To provide a communication device for processing a plurality of IPsec sessions, and capable of simultaneously establishing a plurality of IPsec sessions to the same IPsec gateway apparatus, and moreover, continuing communications at the plurality of IPsec sessions even when a key is updated (Rekey).
A communication device 15 stores an initiator Cookie for an ISAKMP packet concerning a key exchange protocol between a terminal device 13 and an IPsec gateway apparatus 16 and an SPI of an IPsec ESP packet at a management table as an entry information of each session, along with a sender IP address, a destination IP address, and a sender address after address translation etc., and conducts address translation for the ISAKMP packet or the IPsec ESP packet and transfers the translated packet based on the entry information. After registration of the SPI of IPsec of the terminal device 13 is completed, a request packet for IPsec communication is received from another terminal devices 14, and the packet is processed similarly.
MINATO TORU
FURUKAWA TAKAHIRO
SEKI KOICHI
JP2003526270A | 2003-09-02 | |||
JP2008079059A | 2008-04-03 | |||
JP2005530404A | 2005-10-06 |
WO2007069327A1 | 2007-06-21 |
Shoji Kashiwaya
Koichi Watanabe
Toshiro Ito