Method and apparatus for traversing a translation device with a security protocol
US7346770B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 31, 2002 |
| Grant date | Mar 18, 2008 |
| Priority date | — |
| Expiry date | Oct 6, 2024 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/164
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The invention uses a three phase IKE protocol main mode negotiation to implement a port float algorithm that permits UDP encapsulated ESP traffic to traverse an IPSec-aware NAT. The NAT is connected to a plurality of client computers on a private network and provides an interface between the client computers and a server connected to a public network. In a first phase, a client and the server determine whether both are capable of sending UDP encapsulated ESP packets. In a second phase, the client and server conduct NAT discovery and determine whether the client, server, or both operate behind a NAT. In a third phase, the client and server initiate a port float algorithm, moving a destination UDP port specified in IKE packets from a first port value to a second port value. The server maintains a data structure that allows the server to identify the client sending IKE packets after exiting the second phase and entering the third phase.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.