摘要
在IPSec VPN系统的大规模应用中往往存在内部网络地址配置冲突的问题,仅修改冲突的地址又会导致整个网络配置兼容性的问题。本文深入分析了内部网络地址冲突给基于IPSec的虚拟专网系统带来的影响,从改进Win-dows VPN体系结构入手,有针对性地提出在传统的Windows VPN系统中增加虚拟网卡,并在进行隧道协商时使用虚拟网卡地址标记隧道策略的解决方案。实践证明,基于虚拟网卡技术的方案能够有效解决VPN系统应用中的内部地址冲突问题,又不会对原有的网络配置产生影响,大大降低了用户的管理成本,有很好的实际应用效果。
A serious conflict problem of the native IP addresses appears in the largescale applications of the VPN system, which leads to a new compatibility problem of network configuration that only modifies the compatible native IP address. This paper analyses the effect of the conflict problem that different hosts use the same native IP address and gives a scheme of using the virtual network card address to flag the IPSec policy in a virtual private network, and presents a new Windows VPN architecture applying a virtual network card which can resolve the native IP address conflict problem well and bring about new characteristics of a VPN application.
出处
《计算机工程与科学》
CSCD
北大核心
2010年第7期8-12,共5页
Computer Engineering & Science
基金
国家自然科学基金资助项目(60573120)
