摘要： 以往安全网关的实现偏重于单一功能，且认证方式不够灵活。该文对最新IKEv2动态密钥协商机制进行研究和分析，结合EAP可扩展认证机制的优点，提出将EAP/SIM认证框架引入IKE认证体系的思路，给出实现方案，设计了基于EAP/SIM的增强型可扩展IKEv2系统。IKEv2-EAP系统以RADIUS为认证服务器实现AAA功能，使用新的IKEv2-EAP/SIM交互建立了安全的IPSec隧道，使VPN网关功能更趋灵活、强大及多样化。

关键词: EAP协议, SIM认证, IKEv2系统, RADIUS服务器, VPN网关

Abstract: Anciently, the implementation of security gateway only emphasizes on one side function and the authentication way is not flexible. This paper researches and analyzes deeply on latest IKEv2 protocol of dynamic key negotiation mechanism and combines the advantages of EAP, then gives a solution that introduces the EAP/SIM authentication framework into IKE authentication system and designs an enhanced extensible IKEv2 system based on EAP/SIM. IKEv2-EAP system takes RADIUS as the authentication server implementing AAA functions and employs up-to-date IKEv2-EAP/SIM interaction setting up the secure IPSec channels. This makes the function of VPN gateway more flexible, stronger and diversity.

Key words: EAP protocol, SIM authentication, IKEv2 system, RADIUS server, VPN gateway

中图分类号: 

• TP309