| With the rapid development of the Internet,NAT and IPSEC are widely deployed today, the IPSEC-NAT incompatibilities have become a center of attention.The IPSec protocol provide interoperable high quality,cryptographically-based security for IPv4 and IPv6. The set of security services ofered includes access control, connectionless integrity, data origin authentication, protection against replays (a form of partial sequence integrity), confidentiality(encryption), and limited traffic flow confidentiality.These services are provided at the IP layer, ofering protection for IP and/or upper layer protocols.The need for IP Address translation arises when a network of internal IP addresses cannot be used outside the network either of privacy reasons or because they are invalid for use outside the network.Firstly,a general picture of IPSec/NAT is introduced and the incompatibility between IPSec and NAT/NAPT is analyzed in detail in this thesis.Next , after a further analysis,an improved version of UDP encapsulation is proposed and an implementing specification is presented. Finally,some performance resulted from the implementation of UDP encapsulation are discussed. The improved UDP encapsulation method and implementing specification given in this paper may enhances the efficiency and help to implement an UDP encapsulation instance over a current IPSec application. |
PDF Full Text Request