IPSec VPN System Design And Implementation Based On PKI And GRE

In order to protect data in the public network to transport reliably, this paper This paper describes the IPSec (Internet Protocol Security) security architecture, and it basic idea is to build their own virtual private network with authentication, access control, data encryption, data integrity protection and other measures through the public network.This paper describes the VPN (Virtual Private Network) of the definition, advantages and classification. The associated IPSec and VPN to protect data transmitted VPN security. This article focuses on the analysis of the IPSec architecture, functional components, work and simple introduction of the IPSec algorithms.Based on the IPSec algorithms and the ECC (Elliptic Curve Cryptosystems) algorithm, to research the analysis of ECC encryption and decryption process, starting from the existing IKE (Internet Key Exchange) protocol, the authentication Diffie-Hellman key agreement algorithm improved by ECC. When using digital certificate authentication, digital certificates using ECC algorithm to improve it, ECC generates a digital signature and digital signature verification process. Comparison of ECC advantages with other public key encryption algorithm.After this brief introduction to the PKI (Public-Key Infrastructure) of the composition and authentication, IPSec networking solutions to improve the use of PKI, PKI was introduced in the IKE implementation and management of certificates, verification of identity certificate is to explain the improvement PKI solution for IPSec VPN and advantages.IPSec tunnels do not support multicast or broadcast packet encryption, this paper use GRE (Generic Routing Encapsulation) to improve IPSec, used to carry multicast and routing protocols to address the growing network size.Finally, simulation platform built using dynamips, SecureCRT as a configuration tool, system environment to complete the deployment, installation, implementation GRE over IPSec configuration to achieve a better understanding of GRE over IPSec use in practice, and its connectivity with the state test analysis.