| 专用协议栈的防火墙内IPSec与NAT协同工作的研究 |
| |
| 引用本文: | 蒋琳,张会汀,方俊彬,郑力明.专用协议栈的防火墙内IPSec与NAT协同工作的研究[J].河南师范大学学报(自然科学版),2005,33(1):33-36. |
| |
| 作者姓名: | 蒋琳 张会汀 方俊彬 郑力明 |
| |
| 作者单位: | 暨南大学,信息科学技术学院,广州,510632;暨南大学,信息科学技术学院,广州,510632;暨南大学,信息科学技术学院,广州,510632;暨南大学,信息科学技术学院,广州,510632 |
| |
| 基金项目: | 广东省科技计划资助项目(2003C101038) |
| |
| 摘 要: | IP安全协议(IPSec)已成为构建虚拟专用网(VPN)的主要安全协议,而网络地址转换(NAT)作为解决目前IP地址危机的有效方法,通常被集成在防火墙系统内,广泛应用在现有的通信网络中.本文详细分析了IPSec与NAT在协同工作时产生的不兼容问题,比较现有的几种解决方案,并在专用协议栈的防火墙内采用 UDP封装的方法解决两者的兼容性问题.
|
| 关 键 词: | 虚拟专用网 IP安全协议 网络地址转换 封装安全负载 UDP封装 |
| 文章编号: | 1000-2367(2005)01-0033-04 |
| 修稿时间: | 2004年10月28 |
Research on Cooperation Between IPSec and NAT in Firewall Based on Special Protocol Stack |
| |
| JIANG Lin,ZHANG Hui-Ting,FANG Jun-bin,ZHENG Li-ming.Research on Cooperation Between IPSec and NAT in Firewall Based on Special Protocol Stack[J].Journal of Henan Normal University(Natural Science),2005,33(1):33-36. |
| |
| Authors: | JIANG Lin ZHANG Hui-Ting FANG Jun-bin ZHENG Li-ming |
| |
| Abstract: | Perhaps IPSec is most commonly used in building virtual private network. NAT is widely deployed in Internet as a method to solve lack of IP addresses, usually integrated in firewall. This paper describes incompatibility between IPSec and NAT when they work together, compares some solutions for it, and chooses the method of UDP encapsulation based on special protocol stack to solve the incompatibility. |
| |
| Keywords: | Virtual Private Network (VPN) IP security (IPSec) address translation (NAT) encapsulating security payload (ESP) UDP encapsulation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
