| The continuous increasing of mobile service put forward higher request for the mobile network security. In order to have mobile node' cybersurfing come true, we must build a sound network. Excellent performances of the mobile VPN technology meet mobile envirment need, and provide a safe information service system for users. The IPSec protocol is a network layer's technology for the mobile VPN. It is forced to use in the IPv6 protocol, so its importance is obvious. Through the IPSec protocol's encrypting and identifying the packets of IP layer, this protocol ensure the data-integrity checks, confidentiality security and identity authentication. IKE protocol is the core of IPSec protocol and it rules the IP packets'processing approach.At first, this paper introduces the fundamental principals of VPN protocol and IPSec protocol. IKE protocol including its components, pyload, exchange stage, exchange process and generation of all kinds of key information is seriously studied. Especially,it studies mainly the IKE SA consultation in its first stage of the main mode's pre-shared key. Because the IKE protocol make mobile network for pre-shared dynamic IP address to the user support is limited and it is insufficient in protection of the two sides' identification and authentication, this paper provides that:when a mobile node is connected to network system, that node should actively provide its node information to its core routers. Then the system relates the identification information to the pre-shared key PSK to complete the IKE SA consultation of security in mobile network. Finally, through geting IPSec SA and a virtual intranet IP complete the set of permission to access to enterprise resource.At last, after comparing the IKEv2 protocol to IKE protocol, this paper points out some extended functions. For instance, remote access acquisition, PKI, NAT traversal and so on. IKEv2 protocol's identification mode adopted pre-shared key and digital signature authentication. And IKEv2's three switch types and another Internet Key Exchange JFK are introduced simply. On the Linux platform, the paper adopted the strongswan software which supports the IKEv2 protocol to design a simulated experiment to confirm that using virtual IP address's Road Warrior can access the subnet resource. In this process, the problem to confirm whether the two sides in IKEv2 key negotiation really establish a connection has been improved. Although this improved scheme increases the negotiation time, it reduces the unnecessary waste of system resource, what's more, it enhances the support to mobile IP network. |
PDF Full Text Request