Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Network equipment

Research and Implimentation of VPN Gateway Supporting NAT

Author ZhuZhiMei
Tutor LiZhiTang
School Huazhong University of Science and Technology
Course Computer System Architecture
Keywords User Datagram Protocol Package Network address translation through the Virtual private network forwarding gateway Internet Protocol Security
CLC TP393.05
Type Master's thesis
Year 2004
Downloads 176
Quotes 2
Download Dissertation

IPSec as the IP layer security protocol for the IP packet authentication , data integrity and confidentiality protection in the field of network security, in particular virtual private network ( VPN ) plays an important role . Network Address Translation ( NAT ) is a private network addresses within the subnet mapped to one or several on the Internet public network address , which effectively solve the problem of shortage of IPv4 addresses . IPSec and NAT protocol in-depth analysis and found that serious incompatibilities exist between them : when protected by IPSec packets after NAT link , NAT will modify the packet 's IP address or transmission identifier , it will cause the packet can not pass the IPSec security checks , so that communication can not communicate properly . These incompatibilities severely limits the NAT and IPSec to work together . However, in the field of network security applications often require NAT gateway and IPSec VPN gateway can work together. To this end , we propose the use of UDP encapsulation technology to modify existing VPN system in order to achieve the VPN through the NAT . Increase the load in the IKE SA negotiation process between the VPN gateway address detection is supported NAT traversal between the gateway and the existence of NAT . ESP and AH packet UDP encapsulation and decapsulation module . The IPSec processing processes have been modified . Finally, the problem of IP fragmentation encountered in the implementation process , ICMP PMTU an effective solution . For both sides NAT , initiate communication with the VPN device is connected to the VPN device's IP address and consultation port number can not be determined for a variety of reasons , resulting in not establish an encrypted communication tunnel . To this end, we propose to use \Also analyzed using UDP encapsulation through the NAT to be resolved .

Related Dissertations
More Dissertations