Applying Source-Address-based NAT for IPsec NAT Traversal: PtoP IPsec with NAT Router

M. Katsunori and K. Toshihiko (Japan)


Peer-to-peer Computing, TCP/IP Networks, HomeNetworks, IPsec, and Network Security


IPsec, which provides encryption of IP packets, is incompatible with the widely deployed network address translation (NAT). In current IPsec communications through NAT, only one host inside NAT can receive IPsec requests from outside the NAT. We propose a new IPsec NAT traversal method that enables hosts outside NAT to access different hosts inside NAT. If peer-to-peer IPsec with a NAT router is possible, the devices on a local area network (LAN) can be connected securely. Home LANs are now being installed in many households, and electronic appliances with networking functions (such as networked DVRs, digital TVs, and video cameras) are increasingly used by consumers. Moreover, office networks are being created over many servers and personal computers. For our proposed IPsec NAT traversal method to operate in a LAN, a home or/and office router that incorporates the method needs to be setup. In the method, each host inside NAT is respectively linked to an IP address of an outer host. Therefore, when receiving an IPsec request, a NAT router can decide which destination address that it should translate to based on the source address of the request. Specifically, we propose novel NAT functions that include a user authentication procedure.

Important Links:

Go Back