| 摘要 |
<p>A method and network device for processing nested IPSec tunnels are for processing outbound packets flowing into and inbound packets flowing out an IPSec tunnel via the network device. The network device (3) includes a network interface unit (31), a Security Association database (32), and an IPSec processing unit (33) including a selective encryption module (331) and a selective decryption module (332). The IPSec processing unit is for generating a new IPSec packet through the selective encryption module for an outbound packet determined to be an IPSec-encrypted packet, and for obtaining a plaintext through the selective decryption module for an inbound packet determined to have undergone processing by the selective encryption module.</p> |
