| IPSec ( Internet Protocol Security ) has been widely used in the Network systems because of its secrecy ability, high security and highly counteractive ability. According to the traditional design method, Firewall is absolutely necessarily to a local network because of the more and more serious security problems on the internet. At the mean while, another protocol is also widely used in LAN—it is the NAT ( Network Address Translation ) protocol. Why NAT should be used in LAN ? The very strong and reasonable reason is that NAT can solute the shortage problem of IP addresses effectively. So, in a LAN, we have to make the IPSec protocol, NAT protocol and firewall to work together without collision.First, according to analyze the work principle of IPSec protocol, NAT protocol and firewall, we find their work mode, condition and dealing with data are very different, and at the same time we find perhaps where they are conflicted with each other. In order to prevent from being accessed to the information of IP header, IPSee provides security services mainly by encrypting and authenticating the whole IP packets. But accessing to the information of IP header is the thing that NAT and Firewall should do. Afterwards, under this circumstance, this paper puts forward a solution that makes IPSee, NAT and Firewall work together harmoniously. In this solution, after being dealt by IPSee, the IP packets were added a new outer header .The new header can be dealt by NAT and, Firewall correctly , this processing will not collide with IPSec.At last, this paper describes how to add new hadder before IP packets in detail and how to allocate places of IPSec protocol, NAT protocol and firewall. Then , this paper shows the structure pictures of this solution and a part of main code. And at the end we can see the code test results about the solution of IPSec and NAT. |
PDF Full Text Request