| IKE与NAT协同工作研究与设计 |
| |
| 引用本文: | 郭祥法,李大兴.IKE与NAT协同工作研究与设计[J].计算机工程与设计,2005,26(6):1551-1553,1556. |
| |
| 作者姓名: | 郭祥法 李大兴 |
| |
| 作者单位: | 山东大学,网络信息安全研究所,山东,济南,250100;山东大学,网络信息安全研究所,山东,济南,250100 |
| |
| 摘 要: | 为解决因特网密钥交换协议(IKE)与网络地址转换(NAT)协同工作问题,通过解析NAT对IKE数据包的改动操作,分析了两者不兼容的表现及原因,采用浮动UDP端口号的方法,对NAT探测载荷内容进行2次HASH运算,并依据上述方法给出了使二者协同工作的详细设计。根据设计中对原有方案的改进,给出了设计的安全性分析。
|
| 关 键 词: | 因特网密钥交换协议 NAT穿透 UDP端口 |
| 文章编号: | 1000-7024(2005)06-1551-03 |
Research and design for co-operation between IKE and NAT |
| |
| GUO Xiang-fa,LI Da-xing.Research and design for co-operation between IKE and NAT[J].Computer Engineering and Design,2005,26(6):1551-1553,1556. |
| |
| Authors: | GUO Xiang-fa LI Da-xing |
| |
| Abstract: | Research on co-operation between internet key exchange (IKE) and network address translation (NAT) is done. Through analysing the operation on IKE packages by NAT and analyzing incompatible manifestations and reasons, the methods of floating UDP ports are adopted, and NAT detecting payloads are verified two times by HASH calculation. According to changes made by the design, security analysis is proposed on it. |
| |
| Keywords: | IKE NAT traversal UDP port |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
