| With the high-speed development,computer network is used in many ways,such as politics,economy,and coulture.Network is becoming an important part in our life. At the same time, the network security has been concerned more than before, network security is the major problems of an enterprise network applications is faced.It receives the unprecedented attention.IPv6 supports for IPSec mandatorily, implemented authentication, integrity and confidentiality based on the network layer. Firewall is used to protect the internal network, while IPSec is used to protect data transmission security on the network. It is more conducive to combine the two technologies to protect the data security across the network. However, there is a conflict in between. The firewall needs to access the information of message header and transport layer header ,and may be modified. But the entire packet including protocol header is encrypted or authenticated by IPSec, which affects the normal working of the firewall. In order to solve the conflict problem of IPSec and Firewall, this paper defines a port option in the hop-by-hop of the IPv6 extension header. The port option is used to record source port and destination port in the data packet, verify the information and create an Security Association.On the basis of the conclusion, the port information of the firewall can be filtered, it was ensured for the integrity of the port information.In this way,it achieves the cooperation between IPSec and firewall.In order to verify the feasibility of the strategy ,I build a IPv6 test platform, and achieve the main function of a firewall. Finally, the project is tested and analysised by functionality, performance, safety. |
PDF Full Text Request