The Research And Implement Of ACL Packet Filtering Method Based On IPSec Scene

IPSec(Internet Protocol Security) is a VPN(Virtual Private Network) technology which is closely linked to people’s life, by designing a virtual line through public network, it built a virtual private network, tansport encryption data and improve network security. However due to the complexity of network security, the transmission of data is vulnerable to the attacks of the outside world which is included of network address translation(NAT) and gateway proxy devices and so on, so it appears a lot kinds of faults in actual IPSec scene. In order to locate and analyze the IPSec tunnel faults accuratly, the ACL(access control list) packet filtering method based on IPSec scene is proposed in this paper, it also means configurating ACL for the network devices of the IPSec scene.Based on the TCP/IP protocol and the ACL packet filtering, the thesis designed IPSec tunnel subsystem and ACL packet filtering subsystem.The method used Cisco packet tracer experiment platform for simulating. First of all, it build the network architecture from client-site to server-site, the wireless terminals are connected to the Router1 through thin AP(access point), Router1 is linked to the Router2 through IPSec tunnel, Router2 joint to the core switch which is connected by the server and Internet; Secondly, it configurated the IOS software which includs the IPSec configuration and the ACL configuration, the IPSec part configureated the ISAKMP(Internet security association and key management protocol) and IPSec stage of the IKE(Internet key exchange) policy, realized the tunnel establishment and the data encryption transmission, respectively, the ACL part was in charge of the access control list configuration between two routers, realized the restrictions of the encrypted data flow; Finally, it recorded and analyzed the experiment results under the IOS and DOS environment of the client-site and server-site.After analyzing the experiment results, it shows that the encrypted data flow in the IPSec tennel was restricted after configurating the ACL, the access permission between client-site and server-site was also changed. According to the information in the IPSec tunnel, the faults location was more accurate. In a word, compared with the general IPSec failure analysis method, the ACL packet filtering based on IPSec scene had a certain advantage, it was not only convenient to write, strong to aim at, safe to use, but also had high work efficiency.