IPSEC CONNECTION OVER NAT GATEWAY

摘要

Disclosed are methods and apparatus for methods and apparatus for facilitating a secure connection between a first and a second node in a computer network via a network address translation (HAT) enabled gateway. Embodiments of the present invention provide a seamless integration by providing a uniform solution for establishing secure connections, such as IPSEC, the first node being before and the second node being behind the NAT-enabled gateway or not. In general, the gateway is operable to receive a request from a remote host for a secure connection to a local host that within the home network of the gateway (402, 452). The gateway then forwards this received request to a NAT traversal service (404, 454). The NAT traversal service receives the request and then automatically sends an initiation message to set up a secure session, e.g., performing authentication and exchanging keys (408). In a specific aspect, the setup data utilizes an IKE (Internet Key Exchange) initiation message that is sent to the originator of the request via the gateway (414). Upon receipt of this initiation message, the gateway is then able to set up a two way connection to allow other setup data to flow between the remote and local hosts to complete the setup session and then secure data to flow between the remote and local hosts in a secure communication session, such as in IPSec or VPN session (416).