RESEARCH ON IPSEC-BASED NAT-PT TRANSITION MECHANISM

被引:1
作者
Peng, Weiping [1 ]
Zhou, Yajian [1 ]
Wang, Cong [1 ]
Yang, Yixian [1 ]
机构
[1] Beijing Univ Posts & Telecommun, Key Lab Network & Informat Attack & Def Technol M, Beijing 100088, Peoples R China
来源
2009 IEEE INTERNATIONAL CONFERENCE ON NETWORK INFRASTRUCTURE AND DIGITAL CONTENT, PROCEEDINGS | 2009年
关键词
IPSec; NAT-PT; Transition Mechanism; IKE negotiation;
D O I
10.1109/ICNIDC.2009.5360823
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Similar to conventional NAT technology, NAT-PT gateways break traditional TCP/IP's end-to-end argument property which result in IPSec can not be applied. in NAT-PT environment, and would fall flat when the pool of IPv4 addresses is exhausted. A solution by adding IP transform message, modifying the address mapping tables and session tables, using port transform strategy with inner host computer character in IKE negotiation was proposed which implemented bidirectional communication among the nodes of IPv4 and IPv6, and made NAT-PT compatible with ESP and AH. Performance analysis shows that the proposed scheme is feasible and effective.
引用
收藏
页码:222 / 226
页数:5
相关论文
共 8 条
  • [1] HUTTUNEN A, 2000, UDP ENCAPSULATION IP
  • [2] JUNG SW, 2005, 8 INT C INF SEC ISC
  • [3] MONTENEGRO G, 2001, RFC3104
  • [4] TSIRTSIS G, 2000, RFC2766 NATPT
  • [5] [叶润国 Ye Runguo], 2004, [微电子学与计算机, Microelectronics & Computer], V21, P19
  • [6] Zeng Li-An, 2003, Journal of Software, V14, P2037
  • [7] ZHANG GW, 2006, COMPUTER ENG DESIGN, V27, P1867
  • [8] [祝芝梅 Zhu Zhimei], 2004, [计算机应用, Computer Applications], V24, P27
1