Study And Implement Of VPN Penetrating NAT Based On IPSec Protocol

NAT (Network Address Translation, NAT) and virtual private network (Virtual Private Network, VPN) can ease the IP addresses are being depleted and the establishment of secure communications and a common technology. However, NAT support VPN, IPSec protocol and protocol compatibility exist in congenital deficiencies. Because IPSec VPN protocol to assume the task of protecting data security in data transmission, any IP address changes with transmission flag, were seen as a breach of IPSec protocol, and result in data packets through the security check can not be discarded; but in the use of VPN, NAT, inevitably modify the IP address. Therefore, in the VPN network, how to work with IPSec and NAT is extremely important.This study aimed to explore how to resolve the compatibility of IPSec and NAT, the paper's main functions include:1. Research and analysis of IPSec NAT protocols. From the two, working principle and function of other aspects, in-depth analysis of the NAT protocol and IPSec protocol compatibility issues, but also analyzes several existing solutions advantages and disadvantages.2. Study the technology Of UDP-based NAT-way through the technology. In this paper, used the method based on the super-node of UDP through NAT, the different nodes within the network to complete the traverse between, making it a free communication network.3. Improved method of IPSec through NAT. In this paper, the use of UDP encapsulated IPSec packet method, not only can effectively solve the IPSec and NAT incompatibilities, supports all of the protocols and models, but also has characteristics of easy implementation and deployment.4. Design and implementation of IPSec-based VPN through NAT system. The system consists of the application layer and driver layer, application layer parameters and user information to complete the main set, and then set the information to the driver layer; the driver layer is to achieve the function of IPSec and NAT.This paper gives a complete ideas and methods of realization of the IPSec compatible with NAT. For IPSec VPN problems, such as to achieve the NAT traversal problem, packet encapsulation problem, a complete solution is given, enabling the networks based Internet networking to achieve free and safe exchange of visits.