METHOD AND ARRANGEMENT FOR PROVIDING SECURITY THROUGH NETWORK ADDRESS TRANSLATIONS USING TUNNELING AND COMPENSATIONS
1 Assignment
0 Petitions
Accused Products
Abstract
This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
78 Citations
38 Claims
-
1-23. -23. (canceled)
-
24. A method comprising:
-
communicating, by a device, packets from and/or to another device, wherein the communication involves a network address translation; and maintaining the network address translation by transmitting, by the device, packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device. - View Dependent Claims (25, 26, 27, 28)
-
-
29. An apparatus comprising at least one processor, and at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus to
communicate packets, wherein the communication involves a network address translation; - and
maintain the network address translation by transmitting packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device. - View Dependent Claims (30, 31, 32, 33)
- and
-
34. A non-transitory computer readable media, comprising program code for causing a processor to perform instructions for
communicating, by a device, packets from and/or to another device, wherein the communication involves a network address translation; - and
maintaining the network address translation by transmitting, by the device, packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device. - View Dependent Claims (35, 36, 37, 38)
- and
Specification