]  
KIVINEN T, 2004, IETF DRAFT FEB
[6]  
PATEL B, 2003, 3456 IETF RFC
[7]  
PEREIRA R, 1999, IETF DRAFT AUG
[8]  
Shieh SP, 2000, IEEE INTERNET COMPUT, V4, P42, DOI 10.1109/4236.895015
[9]  
Tsirtsis G., 2000, RFC 2766
1