| 双向NAT环境下的IPSec隧道通信研究 |
| |
| 引用本文: | 潘卫明,游慧.双向NAT环境下的IPSec隧道通信研究[J].计算机仿真,2004,21(6):85-89. |
| |
| 作者姓名: | 潘卫明 游慧 |
| |
| 作者单位: | 1. 金华职业技术学院信息工程学院,浙江,金华,321000
2. 浙江师范大学信息科学与工程学院,浙江,金华,321000 |
| |
| 摘 要: | 随着Intemet规模的快速增长,NAT作为解决IP地址短缺的有效方法被大量应用于网络拓扑中。但NAT的出现带来了网络安全的复杂性,尤其在广泛应用的基于IPSec的VPN系统中,NAT对于IP报文的修改处理与IPSec协议对于IP报文的安全控制产生了极大的冲突,降低了IPSec安全策略对于网络的适应性。该文分析并比较了现有NAT与IPSec兼容性解决方案的技术关键点及其局限性。针对IPSec隧道双向穿透NAT的具体应用,传统的基于设备的点对点隧道协商方式已经无法满足需求。因此该文从VPN系统的角度给出了协作方式基于隧道接力的IPSec解决方案并进行了设计实现。最后该文对该系统的安全性及效率进行了评估。
|
| 关 键 词: | NAT IP地址短缺 网络拓扑 网络安全 IPSec安全策略 网络地址转换 IPSec隧道通信 |
| 文章编号: | 1006-9348(2004)06-0085-03 |
| 修稿时间: | 2004年2月16日 |
Unobstructed IPSec Communication in Dual-NAT Environment |
| |
| PAN Wei-ming,YOU Hui.Unobstructed IPSec Communication in Dual-NAT Environment[J].Computer Simulation,2004,21(6):85-89. |
| |
| Authors: | PAN Wei-ming YOU Hui |
| |
| Affiliation: | PAN Wei-ming~1,YOU Hui~2 |
| |
| Abstract: | With the rapid development of Internet,NAT has gotten more and more extensive application as the solution for shortage of IP addresses. But NAT application has increased the complexity of network security.Especially NAT has brought the conflict with IPSec, between IP package transform and IP package control. This paper firstly compares the advantages and disadvantages between current methods in solving the compatibility of IPSec and NAT. As a illustration in the environment of both sides NAT application,the current methods have little effect. So based on a system precept, this paper refers a new system solution with tunnel relay for compatibility of IPSec and NAT. At last it gives design, implementation and security evaluation of the system. |
| |
| Keywords: | VPN NAT Relay race of tunnel SNMP IKE |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
