Design Of Embedded VPN Security Gateway Based On IPSec

The network is developping faster and faster, more and more people use it to communicate with each other and share resources. The open trait of network brings a lot of convenience, but there are still many security problems existing in the network.We design a VPN security gateway suitable for little enterprises to establish secure Intranet. At fist, we analyze some security problems existing in the network, then give some methods to resolve such problems. These methods include Firewall, IDS, VPN, IPSec encryption and authentication.We analyze what functions are needed for enterprise gateway, then we could supply different protection mechanism for different resources and environment. VPN technology is very popular now. It is established on the basis of Internet common establishment to protect communication security. VPN involves such technologies as tunnel; authentication; encryption and integrity. IPSec is a standard security protocol for implementing VPN technology. Its extrusive advantage is to supply authentication and encryption for IP packets. So we mainly choose to realize IPSec in VPN security gateway.An overall project design is given in the text on the basis of analyzing what is required for enterprise security. The implementation of VPN security gateway includes two aspects: hardware realization and software realization. What I do in the project is to design an VPN security gateway based on IPSec. So I give an IPSec VPN model in this part, and describe how the database is processed in this model. NAT technology is used widely in VPN gateway. But when IPSec and NAT work together, there will be some problems .I recommend two ways to solve these problems after I do some analysis.I choose IXDP425 development board as the hardware developing platform in hardware realizatioin part. IXDP425 is an evaluating board based on IXP425 network processor. IXP425 supports on-line processing over different kinds of data, It supplies many high speed Ethernet interfaces, so it can connect with intranet and extranet easily. On the other side It has a special engine for encrypting. So IXDP425 has great advantages of realizing security protocol and technology.The last part is about Linux transplant. The works include establishing environment of translating and editing; reducing and configuring kernel; making root file system.