Users Accessing Control Technology Base On IPSec Protocol

Since its popularization, Internet has its characteristic as wide range, rapid speed, low costs and convenience uses etc. So it develops rapidly at government departments, corporations and enterprises in our country. But Internet still has its fateful shortage: less security. Then many users have to rent DDN to establish networks between different areas. In fact, the situation has wasted bandwidth resources, at the same time it has caused high percentage in costs. And now, the developing of VPN makes it possible to establish privately owned data networks in public network.VPN based on IPSec protocol only filter IP packet, so the function of authority controlling is rather weak, it only filter the IP address.But it is very important to control authority of application service program in VPN. And it is very essential to those enterprises that strongly rely on modern informations to manage authorities through upper and lower, across the same level in enterprises. Now the techenology problem of VPN is how to realize safety management in VPN.This thesis afford a way which can realize authorization controlling of network layer,transmission layer and up-protocol layer through establishing safety policy management system and UAD. And the way makes VPN gateway have the function of purview control of transmission layer and application layer. That is very effective of department's purview control in VPN, and can effectively avoid unlicensed accessing of legal user in VPN. Establish UAD of span protocol layer and share of purview resource is the Main technology instrument.This thesis use VPN gateway and UAD implement authentication of inner user and security transport of data flow for servers that require especially protect.Base on UAD, this thesis completes system analyzing and establishing of data structure, makes the detail design for the functions in the subsystem, and experiment and test the UAD control module, completely accord with expectant design.The thesis at last solves unlicensed accessing of legal user in VPN that maked by VPN security gateway.