NAT-Traversal With UDP Encapsulation

IPSec is a common technique which is an important part of VPN (Virtual Private Network). It can help us not only deal with various security threats on Internet, but also ensure effectively safe data transmissions. However, in applications the technique of IPSec is not compatible with the technique of NAT, which is used to solve problems of IPv4 address lack. The agreement of IPSec in VPN is used to keep the data integrality in transmissions, but any change to IP address or transmission tags in transmissions will be regarded as a violation to this agreement and cause the result that data packages can not be passed by security checks and will be lost. The application of NAT in VPN is inevitable to map private addresses to public addresses, which changes IP address. The incompatibility has limited the application scope of NAT and IPSec, and especially is inconvenient for remote users to visit VPN servers.The cooperation between NAT gateway and IPSec gateway is necessary in the application field of network security. Therefore, I put forward the technique of UDP Encapsulation across NAT based on the X.509 Certificate and increasing loads to explore if VPN between gateways can support NAT traversal and NAT can exist between gateways during the negotiation of IKE to SA. I also bring forward increasing control to UDP Encapsulation and Free Encapsulation from ESP message, and testing and analyzing the whole process. I analyze some unsolved problems about passing NAT by using UDP Encapsulation.I consider demands from own university's network and come up with traveling NAT by using UDP Encapsulation to achieve the compatibility between VPN and NAT, not redeploying NAT equipments in existence. I plan out a complete project of NAT traversal based on the whole structure by improving data encapsulation formats and expanding relative agreement functions.