摘要
为解决因特网密钥交换协议(IKE)与网络地址转换(NAT)协同工作问题,通过解析NAT对IKE数据包的改动操作,分析了两者不兼容的表现及原因,采用浮动UDP端口号的方法,对NAT探测载荷内容进行2次HASH运算,并依据上述方法给出了使二者协同工作的详细设计。根据设计中对原有方案的改进,给出了设计的安全性分析。
Research on co-operation between internet key exchange (IKE) and network address translation (NAT) is done. Through analysing the operation on IKE packages by NAT and analyzing incompatible manifestations and reasons, the methods of floating UDP ports are adopted, and NAT detecting payloads are verified two times by HASH calculation. According to changes made by the design, security analysis is proposed on it.
出处
《计算机工程与设计》
CSCD
北大核心
2005年第6期1551-1553,1556,共4页
Computer Engineering and Design
