IPSec is a network security solution which is easily expanded and fullest. Because packets of information are encrypted by IPSec, the firewall is unable to read them through IP addresses and port numbers and other information.Contrapose flow and efficiency ect…, we propose a solution that allows IPSec and Firewall can work together to protect network security. In this system, the SPD(Security Policy Database) in IPSec is set and stored in Firewall(or Gateway), and the rest of IPSec(as AH, ESP ect.) is hosted and performed at the host. With this design, the Firewall manages focused security policy, it can control the flow of traffic to / from the internal network, and the host in accordance with the provisions of the firewall SPD achieved processing IPSec, ensure authentication and End-to-End encryption of IPSec, raise effectiveness of network access. |