|
|||||
|
|
| IPSEC与防火墙兼容问题研究 | |
| 引用本文: | 郭永艳,段林茂,陈德清.IPSEC与防火墙兼容问题研究[J].浙江工业大学学报,2005,33(4):411-413,424. |
| 作者姓名: | 郭永艳 段林茂 陈德清 |
| 作者单位: | 1. 浙江工业大学,信息工程学院,浙江,杭州,310032 2. 中国计量学院,管理学院,浙江,杭州,310016 3. 杭州高腾科技有限公司,浙江,杭州,310024 |
| 摘 要: | 作为新一代网络安全标准,IPSEC提供网络层的安全服务,通过对IP报文的加密和验证, 保证数据在传输过程中的安全.为用户提供基于IPSEC的端到端的安全是网络发展的一个趋势.包过滤防火墙是根据协议和端口对数据包进行过滤,由于IPSEC封装了报文中一些重要信息,使得IPSEC与防火墙不能同时有效地工作.在IPSEC与防火墙兼容问题上,本文提出了一种让防火墙介入IPSEC的密钥协商阶段的解决方案.通过防火墙在内外节点之间建立基于IPSEC的安全连接,从而实现内外节点之间的安全通信. |
| 关 键 词: | 包过滤防火墙 |
| 文章编号: | 1006-4303(2005)04-0411-03 |
| 收稿时间: | 2004-12-28 |
| 修稿时间: | 2004-12-28 |
Study of compatibility of IPSEC and firewall |
|
| GUO Yong-yan,DUAN Lin-mao,CHEN De-qing.Study of compatibility of IPSEC and firewall[J].Journal of Zhejiang University of Technology,2005,33(4):411-413,424. | |
| Authors: | GUO Yong-yan DUAN Lin-mao CHEN De-qing |
| Abstract: | IPSEC, a new standard of network security, provides security services at the IP layer and ensures the packets transmitted safely in Internet by authenticating and encrypting. The end-to-end security service based on IPSEC is a trend of network development. As IPSEC encapsulates some important information of packets, it can not cooperate efficiently with packets filter firewall, which filters packets according to protocol and port. This paper presents a reasonable scheme, which makes firewall interpose the key agreement phase of IPSEC. It can ensure the safe communication between the inner and the outer node by establishing the safe connection based on IPSEC. |
| Keywords: | IPSEC IKE |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! | |
