| As the development of Internet, more strict security solution of network is required. As the important participants and users of Internet, corporations, universities and governments choose VPN to be their security solution. Since IETF designed IPSec protocol, it has been used to construct VPN system. Then, IPSec VPN began to be a key problem of security research. The IPSec VPN technology in exsit is analyzed first, then, some limitations are found, which are the compatibility of different network connected by VPN and problem of security policy management. The former is raised by the rapid development of IPv6 which lead to the transition of network protocol, while the later is based on the consistent and standardization of system management. This paper discusses how to add NAT into VPN system, by which we solve the problem, which occurs when the communication is between IPv4 and IPv6 network. In the main body of this paper, we discuss the influence to the work mode of IPSec VPN when the SPS is added into, and introduce the technology of security sever which is the kernel of SPS. By the precept based on class, we make the management of user, policy and subnetwork into a whole entity. After analyzing the chaos raised by relativity of policies, we develop the policy relativity algorithm, and prove it to be correct and effective by deducing and testing. As a result of adding the algorithm into SPS, the system gains the capability of deal with interrelated policies in more complicated network. |
PDF Full Text Request