LUOYANG NORMAL UNIVERSITY
2013届本科毕业设计
黛蓝公司VPN网络方案设计与分析
院(系)名称 专 业 名 称 学学指
导
教生
姓
名 号 师
信息技术学院 网络工程 XXX 091124030
讲师 2013年4月
完 成 时 间
黛蓝公司VPN网络方案设计与分析
摘要
先进的网络系统对于企业加强管理、提高工作效率和增加市场竞争力是至关重要的。企业网络采用的技术必须先进、成熟、稳定、可靠的网络系统。同时,对于身处异地的分支机构或者分公司、办事处,或者在外出差的公司员工,需要为其提供高效、实时的内网访问,保证相关业务的准确高效。并且在远距离传输过程中要保证数据不被窃听和篡改。
本文具体分析了VPN技术的现状和发展趋势,介绍了VPN的产生、特征和优势。阐述了黛蓝公司及该公司VPN网络建设的需求,并对IPSec VPN,SSL VPN与MPLS VPN三种方案的进行了对比分析,给出了它们各自的适用场景。从公司的实际需求出发,针对现今各种流行的VPN技术进行了分析比较,结合实际应用背景给出两个解决方案,即基于IPSec VPN和SSL VPN在黛蓝公司中的部署方案,并详细地给出了它们的设计和实现方法。从原理到结构,从设置到最后的维护都做了详细的分析。最后通过实验模拟,得出了VPN的实际效用。
关键词:VPN;安全负载封装;安全套接层;多标签交换协议
I
洛阳师范学院2013届本科生毕业设计
Abstract
The advanced network system strengthens the management, the enhancement working efficiency regarding the enterprise and increases the market competitiveness is very important. The enterprise network uses the technology must advanced, mature, stable, the reliable network system, simultaneously, regarding places the different place the Branch office or the subsidiary company, the office, or enterprise staff who travels on official business in outside, needs to provide highly effective, the real-time in net visit for it, guaranteed that related service accurate highly effective, simultaneously, in the long-distance transmission process must guarantee that the data is not intercepted and the distortion.
This article analyzes the present situation and development tendency of VPN technology, this article introduces the generation of VPN, features and advantages. Elaborated the cross each company and the company VPN network construction requirements, and the IPSec VPN and SSL VPN and MPLS VPN has carried on the comparative analysis of three kinds of the programmes, given their respective applicable scenario. Starting from the company's actual demand, according to the current popular VPN technology has carried on the analysis and comparison, combined with practical application background gives two solutions, based on IPSec VPN and SSL VPN deployment plan in cross each company, and design and implementation of the method are given in detail. From the principle to the structure, from set up until the last maintenance have made detailed analysis. Finally through simulation experiments, it is concluded that the actual effectiveness of the VPN.
Keywords: VPN ; IPSEC;SSL;MPLS
II
黛蓝公司VPN网络方案设计与分析
目 录
第1章 绪论 ........................................................ 1
1.1研究背景 .................................................... 1 1.2 技术发展现状 ................................................ 1 第 2 章 黛蓝公司介绍 ............................................... 4
2.1 公司背景介绍 ................................................ 4 2.2 公司远程接入需求 ............................................ 4 第3章 黛蓝公司VPN建设需求 ........................................ 5 第4章 VPN方案比较分析 ............................................. 7
4.1 VPN综述 .................................................... 7
4.1.1 VPN的概念 ............................................. 7 4.1.2 VPN的特征 ............................................ 7 4.1.3 VPN的优势 ............................................ 7 4.2 VPN分类介绍 ................................................ 8
4.2.1 按VPN的业务类型划分 .................................. 8 4.2.2 按VPN的实现技术划分 ................................. 11
4.2.2.1 IPSEC VPN的种类: .............................. 11 4.2.2.2 IPSEC 概述 ...................................... 11 4.2.2.3 IPSEC框架结构 .................................. 13 4.2.2.4 IPSEC 封装模式 .................................. 14 4.2.2.5 Internet Key Exchange ........................... 14 4.2.3 SSL VPN .............................................. 16
4.2.3.1 SSL VPN 概述 .................................... 16 4.2.3.2 SSL VPN原理 .................................... 17 4.2.3.3 SSL VPN优势 .................................... 17 4.2.4 MPLS VPN ............................................. 19
4.2.4.1 MPLS 概述 ....................................... 19 4.2.4.2 MPLS 原理 ....................................... 20 4.2.4.3 MPLS VPN优势 ................................... 21
第5章 适合公司的VPN网络构建 .................................... 23
5.1 公司VPN技术选择 ........................................... 23 5.2 公司VPN设计选择 ........................................... 24
III
洛阳师范学院2013届本科生毕业设计
第6章 组建公司VPN网络 ........................................... 25
6.1 公司VPN总体设计 ........................................... 25 6.2 IPSEC VPN建设 ............................................. 25
6.2.1 集团IPSEC VPN部署 ................................... 25 6.2.2 IPSEC VPN基本配置 .................................... 26 6.3 SSL VPN建设 ............................................... 30
6.3.1 SSL VPN部署 .......................................... 30
6.3.2 SSL VPN基本配置 ...................................... 31 第7章 VPN管理与维护 .............................................. 34
7.1 IPSEC VPN 的管理与维护 ..................................... 34 7.2 SSL VPN的管理与维护 ....................................... 34 第8章 工作总结和展望 ............................................. 35 参考文献 .......................................................... 36 致 谢 ............................................................ 37
IV