Design Of IPSec-based VPN Gateway And It's Application In E-Government System

With the development of E-Government, more and more confidential and extremely valuable information is transferred public on the Internet. The loss caused by the attack to the Internet is heavier. Therefore, the requirement to the security of Internet is pressing. Seeking for a complete network solution has become an important factor in system integration service for every network enterprise.Virtual Private Network(VPN) is a constructing network technology which,in order to obtain the security level of private networks,transfer private datagram on public network by encapsulation and encryption of network data. Key of the VPN is the security of communication, and security protocol to computer network is the core technology which supplies the communication security. Internet Engineering Task Force(IETF)provided the IP security guarantee for transferring sensitive information in an unprotected network in Nov.,1998. IPSec provides these security services at the IP layer.It protects and authenticates IP packets transferring between IPSec devices. IPSec does the safe handling of high-intensity on the packets in the IP-layer, and provides verification of data source, connectionless data integrity, data confidentiality, anti-replay and other security services.This paper aims at further research on Virtual Private Network(VPN) a popular security technique based on the IP Security Protocol architecture(IPSec) of TCP/IP protocol system. Based on present E-Government, an IPSec-based VPN gateway is designed and implemented.The following research content and achievement are included:1) This paper make a in-depth study on the TCP/IP protocol stack network layer security protocol IPSec, and finally confirms the IPSec mode as the implementation protocol of VPN gateway to satisfy the security demands in the E-Government network.2) This paper put forward an IPSec-based design proposal in connection with IPSec protocol and the environment feature of gateway-to-gateway, including IPSec processing module, key exchange module, NAT module, key security management module. And design high-performance interface function for encryption& disencryption of data packet, providing data structure for implementation of gateway.3) To fulfil the demand of secure, high-performance, stable VPN gateway, this paper choose IXP425 series CPU from Intel, SSX31 as encryption algorithm IC and pose the detail of implementation of embedded proposal.