| IP Security (IPSec) is a technical standard of security for all Internet communicates, designed to provide interoperable, high quality, eryptographically-based security for IPv4&IPv6. The set of security services offered includes access control, connectionless integrity, data-origin authentication, against replays, confidentiality and limited traffic flow confidentiality. These services are provided at the IP layer, offering protection for IP and/or upper layer protocols.The Internet Control Message Protocol (ICMP) is an integral part of IP and must be implemented by every IP module. The purpose of ICMP is to provide feedback about problems in the communication environment.IPSec and ICMP are important protocols, but there is conflict between them. The problem is: the ICMP packets can't forward correctly to the source host, when the IPSec used in Tunnel-mode. This conflict problem has been overcomed in some Router products. But the method is protected as business secret. By analyzing protocols, the reason of conflict is: in the packet of ICMP, there is not enough information for forwarding. Based on the SA of primary IPSec protocol, an improved IPSec protocol is put forward to avoid the problem. In this method, the Host Identify Information (HII) for forwarding are added into the SA as selectors, such as the source and destination host IP address, the port number of source host. When the gateway received the ICMP packets, the HII, contained in SA, will be found in the SAD by the triple-set. The triple-set is composed of the SPI, destination IP address and the security protocol of IPSec, contained in the ICMP packet.The IPSec VPN is designed according to the improved IPSec protocol. It works in Windows operating system, as a separate module, getting the IP datagram and processing, to build a new format of IP datagram. And then forward the datagram. The improved protocol can provide a satisfactory solution and has a good compatibility with the primary IPSec protocol without reducing the specialities of it. |
PDF Full Text Request