| The rapid expansion of Internet and broadband businesses has made possible the use of Internet, which is open and public, to build VPN for enterprises and government. While such a private networking scheme is both cheap and convenient, it has brought some security issues as well. Therefore, in this paper, the emphases are given to approaches to assure secure data transmission over public network with efficiency affection accounted.A widely used scheme to implement VPN, the IPSec protocol, is researched. Using this protocol, an embedded high-speed VPN gateway based on network processor is designed; test and analysis is performed on the prototype system. It turns out the software system worked correctly. Further analysis upon testing results has revealed the bottleneck of VPN system using IPSec, and provided references to later improvement of our hardware platform.The NAT is an effective solution to the urgent lack of IPv4 address space, and the IPSec a qualified solution to secure data transmission. The NAT and IPSec each serve an indispensable role in their particular field, and more and more application tends to combine the two into a single solution. However, this combination is not considered properly when these protocols are designed, and this has lead to an incompatible problem when NAT and IPSec are to cooperate with each other. To solve the problem, thorough work has been conducted in our research, and a novel solution proposed -the tunneled NAT. In this solution, no modification to current IPSec architecture is needed; expansion the function of NAT gateway is the sole requirement to achieve good compatible between NAT and IPSec.
|
PDF Full Text Request