Title :
Research on IPSec-based NAT-PT transition mechanism
Author :
Peng, Weiping ; Zhou, Yajian ; Wang, Cong ; Yang, Yixian
Author_Institution :
Key Lab. of Network & Inf. Attack & Defence Technol. of MOE, Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
Similar to conventional NAT technology, NAT-PT gateways break traditional TCP/IP´s end-to-end argument property which result in IPSec can not be applied in NAT-PT environment, and would fall flat when the pool of IPv4 addresses is exhausted. A solution by adding IP transform message, modifying the address mapping tables and session tables, using port transform strategy with inner host computer character in IKE negotiation was proposed which implemented bidirectional communication among the nodes of IPv4 and IPv6, and made NAT-PT compatible with ESP and AH. Performance analysis shows that the proposed scheme is feasible and effective.
Keywords :
IP networks; performance evaluation; protocols; AH; ESP; IKE negotiation; IP transform message; IPSec; IPv4; IPv6; NAT-PT gateways; address mapping tables; bidirectional communication; inner host computer character; performance analysis; port transform strategy; session tables; Bidirectional control; Computer science; Electrostatic precipitators; Information security; Internet; Mechanical factors; Network address translation; Protocols; TCPIP; Telecommunication switching; IKE negotiation; IPSec; NAT-PT; Transition Mechanism;
Conference_Titel :
Network Infrastructure and Digital Content, 2009. IC-NIDC 2009. IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-4898-2
Electronic_ISBN :
978-1-4244-4900-6
DOI :
10.1109/ICNIDC.2009.5360823
