Article

IPSec support in NAT-PT scenario for IPv6 transition

Authors:

Souhwan Jung,

Jaeduck Choi,

Younghan Kim,

Sungi KimAuthors Info & Claims

ISC'05: Proceedings of the 8th international conference on Information Security

Pages 194 - 202

https://doi.org/10.1007/11556992_14

Published: 20 September 2005 Publication History

Publisher Site

Abstract

Applying IPSec in NAT-PT environment for end-to-end security fails due to the problems caused by the IP header conversion in NAT-PT server. The IP header conversion causes the receiver to fail to verify the TCP/UDP checksum and the ICV value of the AH header. This study analyses potential problems in applying the IPSec between the IPv6-only node and an IPv4-only node, and proposes a solution to enable the receiver successfully ver-ify the IPSec packet. We also analyze that why the existing NAT-traversal so-lutions in IPv4 fails in NAT-PT environment.

References

[1]

G. Tsirtsis, P. Srisuresh.: Network Address Translation Protocol Translation (NAT-PT), RFC 2766. 2000. 2.

Digital Library

Google Scholar

[2]

S. Satapati.: NAT-PT Applicability, draft-satapati-v6ops-natpt-applicability-00. October 2003.

Google Scholar

[3]

Egevang, K. and P. Francis.: The IP Network Address Translator (NAT), RFC 1631. 1994. 5.

Google Scholar

[4]

Kivinen, T.: Negotiation of NAT-Traversal in the IKE, draft-ietf-IPSec-nat-t-ike-08. February 2004.

Google Scholar

[5]

Huttunen, A. et. al.: UDP Encapsulation of IPSec Packets, draft-ietf-IPSec-udp-encaps-6.txt. January 2003.

Google Scholar

[6]

G. Montenegro, M. Borella.: RSIP Support for End-to-end IPSec, RFC 3104. October 2001.

Digital Library

Google Scholar

[7]

E. Nordmark.: Stateless IP/ICMP Translation Algorithm (SIIT), RFC 2765. February 2000.

Digital Library

Google Scholar

[8]

S. Kent, R. Atkinson.: Security Architecture for the Internet Protocol, RFC 2401. November 1998.

Digital Library

Google Scholar

[9]

S. Kent, R. Atkinson.: IP Encapsulating Security Payload (ESP), RFC 2406. November 1998.

Digital Library

Google Scholar

[10]

S. Kent, R. Atkinson.: IP Authentication Header, RFC 2402. November 1998.

Digital Library

Google Scholar

[11]

D. Harkins, D. Carrel.: The Internet Key Exchange (IKE), RFC 2409. November 1998.

Digital Library

Google Scholar

[12]

Aboba, B. et. Al.: IPSec-Network Address Translation (NAT) Compatibility Requirements, RFC 3715. March 2004.

Digital Library

Google Scholar

IPSec support in NAT-PT scenario for IPv6 transition
1. Networks
  1. Network services

Recommendations

NAT-PT with multicast
AINTEC'06: Proceedings of the Second Asian international conference on Technologies for Advanced Heterogeneous Networks

This work investigates Network Address Translation – Protocol Translation (NAT-PT) as an IPv4/IPv6 transition technique. NAT-PT is adequate for unicast communication, however, there is no provision for multicast address mapping. This paper presents a ...
Tunnel-Based IPv6 Transition

IPv6 transition presents many challenges to the Internet community, and various solutions have been proposed, including dual stack, tunneling, and translation. Tunneling supports "like-to-like" IP connectivity across an "unlike" network, whereas ...
One Novel Method for NAT-PT of IPv4/IPv6 Translator
CSNT '12: Proceedings of the 2012 International Conference on Communication Systems and Network Technologies

From IPv4 to IPv6 is a long evolution process and protocol translation technology will be required during the course of gradual deployment of IPv6. To solve current problem in NAT-PT of IPv4/IPv6 translator, a novel solution which change the session ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ISC'05: Proceedings of the 8th international conference on Information Security

September 2005

516 pages

ISBN:354029001X

Editors:
Jianying Zhou
Cryptography and Security Department Institute for Infocomm Research, Singapore
,
Javier Lopez
Department of Information and Communication Technologies, University of A Coruña, Spain
,
Robert H. Deng
School of Information Systems, Singapore Management University, Singapore
,
Feng Bao
School of Information Systems, Institute for Infocomm Research, Singapore

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 20 September 2005

Author Tags

Qualifiers

Article

Recommendations

NAT-PT with multicast

Tunnel-Based IPv6 Transition

One Novel Method for NAT-PT of IPv4/IPv6 Translator