计算机工程与应用 ›› 2009, Vol. 45 ›› Issue (3): 106-108.DOI: 10.3778/j.issn.1002-8331.2009.03.031

• 网络、通信、安全 • 上一篇    下一篇

带冗余策略的分布式IPSec网关配置

唐 屹1,张连宽2   

  1. 1.广州大学 数学与信息科学学院,广州 510006
    2.华南农业大学 数学系,广州 510642
  • 收稿日期:2008-01-04 修回日期:2008-04-02 出版日期:2009-01-21 发布日期:2009-01-21
  • 通讯作者: 唐 屹

Distributed configuring IPSec gateways with redundant policies

TANG Yi1,ZHANG Lian-kuan2   

  1. 1.Department of Information Sciences,Guangzhou University,Guangzhou 510006,China
    2.Department of Mathematics,South China Agricultural University,Guangzhou 510642,China
  • Received:2008-01-04 Revised:2008-04-02 Online:2009-01-21 Published:2009-01-21
  • Contact: TANG Yi

摘要: IPSec协议的一种实现模式是采用IPSec网关间隔各个网络段,通过网关的策略配置,满足安全通信需求。然而,策略交叉会导致破坏安全需求的信息回流,拆分策略是避免信息回流的有效方法,但拆分过细,会引发额外的密码计算。提出一种带冗余策略的IPSec网关的分布式配置方法,在自动分布式生成无冲突的IPSec策略集基础上,引入冗余策略以减少IPSec网关的密码计算负荷。模拟实验验证了这种方法的可行性。

关键词: IPSec协议, 安全策略, 分布式配置, 冗余策略

Abstract: An application scenario for IPSec is to partition a network by IPSec gateways.The security requirements are implemented by IPSec policies between gateways.The overlapping tunnels may lead network traffic looping and introduce policy conflicts.It needs policy cuts to avoid those conflicts.However the too fine policies may lead many cryptology computations.In this paper,a distributed gateway configuring method with redundant policy,named DistIPSecR is proposed,to reduce the time-cost computation.We have conducted simulated experiments to validate the proposed method.

Key words: IPSec protocol, security policy, distributed configuring, redundant policy