在局域网中应用IPSec的主要问题及解决方案

The Main Problems and Solustions of Applicating IPSec in LAN

IPSec主要是通过对整个IP报文进行加密和认证,防止外部对IP头信息的访问来提供安全服务,而NAT、防火墙都要访问或者修改IP报文的头信息。局域网内用户如何让IPSec、NAT和防火墙协调工作,对此提出了一种解决方案,该方案主要是在数据报文应用完IPSec协议之后增加一个外部头,这个外部头可以方便NAT和防火墙处理又不与IPSec产生冲突,实现了三者的协调工作。

In order to prevent from being accessed to the information of IP header, IPSee provides security services mainly by encrypting and authenticating the whole IP packets. But accessing to the information of IP header is the thing that NAT and Firewall should do. Under this circumstance, this paper puts forward a solution that makes IPSec, NAT and Firewall work together harmoniously. In this solution, after being dealt by IPSec, the IP packets were added a new outer header. The new header can be dealt by NAT and Firewall correctly, this processing will not collide with IPSec.