摘要
IPSec体系结构保证数据在网络中安全地传输。在通过网络时,一些NAT设备如防火墙对数据包头所做的改动,会产生一些问题。文章讨论了VPN和防火墙穿透的不兼容性,及进行防火墙穿透设计的要求,并设计了一种方案,使初始IKE协商和随后的认证/加密通信在IPSecAH/ESPSA中正常工作。
IPSec architecture is based on the concept of keeping data secure while it is being transported across a network.Therefore there are problems when packet headers changes while in transmit across the network,by virtue of NAT devices such as firewalls.This paper discusses the incompatibilities between VPN and NAT,and the requirements for firewall traversal.Then a solution is proposed to make both initial IKE negotiations and subsequent authenticated/encrypted communications across IPSec AH/ESP SAs work.
出处
《计算机工程与应用》
CSCD
北大核心
2003年第4期183-185,188,共4页
Computer Engineering and Applications
