Research And Implementation Of Secure VPN Gateway Based On IPSec

With the fast development of computer network, network provides convenience and benefits for people, but it also makes people face to the challenge of information security. Currently, network security problem has been one of hot themes of computer network, and VPN technology is one of new technologies to resolve network security problems. VPN builds private network on public network, and it applies correlative security technologies to realize the security communication between mobile uses and intranet, each branch office and enterprise headquarter, enterprise and cooperative fellows.IPSec, released in August 1995 by IETF, is a series of criterions to provide lower security support for the security problems of Internet. It is a generic term of a group of open protocols, which include encapsulating security payload (ESP), authentication header (AH), Internet key exchange (IKE) and security association (SA). VPN, constructed by applying IPSec, can provide security IP tunnels between intranet sites, and sensitive data of enterprise cannot be peeked and distorted. From the aspect of security, IPSec precede layer 2 tunnel protocols (such as L2TP) obviously. This thesis mainly researches, designs and realizes VPN system model based on IPSec.The research contents include 3 aspects in this thesis:1. Based on the research of VPN background, VPN basic technology and VPNtypes, VPN tunneling technique are analyzed and compared in security.2. IPSec security protocol, Internet key exchange (IKE), the work principle and process of each constituent of IPSec protocol are analyzed and researched systematically.3. Based on the analysis of IPSec protocol architecture, an improved program is present for IPSec complexity based on the VPN application circumstance from one gateway to another gateway. Then, the implementation method of this improved program is researched, and this program is realized by a prototype system. At last, the function and performance of this system are tested, and the test results are analyzed andevaluated.The researches of this thesis provide a method of realizing VPN by IPSec, and provide a new idea for making good use of IPSec in real application circumstance to ensure the communication security of VPN.