摘要: 分析IPv4/IPv6过渡时期NAT-PT和IPSec协议的兼容性解决方案,并基于此提出一种增强的IPSec分段保护方案,通过对IKE协议的适当改进增加了发起方对NAT-PT转换网关的发现和自动处理机制,提高了NAT-PT转换网关的透明性。性能分析显示该方案具有较好的安全性和适应性,便于过渡网络安全策略的实施。
关键词:
协议转换,
分段协商,
转换网关
Abstract: This paper analyzes the solution about the compatibility between IPSec and Network Address Translation-Protocol Translation(NAT-PT) in IPv4/IPv6 interim, and puts forward an enhanced IPSec application solution in segments. It increases the discovery and automatic mechanism through the improvement to IKE protocol, and improves the transparence of the NAT-PT translation gateway. The performance analysis shows that it is more secure and flexible, and is convenient for the implement of security strategy in transition network.
Key words:
Protocol Translation(PT),
negotiation in segments,
translation gateway
中图分类号:
张志龙;杜学绘;钱雁斌. 增强的NAT-PT和IPSec兼容解决方案[J]. 计算机工程, 2008, 34(22): 148-149.
ZHANG Zhi-long; DU Xue-hui; QIAN Yan-bin. Enhanced Compatibility Solution Between NAT-PT and IPSec[J]. Computer Engineering, 2008, 34(22): 148-149.