METHOD AND ARRANGEMENT FOR PROVIDING SECURITY THROUGH NETWORK ADDRESS TRANSLATIONS USING TUNNELING AND COMPENSATIONS
4 Assignments
0 Petitions
Accused Products
Abstract
This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
-
Citations
43 Claims
-
1-23. -23. (canceled)
-
24. A method of maintaining communication of data packets, comprising:
-
communicating data packets from and/or to a device, wherein the communication involves a determined network address translation; and maintaining the determined network address translation by sending from the device at least one keepalive packet before a time out of the determined network address translation. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. A method of providing address translations, comprising
determining an address translation for communication of data packets between a first device and a second device; -
receiving at least one keepalive packet from at least one of the first device and the second device before time out of the determined address translation for the communication of data packets; and in response to receiving the at least one keepalive packet, maintaining the determined network address translation for the communication of data packets between the first device and the second device. - View Dependent Claims (31, 32, 33)
-
-
34. An apparatus comprising:
-
at least one memory including computer program code; and at least one processor, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to control communication of data packets, wherein the communication involves a determined network address translation, and maintain the determined network address translation by causing sending of at least one keepalive packet before a time out of the determined network address translation. - View Dependent Claims (35, 36, 37, 38, 39)
-
-
40. An apparatus for network address translations, comprising at least one memory including computer program code;
- and
at least one processor, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to determine an address translation for communication of data packets between a first device and a second device; and maintain the determined network address translation for the communication of data packets between the first device and the second device in response to reception of at least one keepalive packet from at least one of the first device and the second device before time out of the determined address translation for the communication of data packets. - View Dependent Claims (41, 42, 43)
- and
Specification