关键词: Internet协议安全性, 虚拟专用网, 网络地址转换, UDP封装

Abstract: IPSec architecture and Network Address Translation (NAT) are widely used in the Internet today.However, the incompatibility between them limits the development of Virtual Private Network (VPN) based on IPSec technology. The Internet Engineering Task Force (IETF) proposed a series of drafts based on User Datagram Protocol (UDP) encapsulation to solve this problem. But the solution did not cover the double NATtraversal in IPSec VPN. According to the methods of UDP encapsulation and double NAT-traversal, this paper proposed a feasible solution to solve the problem of NAT-traversal in different situations,and the feasibility was clarified in detail.

Key words: Internet Protocol Security (IPSec), Virtual Private Network (VPN), Network Address Translation (NAT), UDP encapsulation