【導讀】絡的安全的穩(wěn)定的通道。通過對網(wǎng)絡數(shù)據(jù)的封包和加密傳輸，在因特網(wǎng)。通常VPN是對企業(yè)內(nèi)部網(wǎng)絡的擴展，通過它。立可信的安全連接，并保證數(shù)據(jù)的安全傳輸。VPN可用于不斷增長的。安全外聯(lián)網(wǎng)虛擬專用網(wǎng)。本文首先介紹了VPN的定義和研究影響。后介紹了關鍵技術實現(xiàn)的VPN包括隧道技術，其主要的安全協(xié)議，絡提供理論依據(jù)。

　　

【正文】 R1 和 R4 的基本參數(shù)，并配置一條默認路由指向公網(wǎng) 圖 55 對 R1 的配置 山東科技大學畢業(yè)設計 (論文 ) 42 圖 56 對 R4 的配置 . 配置 GRE 隧道，并啟用 EIGRP 路由協(xié)議 1) 在 R1 和 R4 上配置 tunnel 1，并啟用 EIGRP 路由協(xié)議。注意：只宣告內(nèi)網(wǎng)網(wǎng)段和 tunnel 隧道的網(wǎng)段。 圖 57 R1 上隧道 1 的建立 山東科技大學畢業(yè)設計 (論文 ) 43 圖 58 R4 上隧道 1 的建立 2) 使用 show ip route 查看內(nèi)網(wǎng)之間學習的 EIGRP 路由條目（ EIGRP 的路由條目以 D 顯示） 圖 59 R4 上路由顯示 . 配置 IPSec，并將其應用到 GRE 隧道上 1) 在 R1 和 R4 上分別配置 IPSec VPN，并應用 Crypto MAP 到GRE 隧道上（ Tunnel 1）。 山東科技大學畢業(yè)設計 (論文 ) 44 圖 510 R1 上對隧道 1 各協(xié)議的配置 山東科技大學畢業(yè)設計 (論文 ) 45 圖 511 R4 上對隧道 1 各協(xié)議的配置 . 測試站點之間的連通性 下面是 ping 之前和 ping 之后加密的數(shù)據(jù) 山東科技大學畢業(yè)設計 (論文 ) 46 圖 512 連通性測試 . 配置 NAT 實現(xiàn)網(wǎng)絡地址轉(zhuǎn)換 1) 在 R1 和 R4 上配置 NAT（ PAT），將私網(wǎng)地址全部轉(zhuǎn)換成路由出口公網(wǎng)的 IP 地址 圖 513 R1 上的 NAT 轉(zhuǎn)換 山東科技大學畢業(yè)設計 (論文 ) 47 圖 514 R4 上的 NAT 轉(zhuǎn)換 2) 然后在 PC1 上分別 ping 私網(wǎng)的 IP 地址和公網(wǎng)的 IP 地址，可以發(fā)現(xiàn) ping 公網(wǎng)的 IP 地址都進行了 NAT 地址轉(zhuǎn)換，而 ping 私網(wǎng)的IP 地址都經(jīng)過了隧道加密。 圖 515 連通成功顯示 山東科技大學畢業(yè)設計 (論文 ) 48 致謝 隨著論文的完成，近四年的大學生活也即將宣告結束了。我將銘記曾經(jīng)直接或間接為本論文做出貢獻和給予我指導和支持的老師們。 在此，我首先向我的指導老師 —— ***老師，表示最衷心的感謝。我在做畢業(yè)設計的學習和設計過程中遇到了不少困難，老師總能給予我指導和建議。感謝老師的幫助，讓我能夠順利的完成我的畢業(yè)設計。 其次，感謝我同組倆位同學 ***和 ***同學，在我學習 VPN 的基礎知識和做實驗過程中，給予我的幫助。我們相互學習，共同進步。 最后，非常感謝網(wǎng)絡工程專業(yè)的所有老師四年來對我的辛勤培育和熱心關懷。感謝在一起學習一起生活的同學。 山東科技大學畢業(yè)設計 (論文 ) 49 參考文獻 [1]高海英，薛元星，辛陽 .VPN 技術 .第一版 .北京 .機械工業(yè)出版社 . [2]Steven Brown 著 . 董小宇，魏鴻，馬潔譯 .構建虛擬專用網(wǎng) .第一版 .北京 .人民郵電出版社 . [3]戴宗坤，唐三平 .VPN 與網(wǎng)絡安全 .第一版 .北京 .電子工業(yè)出版社 .2020. [4]邱亮，金悅 .ISA 配置與管理 .第一版 .北京 .清華大學出版社 .2020. [5]李思齊 .服務器配置全攻略 .第一版 .北京 .清華大學出版社 .2020. [6]王達等 .虛擬專用網(wǎng)（ VPN）精解 .北京 .清華大學出版社 .2020. [7]Carlton R. Davis 著 .周永彬，馮登國等譯 .IPSEC:VPN 的安全實施 .北京 .清華大學出版社 .2020 [8]科教工作室 .局域網(wǎng)組建與維護 .第一版 .北京 .清華大學出版社 .2020. [9]李文俊等 .網(wǎng)絡硬件搭建與配置實踐 .第一版 .北京 .電子工業(yè)出版社 .2020. [10]李莉，童小林譯 .網(wǎng)絡互聯(lián)技術手冊 .第四版 .北京 .人民郵電出版社 .2020. [11] 高海英 ， VPN 技術， [M]， 機械工業(yè)出版社 ， 2020 [12]Yusuf Bhaiji， Network Security Technologies and Solutions， [M]， Cisco Press ， 2020 山東科技大學畢業(yè)設計 (論文 ) 50 附錄 1 英文原文 A New Virtual Prevate Network for Today39。s Mobile World Karen Heyman Virtual private works were a critical technology for turning the Inter into an important business tool. Today’s VPNs establish secure connections between a remote user and a corporate or other work via the encryption of packets sent through the Inter, rather than an expensive private work. However, they traditionally have linked only a relatively few nodes that a pany’s IT department controls and congures. This is not adequate for the many anizations that now must let managers, employees, partners, suppliers, consultants, emerce customers, and others access works from their own PCs, laptops, publicly available puters like those at airport kiosks, and even mobile devices, many not controlled by the anization. VPNs based on Inter Protocol security (IPsec) technology were not designed for and are not wellsuited for such uses. Instead of restricting remote users who should not have access to many parts of a pany161。 work, explained Graham Titterington, principal analyst with marketresearch firm Ovum, IPsec [generally] connects users into a work and gives the same sort of access they would have if they were physically on the LAN.161。177。 Organizations are thus increasingly adopting VPNs based on Secure Sockets Layer technology from vendors such as Aventail, Cisco Systems, F5 Networks, Juniper Networks, and Nortel Networks. SSL VPNs enable relatively easy deployment, added Chris Silva, an analyst at Forrester Research, a marketresearchrm. A pany can install the VPN at its head quarters and push any necessary software to users, who then access the work via their 山東科技大學畢業(yè)設計 (論文 ) 51 browsers, he explained. Organizations thus do not have to manage, update, or buy licenses for multiple clients, yielding lower costs, less maintenance and support, and greater simplicity than IPsec VPNs,Silva said. From a remoteaccess perspective, IPsec is turning into a legacy technology,161。177。 said Rich Campagna, Juniper161。 SSL VPN product manager Noheless, IPsec VPNs are still preferable for some uses, such as linking a remote, panycontrolled node, perhaps in a branch ofce, with the corporate work. Both VPN flavors are likely to continue to ourish, with the choice Published by the IEEE Computer Society An early attempt to create a VPN over the Inter used multiprotocol label switching, which adds labels to packets to designate their work path. In essence, all packets in a data set travel through designated tunnels to their destinations. However, MPLS VPNs don39。t encrypt data. IPsec and SSL VPNs, on the other hand, use encrypted packets with cryptographic keys exchanged between sender and receiver over the public Inter. Once encrypted, the data can take any route over the Inter to reach it39。s nal destination. There is no dedicated pathway. US Defense Department contractors began using this technique as far back as the late 1980s, according to Paul Hoffman, director of the VPN Consortium. Introducing IPsec Vendors initially used proprietary and other forms of encryption with their VPNs. However, to establish a standard way to create interoperable VPNs, many vendors moved to IPsec, which the Inter Engineering Task Force (IETF) adopted in 1998. With IPsec, a puter sends a request for data from a server through a gateway, acting essentially as a router, at the edge of its work. The gateway encrypts the data and sends it over the Inter. The receiving gateway queries the ining packets, authenticates 山東科技大學畢業(yè)設計 (論文 ) 52 the sender39。s identity and designated workaccess level, and if everything checks out, admits and decrypts the information. Both the transmitter and receiver must support IPsec and share a public encryption key for authentication. December 2020 17 Firewal