| With the rapid development of informationization,brings greater convenience to people,and brings new problems to people.Network security issues are especially prominent in many issues,especially as enterprises have become more and more concerned about network security issues.At the same time,the enterprise pays more attention to the cost input while guaranteeing the information safety.The traditional way is to use firewall technology and IPSec VPN technology.And the IPSec VPN tunnel is deployed on a physical firewall,so as to ensure the safety of the plaintext information transmission on Internet,but the firewall will cause the waste of resources.To a certain extent,improve the operation of the enterprise cost.This thesis is based on IPSec VPN and firewall technology.At the same time,with the constant development of virtualization technology background,proposed a new way of establishing IPSec VPN tunnel,namely the establishment of IPSec VPN tunnel in firewall virtualization scenarios.This way not only can effectively guarantee the security of enterprise information transmission,but also can maximize the utilization of a firewall resources,reduce the enterprise cost.A physical firewall is logically divided into multiple virtual firewalls.Each virtual firewall is considered as an independent IPSec VPN gateway,and the IPSec VPN tunnel is deployed between the gateways,so as to ensure the security of enterprise information.This thesis mainly works as follows:(1)This thesis analyzes the research status of IPSec VPN and firewall virtualization as well as the research background at home and abroad.And proposes the design scheme of building a IPSec VPN tunnel in the context of firewall virtualization.At the same time,it introduces related IPSec VPN technology,related IPSec protocol and working model,and security alliance.(2)Make requirements and design of the functional modules of the system.Manily include the initialization of firewall vittualization solutions,the device initialization function,the command line function,the IPSec VPN tunnel negotiation function and VPN tunnel safety scheme analysis and design..(3)According to the requirements analysis and design,to implement IPSec VPN system related functions in firewall virtualization scenarios.Mainly includes firewall logically virtualization,the device initialization function,function of the command line,the function of IPSec VPN tunnel to negotiate and the realization of the VPN tunnel safety strengthening scheme.The IPSec VPN tunnel negotiation function includes SA negotiation,SA renegotiation,communication between IKE module and IPSec module.The IPSec VPN system under firewall virtualization scenarios designed by this thesis has verified in practice,and achieved good results.The IPSec VPN system not only ensures the safe transmission of business data,but also can guarantee the maximum utilization of the enterprise firewall,reduced the enterprise cost,and verify the effectiveness of the system design. |
PDF Full Text Request