Abstract: Today, both IPSec technology and network address translator(NAT) technology are widely used in the internet, but these also take some problems and conflicts. In reference, Pan puts forward the traversal solution of IPSec-NAT to solve such conflict, however, the performance proposed in his paper is not quite ideal. This paper gives some efficient improvements which are based on Pan[1], and the method works well with multiple clients behind NAT trying to establish IPSec communications with a certain server simultaneously, at the same time, it improves performance to a great extent.

Key words: IPSec, NAT, UDP encapsulation, VPN

摘要： 网络安全协议（IPSec）和网络地址翻译(NAT)是当前的热点技术，得到广泛的应用。然而IPSec和NAT之间的冲突一直存在，为了解决二者之间的冲突，Ari Huttunen提出了用UDP封装IPsec ESP 包，但是这个方案对NAT后多用户接入留下了两种待解决的情况。最近，潘提出了IPSec穿越NAT多用户的解决方案，但是在性能上考虑得不太充分，该文在潘的基础上提出了改进思想，使得在很好地支持多用户的同时性能达到很大程度的提高。

关键词: 因特网安全协议, 网络地址转换, UDP封装, 虚拟专用网