摘要
作为新一代网络安全标准,IPSEC提供网络层的安全服务,通过对IP报文的加密和验证,保证数据在传输过程中的安全.为用户提供基于IPSEC的端到端的安全是网络发展的一个趋势.包过滤防火墙是根据协议和端口对数据包进行过滤,由于IPSEC封装了报文中一些重要信息,使得IPSEC与防火墙不能同时有效地工作.在IPSEC与防火墙兼容问题上,本文提出了一种让防火墙介入IPSEC的密钥协商阶段的解决方案.通过防火墙在内外节点之间建立基于IPSEC的安全连接,从而实现内外节点之间的安全通信.
IPSEC, a new standard of network security, provides security services at the IP layer and ensures the packets transmitted safely in Internet by authenticating and encrypting. The endto-end security service based on IPSEC is a trend of network development. As IPSEC encapsulates some important information of packets, it can not cooperate efficiently with packets filter firewall, which filters packets according to protocol and port. This paper presents a reasonable scheme, which makes firewall interpose the key agreement phase of IPSEC. It can ensure the safe communication between the inner and the outer node by establishing the safe connection based on IPSEC.
出处
《浙江工业大学学报》
CAS
2005年第4期411-413,424,共4页
Journal of Zhejiang University of Technology
