《IPSec论文:基于IPSec协议的VPN穿越NAT的研究与实现.doc》由会员分享,可在线阅读,更多相关《IPSec论文:基于IPSec协议的VPN穿越NAT的研究与实现.doc(3页珍藏版)》请在三一文库上搜索。
1、IPSec论文:基于IPSec协议的VPN穿越NAT的研究与实现 【中文摘要】网络地址转换(Network Address Translation, NAT) 和虚拟专用网(Virtual Private Network, VPN) 分别是用以缓解 IP 地址被耗尽和建立安全通信和的常用技术。 但 NAT 协议和支撑 VPN 的 IPSec 协议在兼容性上存在先天性的不足。IPSec 协议的主要作用是 保护数据安全,在数据传输过程中,对 IP 地址传输标志的修改,都被 视为对IPSec 协议的违背,从而致使数据包无法通过安全检查而被丢 弃;但在 VPN中运用 NAT 修改 IP 地址是不可避免
2、的。因此,在 VPN 网 络中,如何使IPSec 和 NAT 协同工作是极为重要的。本研究旨在探讨 如何解决 IPSec 和NAT 的兼容性,论文的主要工作包括:1、研究与分 析了 NAT 协议和 IPSec协议。从二者的组成、工作原理及作用等方面 入手,深入分析了 NAT 协议和 IPSec 协议的兼容性问题,同时也分析了 几种已经存在的解决方案的优缺点。2、研究了基于 UDF 协、议的 NAT 双向穿越技术。本文采用了基于超结点的 UDP 穿透 NAT 的方法,完成 节点在不同内网之间的穿越,使之成为一种可自由通信的网络。3、改 进了 IPSec 穿越 NAT 的方法。本文提出了用 UDP
3、 封装整个 IPSec 数据 包的方法,不但能有效解决 IPSec 和NAT 的不兼容问题,支持所有的协 议和模式,而且也具有实现和部署容易的特点。4、设计并实现了基于 IPSec 的 VPN 穿越 NAT 系统。整个系统由应用层和驱动层组成,应用 层主要完成参数和用户信息的设置,然后将设置信息传递给驱动层; 而驱动层则实现 IPSec 和 NAT 的功能。本研究给出了实现 IPSec 和 NAT 兼容的 VPN 勺一种完整的思想和方法,针对 IPSec VPN 实现所面 临的问题如 NAT 穿越问题、数据包封装问题,提出了完整的解决办法 从而实现内网通过 In ternet 连网,实现自由安
4、全的互访。 【英文摘要】NAT (Network Address Tran slatio n, NAT) and virtual private network (Virtual Private Network, VPN)can ease the IP addresses are being depleted and the establishme nt of secure com muni cati ons and a com mon tech no logy. However, NAT support VPN, IPSec protocol and protocol compatibili
5、ty exist in congenital deficiencies. Because IPSec VPN protocol to assume the task of protect ing data security in data transmission, any IP address changes with transmission flag, were see n as a breach of IPSec protocol, and result in data packets through the security check can not be discarded; b
6、ut in the use of VPN, NAT, inevitably modify the IP address. Therefore, in the VPN network, how to work with IPSec and NAT is extremely importa nt.This study aimed to explore how to resolve the compatibility of IPSec and NAT, the paper s main fun cti ons in clude:1. Research and an alysis of IPSec N
7、AT protocols. From the two, working principle and function of other aspects, in-depth analysis of the NATprotocol and IPSec protocol compatibility issues, but also an alyzes several existi ng soluti ons adva ntages and disadva ntages.2. Study the tech no logy Of UDP-basedNAT-waythrough the tech no l
8、ogy. In this paper, used the method based on the super -node of UDP through NAT, the differe nt no des within the n etwork to complete the traverse betwee n, maki ng it a free com muni cati on n etwork.3. Improved method of IPSec through NAT. In this paper, the use of UDP en capsulated IPSec packet
9、method, not only can effectively solve the IPSec and NAT in compatibilities, supports all of the protocols and models, but also has characteristics of easy impleme ntatio n and deployme nt.4. Design and implementation of IPSec-based VPNthrough NATsystem. The system consists of the application layer
10、and driver layer, application layer parameters and user information to complete the main set, and then set the information to the driver layer; the driver layer is to achieve the fun cti on of IPSec and NAT.This paper gives a complete ideas and methods of realization of the IPSec compatible with NAT. For IPSec VPN problems, such as to achieve the NATtraversal problem, packet encapsulation problem, a complete solution is given, enabling the n etworks based In ternet n etwork ing to achieve free and safe excha nge of visits. 【关键词】IPSec NAT VPN UDP 穿越 UDP 封装 【英文关键词】IPSec NAT VPN UDP