Method for network packet routing forwarding and address converting based on IPSec security association

A security association, IP address technology, applied in the field of network communication, can solve the problems of not supporting the AH protocol and complex implementation

Inactive Publication Date: 2009-08-05
沈建军
View PDF0 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

With the above UDP encapsulation scheme, the key or security association negotiation can only be completed through IKE that supports NAT traversal; System fa

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for network packet routing forwarding and address converting based on IPSec security association
  • Method for network packet routing forwarding and address converting based on IPSec security association
  • Method for network packet routing forwarding and address converting based on IPSec security association

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The method described in the present invention can be implemented by various types of gateway systems, which can be the software mode of common host plus gateway software, or the hardware mode of special network equipment. The processing of network packets can be realized through the expansion of IPSec and routing protocol stack. It is necessary to expand the definition of SPD and SAD implemented by ordinary IPSec to record the association between IPSec security policies and security associations and network nodes; it is also necessary to modify related configuration tools. To support the configuration management of IPSec security policies and security associations.

[0034] According to the difference of the network architecture and the connection mode of the gateway system, the specific implementation of the routing and forwarding of the incoming message is also different. If the gateway system and the local network node are in the same local area network, then it only...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for route transmission and address conversion of network message based on IPSec security association, which combines the address conversion of a network message, route transmission and IPSec processing together. The method is implemented by a gateway system that connects a local network and an external network and processes the network data stream that goes through the gateway system in one of three types of modes. In an IPSec route transmission mode, the gateway system determines destination (the local network) node and the route of the entry network message according to whether the network message is the IPSec message or the security association used by the IPSec message, and then the gateway system transmits the network message to the destination node; in an IPSec processing and route mode, the gateway system carries out IPSec processing to exit and entry messages as well as route transmission of the entry message based on the security association; and compared with the IPSec processing and route mode, in an IPSec route and address conversion mode, a step of network address conversion is added.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to network layer security (IPSec) technology, network message routing and address conversion technology. Background technique [0002] The gateway system (which can be realized by a host plus gateway software, or a dedicated network device such as a router) usually uses network address translation (NAT) technology to connect the internal LAN and the external network and forward network packets. The basic principle of NAT is to perform address translation when network packets pass through the gateway, replace the source address of the outgoing packet with an address available on the external network, and replace the destination address of the incoming packet with an internal LAN address. For NAT technology, please refer to IETF RFC3022: Traditional IP Network Address Translator (Traditional NAT). [0003] There are two types of NAT: Basic NAT and Network Address Port T...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/56H04L9/00H04L45/74
Inventor 沈建军
Owner 沈建军
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap