New solution for IPSEC passing through NAT

The application range of IP security protocol (IPSEC) is badly restricted due to the incompatibility of IPSEC and network address translator (NAT). The rule that must to be followed by the solutions for IPSEC passing through NAT is that IPSEC pass through NAT without any changes to the routers and NAT on the Internet. There are limits to the current three solutions. It can barely be realized to execute the NAT ahead of executing the IPSEC. It is difficult to deploy the realm specific IP (RSIP). The incompatibility of IPSEC and NAT can only be solved partially by user data packet (UDP) encapsulation of the IP encapsulating security payload (IPSEC ESP) packets. A new solution, UDP encapsulation of IPSEC packets, was developed. The new solution eliminates the impact from NAT to IPSEC by protecting the origin IP addresses and ports of the IPSEC packets through encapsulating the IPSEC packets with UDP header. The feasibility of this solution was demonstrated. The analyse shows that the new solution has evident advantages over the others and can remove the incompatibilities between IPSEC and NAT effectively and expediently.