GRE over IPsec VPN结合NAT的构建方案研究与实现  被引量:11

The GRE over IPsec VPN research and implementation of combining with the construction scheme of NAT

在线阅读下载全文

作  者:张伟[1] 王凤英[1] 

机构地区:[1]山东理工大学计算机科学与技术学院,山东淄博255049

出  处:《山东理工大学学报(自然科学版)》2017年第3期6-10,共5页Journal of Shandong University of Technology:Natural Science Edition

基  金:国家自然科学基金项目(61473179);山东省重点研发计划项目(2016GGX101027);山东省自然科学基金项目(ZR2014FM007)

摘  要:IPSec和GRE均为构建虚拟专用网所采用的技术,其自身都有其局限性,IPSec不支持广播、组播和非IP数据流,而GRE不支持数据加密.分析了IPSec和GRE各自的优势,结合IPSec的安全性和GRE对广播、组播和非IP数据流支持的特点,提出了GRE over IPSec VPN结合NAT的构建方案,实现了两个局域网之间单播或组播数据的保密通讯,通过运行EIGRP协议交互内网路由信息,进而使用NAT技术实现局域网内部用户脱离VPN访问Internet.依据提出的构建方案,绘制了组网拓扑图,并基于GNS3进行了仿真实验,验证了方案的安全性和可实施性.该方案既满足了不同局域网之间安全通信的需要,也满足了局域网内部用户访问Internet的需求.IPSec and GRE are used to build a virtual private network technology, which has its own limitations. IPSec does not support broadcast, multicast, and non IP data streams while GRE doesn't support data encryption. This paper analyzes the advantages of the IPSec and GRE respectively. We combined with the security of IPSec and the support of GRE to broadcast, mul- ticast and non IP data flow, put forward the scheme of constructing the GRE over IPSec VPN based on NAT and then realized secure communication between two LANs unicast or multicast data. By running EIGRP interactive network routing information and use NAT technology, it can realize the internal LAN users access the Internet without VPN. Based on the proposed scheme, we render the network topology, carry out the simulation experiment based on GNS3, and verify the scheme is safety and can be implemented. The scheme proposed in this paper not only meet the need of secure communication between different LANs, but also meet the needs of internal LAN users access to the Internet.

关 键 词:IPSEC 虚拟专用网 GRE NAT 

分 类 号:TP391.9[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象