计算机工程 ›› 2008, Vol. 34 ›› Issue (18): 113-116.doi: 10.3969/j.issn.1000-3428.2008.18.040

• 网络与通信 • 上一篇    下一篇

IKEv2远程接入配置机制的改进与实现

徐家燕1,周晓东1,陆建德2   

  1. (1. 苏州大学计算机学院,苏州215006;2. 江苏省计算机信息处理技术重点实验室,苏州 215006)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-09-20 发布日期:2008-09-20

Improvement and Implementation of IKEv2 Remote Access Configuration Mechanism

XU Jia-yan1, ZHOU Xiao-dong1, LU Jian-de2   

  1. (1. School of Computer, Soochow University, Suzhou 215006; 2. Jiangsu Province Computer IT Key Lab, Suzhou 215006)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-09-20 Published:2008-09-20

摘要: 传统远程接入配置机制存在交互时间长、安全性不强、访问控制难、远程接入服务器负担重等缺陷。该文在最新的IKEv2的基础上,将CP载荷与DHCP机制有效结合,实现远程接入用户的自动配置。实验表明,该机制提高了远程接入效率和安全性,增加对用户身份的识别以及基于用户组的分配策略,为进一步的访问控制提供了便利。

关键词: IPSec协议, 远程接入, VPN网络, 配置机制, IKEv2协议

Abstract: Traditional remote access configuration mechanism has the following shortcomings: interactive time is long, security is not strong, access control is difficult, the burden of remote access server is heavy and so on. Basing on the newest IKEv2, this paper combines CP payload with DHCP mechanism and implements automatic configuration of remote access client. Experiment shows that the improved mechanism improves efficiency and security of remote access and makes advanced access control easier by adding to user identification and allocation strategy which is based on user group.

Key words: IPSec, remote access, VPN, configuration mechanism, IKEv2 protocol

中图分类号: