| Nowadays, VPN based on IPSec technique is used more and more widely. Among them, a kind of having broad market prospective conception is that remote VPN clients use local ISP services to establish a tunnel with the IPSec VPN Gateway of the their organizations, visiting the subnet behind the VPN Gateway. In order to realize this conception, IETF proposed the ISAKMP configuration method in 1997, and the DHCP configuration method in 2003.Researching and analyzing on the above 2 configuration methods, and aiming to their shortages, a more effective and more scalable configuration method - automatic authentication configuration method was proposed. Its designing thought was that adding an authenticating agent and an inner address pool managing module on IPSec VPN Gateway, adding an authenticating function on client. So after succeeding in authentication, clients can fetch a unique virtual IP, using it for visiting subnet information.The authentication communication between VPN Gateway and clients use defined protocol. In consideration of the system on the client computers generally are Windows OS, so on the implementation of clients, NDIS Miniport Driver is used, implementing a virtual NIC accomplishing information configuration of the virtual IP, inner DNS, WINS server, and so forth. Also this method need add the routing information on the route table. In order to implement the IPSec function on clients, NDIS-HOOK technique and corresponding cryptographic and signature algorithm is used. The packets, which need send or have been received, should be checked on the Security Policy Database, which is the set of the SPD and SA information from the IKE negotiation and is saved in IPSec kernel.The implementation of using this automatic authentication configuration method is used widely, also it can be applied in many different network environment. |
PDF Full Text Request