摘 要
以Internet为代表的全球信息化浪潮日益高涨。目前,TCP/IP几乎是所有网络通信的基础,而IP本身是没有提供“安全”的,在传输过程中,IP包可以被伪造、篡改或者窥视。针对这些问题,IPSec可有效地保护IP数据报的安全,它提供了一种标准的、健壮的以及包容广泛的机制,可用它为IP及上层协议(如UDP和TCP)提供安全保证。 目前许多电信运营商采用IPSec隧道加密技术,在宽带业务的基础上推出主要针对商用客户的VPN新业务,为商用客户既提供了高带宽低资费的企业网络联网服务,又提供了在公用网络上拥有私有VPN网络的数据传输安全保障服务,赢得了广大商用客户的青睐。本文将研究IPSec体系结构、技术原理和VPN基本技术,分析了IPSec VPN的主要实现方式,将上述研究得出的成果应用于实际中,结合某国内企业业务发展的需求,设计并创建了一个实用的IPSec VPN网络,并对该网络进行了实际测试。
关键词 IPSec VPN 加密 隧道 安全
I
Abstract
Internet as the representative of the rising tide of global information, information network technology is increasingly popular, application level is in-depth, applications from the traditional, small to large business systems gradually, expanding business-critical systems, along with the popularization of the network security impact of network performance is increasingly becoming important issues. Currently, TCP / IP network communications are almost all based on the IP itself does not provide \can be forged, altered or peep. To solve these problems, IPSec can effectively protect the security of IP datagram, which provides a standard, robust and inclusive mechanisms, can it IP and upper layer protocols (such as UDP and TCP) to provide security guarantees. Many carriers now use IPSec tunnel encryption technology, based on the introduction of broadband services for business customers VPN major new business, both for commercial customers to provide high-bandwidth network with low rates of enterprise network services, also provided on public network own private VPN network, data security services, won the majority of commercial customers. This article will examine the IPSec system structure, the basic technical principles and VPN technology, analysis of the major IPSec VPN implementations, the results of the above studies applied to practical, combining the development of a certain state enterprise business needs, designed and created a practical The IPSec VPN network and the actual testing of the network.
Keywords IPSec vpn Encryption Tunnel Security
II
目 录
摘 要 .......................................................................................................................... I Abstract .................................................................................................................... II 目 录 ....................................................................................................................... III 第1章 绪论 ............................................................................................................... 1
1.1 课题背景 ....................................................................................................... 1 1.2 研究内容 ....................................................................................................... 2 1.3 论文的主要内容和结构安排 ....................................................................... 2 第2章 IPSEC技术基础 ............................................................................................. 3
2.1 IPSEC技术简介 ............................................................................................. 3 2.2 IPSec体系结构 .............................................................................................. 4
2.2.1 ESP(封装安全载荷) ............................................................................ 4 2.2.2 AH(验证头) .......................................................................................... 4 2.2.3 SA(安全联盟) ...................................................................................... 5 2.2.4IKE(Internet密钥交换) ......................................................................... 6 2.3 IPSEC的两种模式 ......................................................................................... 6
2.3.1 传送模式 ............................................................................................. 6 2.3.2 通道模式 ............................................................................................. 7
第3章 VPN技术基础 ................................................................................................. 9
3.1 VPN的概念与安全性 .................................................................................... 9 3.2 VPN的类型 .................................................................................................. 10
3.2.1 RemoteAccessVPN(远程访问虚拟专用网) ..................................... 10 3.2.2 IntranetVPN(企业内部虚拟专用网) ................................................. 10 3.2.3 ExtranetVPN(外连虚拟专用网) ........................................................ 11
第4章 基于IPSEC的VPN设计与实现 ..................................................................... 12
4.1各组件的设计要求 ...................................................................................... 12
4.1.1 IPSec基本协议与目标 ...................................................................... 12 4.2 IPSEC VPN的实现 ...................................................................................... 12
4.2.1 A某企业网络背景分析 ..................................................................... 12 4.2.2 A企业对网络的新需求 ..................................................................... 13 4.2.3实施步骤 ............................................................................................ 13
III