METHOD AND ARRANGEMENT FOR PROVIDING SECURITY THROUGH NETWORK ADDRESS TRANSLATIONS USING TUNNELING AND COMPENSATIONS
1 Assignment
0 Petitions
Accused Products
Abstract
This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
-
Citations
32 Claims
-
1-23. -23. (canceled)
-
24. A method comprising:
-
receiving, by a computer device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol. - View Dependent Claims (25, 26)
-
-
27. An apparatus comprising at least one processor, and at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor,
receive a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said received packet, determine that the node sending the packet supports the extension of the communications protocol.
-
30. A non-transitory computer readable media, comprising program code for causing a processor to perform instructions for
receiving, by a device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol.
Specification