摘要
IP安全协议(IPSec)已成为构建虚拟专用网(VPN)的主要安全协议,而网络地址转换(NAT)作为解决目前IP地址危机的有效方法,通常被集成在防火墙系统内,广泛应用在现有的通信网络中.本文详细分析了IPSec与NAT在协同工作时产生的不兼容问题,比较现有的几种解决方案,并在专用协议栈的防火墙内采用 UDP封装的方法解决两者的兼容性问题.
Perhaps IPSec is most commonly used in building virtual private network. NAT is widely deployed in Internet as a method to solve lack of IP addresses, usually integrated in firewall. This paper describes incompatibility between IPSec and NAT when they work together, compares some solutions for it, and chooses the method of UDP encapsulation based on special protocol stack to solve the incompatibility.
出处
《河南师范大学学报(自然科学版)》
CAS
CSCD
北大核心
2005年第1期33-36,共4页
Journal of Henan Normal University(Natural Science Edition)
基金
广东省科技计划资助项目(2003C101038)
关键词
虚拟专用网
IP安全协议
网络地址转换
封装安全负载
UDP封装
Virtual Private Network (VPN)
IP security (IPSec)
address translation (NAT)
encapsulating security payload (ESP)
UDP encapsulation
