中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeNetworking TechnologiesNetworking TCP/IPAn IPv6 Deployment Guide Chapter 9: Security issues in an IPv6 based networking environment

9.4.10 NAT-PT/NAPT-PT

As noted in RFC 2766 [RFC2766], NAT-PT and end-to-end security do not work together. When an IPv6-only node (X) initiates communication to IPv4-only node Y, the packets from X have certain IPv6 source and destination addresses which are both used in IPSec (AH or ESP) and TCP/UDP/ICMP checksum computations. Since NAT-PT translates the IPv6 address of X into an IPv4 address that has no relationship to X’s IPv6 address, there is no way for recipient Y to determine X’s IPv6 address and in that way verify the checksums.
‹ 9.4.1 General Management Issues with Tunnelsup9.4.10.1 Prefix Assignment ›