基于PKI的IPsec-VPN安全网关设计和研究

Research on IPsec-VPN Security Gateway Based on PKI

部署大型VPN网络的同时也意味着复杂度的增加,只有建立了有效的身份认证和授权机制才能有效地解决这个难题。文中阐述了如何在IPsec-VPN中将PKI证书机制同VPN安全技术结合起来,实现强身份认证和访问控制机制。基于PKI数字证书的身份认证具有良好的安全性和可扩展性、可部署性,对于大型VPN网络,采用PKI证书认证机制作为身份认证技术可能是惟一的选择。

Large-scale deployment of virtual private network means the added complexity.It can to solve the problem only by setting up powerful and efficient authentication and authorization policies.In this essay,how to use PKI certificates to realize authentication and authorization mechanism in VPN is presented.The authentication based on PKI digital certificates has good security,easy to extend and deploy,especially for large-scale VPN,this may be the only choice.