计算机工程 ›› 2006, Vol. 32 ›› Issue (20): 166-167.doi: 10.3969/j.issn.1000-3428.2006.20.060

• 安全技术 • 上一篇    下一篇

IPSec穿越NAT多用户的一种实现方案

陈熊贵1,曹珍富1,郭 圣2   

  1. (1. 上海交通大学计算机系,上海 200030;2. 上海交通大学信息安全学院,上海 200030)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2006-10-20 发布日期:2006-10-20

Improvement on New IPSec-NAT Traversal Solution

CHEN Xionggui1, CAO Zhenfu1, GUO Sheng2   

  1. (1. Department of Computer, Shanghai Jiaotong University, Shanghai 200030; 2. School of Information Security, Shanghai Jiaotong University, Shanghai 200030)
  • Received:1900-01-01 Revised:1900-01-01 Online:2006-10-20 Published:2006-10-20

摘要: 网络安全协议(IPSec)和网络地址翻译(NAT)是当前的热点技术,得到广泛的应用。然而IPSec和NAT之间的冲突一直存在,为了解决二者之间的冲突,Ari Huttunen提出了用UDP封装IPsec ESP 包,但是这个方案对NAT后多用户接入留下了两种待解决的情况。最近,潘提出了IPSec穿越NAT多用户的解决方案,但是在性能上考虑得不太充分,该文在潘的基础上提出了改进思想,使得在很好地支持多用户的同时性能达到很大程度的提高。

关键词: 因特网安全协议, 网络地址转换, UDP封装, 虚拟专用网

Abstract: Today, both IPSec technology and network address translator(NAT) technology are widely used in the internet, but these also take some problems and conflicts. In reference, Pan puts forward the traversal solution of IPSec-NAT to solve such conflict, however, the performance proposed in his paper is not quite ideal. This paper gives some efficient improvements which are based on Pan[1], and the method works well with multiple clients behind NAT trying to establish IPSec communications with a certain server simultaneously, at the same time, it improves performance to a great extent.

Key words: IPSec, NAT, UDP encapsulation, VPN