中小企业基于IPSec的VPN安全方案的设计与实施

诚信承诺我谨在此承诺：本人所写的毕业论文《中小企业基于IPSec的VPN安全方案的设计与实施》均系本人独立完成，没有抄袭行为，凡涉及其他作者的观点和材料，均作了注释，若有不实，后果由本人承担。承诺人（签名）：年月日1摘要本文陈述了虚拟专用网VPN技术，并在数据安全和IPSec协议体系架构的概念、工作原理、特点及应用的基础上，分析了基于IPSec的VPN在中小企业公司网络安全的应用。阐述了基于IPSec的VPN的数据流量从发送、传输到接收端都使用安全的数据访问通道的实现过程。并将IPSecVPN应用于杭州洪铭通信技术有限公司分公司与主公司之间，使他们能进行安全互联和资源共享。详细介绍了基于IPSec的VPN，通过Internet虚拟专线安全互联解决在中小企业公司间不使用专线互联的问题中所发挥的重要作用。关键词：IPSec（Internet协议安全性）；VPN（虚拟专用网）；IKE（Internet密钥交换）；AH（认证头）；ESP（封装安全载荷）2ABSTRACTThisarticleintroducesbasedontheconceptofdatasecurityandIPsecprotocolarchitecture.IPsecprotocol’sworkingprinciple,characteristicsandapplicationofthevirtualprivatenetworkVPNtechnology.ItanalyzedbasingontheIPsecVPNnetworksecurityappliedtosmallandmediumenterprisesanddescribedthedatatrafficfrombasedontheIPsecVPN,transmittothereceivingendsecuredataaccesschannelimplementationprocess.ItraisedthesolutionsbasedontheIPsecVPNappliedtoHangzhouHongMingCommunicationTechnologyLimitingcompanyandBranchwiththemaincompanysecureinterconnectionandresourcesharing.DemonstratedindetailbasedontheIPsecVPNwhichusedinmiddleandsmallenterprisesinter-companydoesnotusethelineinterconnectionThroughtheInternettosolvetheimportantroleplayedintheVirtualPrivateLineSecurityInternet.Keywords：IPSec(InternetProtocolSecurity);VPN(VirtualPrivateNetwork);IKE(InternetKeyExchange);AH(AuthenticationHeader);ESP(EncapsulatingSecurityPayload)3目录1.引言...........................................................................................................62.VPN概述和比较......................................................................................82.1VPN产生背景..........................................................................................82.2传统的解决方案.......................................................................................82.3VPN的产生..............................................................................................82.4VPN定义..................................................................................................82.5VPN基本原理..........................................................................................82.6VPN的主要分类......................................................................................92.7VPN技术比较..........................................................................................93.数据安全基础.........................................................................................103.1数据在Internet上传输的主要威胁......................................................103.2数据加解密.............................................................................................103.3对称加密算法.........................................................................................103.4非对称加密算法.....................................................................................103.5组合加解密技术.....................................................................................113.6数据完整性.............................................................................................113.6.1摘要算法..........................................................................................113.6.2数字签名..........................................................................................113.6.3数字证书..........................................................................................124.IPSec体系结构......................................................................................134.1IPSec产生背景......................................................................................134.2IPSec概述..............................................................................................134.3IPSec关键概念......................................................................................134.3.1安全关联..........................................................................................134.3.2安全关联数据库..............................................................................144.3.3安全参数索引..................................................................................144.3.4安全策略数据库..............................................................................144.3.5安全关联注意事项..........................................................................144.4IPSec出入站包处理流程......................................................................154.4.1出站包处理流程..............................................................................154.4.2入站包处理流程..............................................................................164.5IPSec工作模式......................................................................................174.5.1隧道模式..........................................................................................174.5.2传输模式..........................................................................................174.6IPSec安全协议......................................................................................184.6.1AH认证头协议...............................................................................184.6.2ESP封装安全载荷协议..................................................................214.7IPSec密钥管理....................