IPSec Support in NAT-PT Scenario for IPv6 Transition

  • Souhwan Jung
  • Jaeduck Choi
  • Younghan Kim
  • Sungi Kim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3650)


Applying IPSec in NAT-PT environment for end-to-end security fails due to the problems caused by the IP header conversion in NAT-PT server. The IP header conversion causes the receiver to fail to verify the TCP/UDP checksum and the ICV value of the AH header. This study analyses potential problems in applying the IPSec between the IPv6-only node and an IPv4-only node, and proposes a solution to enable the receiver successfully ver-ify the IPSec packet. We also analyze that why the existing NAT-traversal so-lutions in IPv4 fails in NAT-PT environment.


NAT-PT IPSec IPv6 transition IKE 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Tsirtsis, G., Srisuresh, P.: Network Address Translation Protocol Translation (NAT-PT), RFC 2766, 2 (2000)Google Scholar
  2. 2.
    Satapati, S.: NAT-PT Applicability, draft-satapati-v6ops-natpt-applicability-00 (October 2003)Google Scholar
  3. 3.
    Egevang, K., Francis, P.: The IP Network Address Translator (NAT), RFC 1631, 5 (1994)Google Scholar
  4. 4.
    Kivinen, T.: Negotiation of NAT-Traversal in the IKE, draft-ietf-IPSec-nat-t-ike-08 (February 2004)Google Scholar
  5. 5.
    Huttunen, A., et al.: UDP Encapsulation of IPSec Packets, draft-ietf-IPSec-udp-encaps-6.txt (January 2003)Google Scholar
  6. 6.
    Montenegro, G., Borella, M.: RSIP Support for End-to-end IPSec, RFC 3104 (October 2001)Google Scholar
  7. 7.
    Nordmark, E.: Stateless IP/ICMP Translation Algorithm (SIIT), RFC 2765 (February 2000)Google Scholar
  8. 8.
    Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol, RFC 2401 (November 1998)Google Scholar
  9. 9.
    Kent, S., Atkinson, R.: IP Encapsulating Security Payload (ESP), RFC 2406 (November 1998)Google Scholar
  10. 10.
    Kent, S., Atkinson, R.: IP Authentication Header, RFC 2402 (November 1998)Google Scholar
  11. 11.
    Harkins, D., Carrel, D.: The Internet Key Exchange (IKE), RFC 2409 (November 1998)Google Scholar
  12. 12.
    Aboba, B., et al.: IPSec-Network Address Translation (NAT) Compatibility Requirements, RFC 3715 (March 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Souhwan Jung
    • 1
  • Jaeduck Choi
    • 1
  • Younghan Kim
    • 1
  • Sungi Kim
    • 2
  1. 1.School of Electronic EngineeringSoongsil UniversitySeoulKorea
  2. 2.Telecommunication R&D Center Samsung Electronics Co. LtdSuwon-si, Gyeonggi-doKorea

Personalised recommendations