Research on IPSec-based NAT-PT transition mechanism

Author

Peng, Weiping ; Zhou, Yajian ; Wang, Cong ; Yang, Yixian

Author_Institution

Key Lab. of Network & Inf. Attack & Defence Technol. of MOE, Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2009

fDate

6-8 Nov. 2009

Firstpage

222

Lastpage

226

Abstract

Similar to conventional NAT technology, NAT-PT gateways break traditional TCP/IP´s end-to-end argument property which result in IPSec can not be applied in NAT-PT environment, and would fall flat when the pool of IPv4 addresses is exhausted. A solution by adding IP transform message, modifying the address mapping tables and session tables, using port transform strategy with inner host computer character in IKE negotiation was proposed which implemented bidirectional communication among the nodes of IPv4 and IPv6, and made NAT-PT compatible with ESP and AH. Performance analysis shows that the proposed scheme is feasible and effective.

Keywords

IP networks; performance evaluation; protocols; AH; ESP; IKE negotiation; IP transform message; IPSec; IPv4; IPv6; NAT-PT gateways; address mapping tables; bidirectional communication; inner host computer character; performance analysis; port transform strategy; session tables; Bidirectional control; Computer science; Electrostatic precipitators; Information security; Internet; Mechanical factors; Network address translation; Protocols; TCPIP; Telecommunication switching; IKE negotiation; IPSec; NAT-PT; Transition Mechanism;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Infrastructure and Digital Content, 2009. IC-NIDC 2009. IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-4898-2

Electronic_ISBN

978-1-4244-4900-6

Type

conf

DOI

10.1109/ICNIDC.2009.5360823

Filename

5360823