【導(dǎo)讀】絡(luò)的安全的穩(wěn)定的通道。通過對網(wǎng)絡(luò)數(shù)據(jù)的封包和加密傳輸，在因特網(wǎng)。通常VPN是對企業(yè)內(nèi)部網(wǎng)絡(luò)的擴(kuò)展，通過它。立可信的安全連接，并保證數(shù)據(jù)的安全傳輸。VPN可用于不斷增長的。安全外聯(lián)網(wǎng)虛擬專用網(wǎng)。本文首先介紹了VPN的定義和研究影響。后介紹了關(guān)鍵技術(shù)實(shí)現(xiàn)的VPN包括隧道技術(shù)，其主要的安全協(xié)議，絡(luò)提供理論依據(jù)。

　　

【正文】 R1 和 R4 的基本參數(shù)，并配置一條默認(rèn)路由指向公網(wǎng) 圖 55 對 R1 的配置 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 42 圖 56 對 R4 的配置 . 配置 GRE 隧道，并啟用 EIGRP 路由協(xié)議 1) 在 R1 和 R4 上配置 tunnel 1，并啟用 EIGRP 路由協(xié)議。注意：只宣告內(nèi)網(wǎng)網(wǎng)段和 tunnel 隧道的網(wǎng)段。 圖 57 R1 上隧道 1 的建立 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 43 圖 58 R4 上隧道 1 的建立 2) 使用 show ip route 查看內(nèi)網(wǎng)之間學(xué)習(xí)的 EIGRP 路由條目（ EIGRP 的路由條目以 D 顯示） 圖 59 R4 上路由顯示 . 配置 IPSec，并將其應(yīng)用到 GRE 隧道上 1) 在 R1 和 R4 上分別配置 IPSec VPN，并應(yīng)用 Crypto MAP 到GRE 隧道上（ Tunnel 1）。 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 44 圖 510 R1 上對隧道 1 各協(xié)議的配置 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 45 圖 511 R4 上對隧道 1 各協(xié)議的配置 . 測試站點(diǎn)之間的連通性 下面是 ping 之前和 ping 之后加密的數(shù)據(jù) 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 46 圖 512 連通性測試 . 配置 NAT 實(shí)現(xiàn)網(wǎng)絡(luò)地址轉(zhuǎn)換 1) 在 R1 和 R4 上配置 NAT（ PAT），將私網(wǎng)地址全部轉(zhuǎn)換成路由出口公網(wǎng)的 IP 地址 圖 513 R1 上的 NAT 轉(zhuǎn)換 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 47 圖 514 R4 上的 NAT 轉(zhuǎn)換 2) 然后在 PC1 上分別 ping 私網(wǎng)的 IP 地址和公網(wǎng)的 IP 地址，可以發(fā)現(xiàn) ping 公網(wǎng)的 IP 地址都進(jìn)行了 NAT 地址轉(zhuǎn)換，而 ping 私網(wǎng)的IP 地址都經(jīng)過了隧道加密。 圖 515 連通成功顯示 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 48 致謝 隨著論文的完成，近四年的大學(xué)生活也即將宣告結(jié)束了。我將銘記曾經(jīng)直接或間接為本論文做出貢獻(xiàn)和給予我指導(dǎo)和支持的老師們。 在此，我首先向我的指導(dǎo)老師 —— ***老師，表示最衷心的感謝。我在做畢業(yè)設(shè)計(jì)的學(xué)習(xí)和設(shè)計(jì)過程中遇到了不少困難，老師總能給予我指導(dǎo)和建議。感謝老師的幫助，讓我能夠順利的完成我的畢業(yè)設(shè)計(jì)。 其次，感謝我同組倆位同學(xué) ***和 ***同學(xué)，在我學(xué)習(xí) VPN 的基礎(chǔ)知識和做實(shí)驗(yàn)過程中，給予我的幫助。我們相互學(xué)習(xí)，共同進(jìn)步。 最后，非常感謝網(wǎng)絡(luò)工程專業(yè)的所有老師四年來對我的辛勤培育和熱心關(guān)懷。感謝在一起學(xué)習(xí)一起生活的同學(xué)。 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 49 參考文獻(xiàn) [1]高海英，薛元星，辛陽 .VPN 技術(shù) .第一版 .北京 .機(jī)械工業(yè)出版社 . [2]Steven Brown 著 . 董小宇，魏鴻，馬潔譯 .構(gòu)建虛擬專用網(wǎng) .第一版 .北京 .人民郵電出版社 . [3]戴宗坤，唐三平 .VPN 與網(wǎng)絡(luò)安全 .第一版 .北京 .電子工業(yè)出版社 .2020. [4]邱亮，金悅 .ISA 配置與管理 .第一版 .北京 .清華大學(xué)出版社 .2020. [5]李思齊 .服務(wù)器配置全攻略 .第一版 .北京 .清華大學(xué)出版社 .2020. [6]王達(dá)等 .虛擬專用網(wǎng)（ VPN）精解 .北京 .清華大學(xué)出版社 .2020. [7]Carlton R. Davis 著 .周永彬，馮登國等譯 .IPSEC:VPN 的安全實(shí)施 .北京 .清華大學(xué)出版社 .2020 [8]科教工作室 .局域網(wǎng)組建與維護(hù) .第一版 .北京 .清華大學(xué)出版社 .2020. [9]李文俊等 .網(wǎng)絡(luò)硬件搭建與配置實(shí)踐 .第一版 .北京 .電子工業(yè)出版社 .2020. [10]李莉，童小林譯 .網(wǎng)絡(luò)互聯(lián)技術(shù)手冊 .第四版 .北京 .人民郵電出版社 .2020. [11] 高海英 ， VPN 技術(shù)， [M]， 機(jī)械工業(yè)出版社 ， 2020 [12]Yusuf Bhaiji， Network Security Technologies and Solutions， [M]， Cisco Press ， 2020 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 50 附錄 1 英文原文 A New Virtual Prevate Network for Today39。s Mobile World Karen Heyman Virtual private works were a critical technology for turning the Inter into an important business tool. Today’s VPNs establish secure connections between a remote user and a corporate or other work via the encryption of packets sent through the Inter, rather than an expensive private work. However, they traditionally have linked only a relatively few nodes that a pany’s IT department controls and congures. This is not adequate for the many anizations that now must let managers, employees, partners, suppliers, consultants, emerce customers, and others access works from their own PCs, laptops, publicly available puters like those at airport kiosks, and even mobile devices, many not controlled by the anization. VPNs based on Inter Protocol security (IPsec) technology were not designed for and are not wellsuited for such uses. Instead of restricting remote users who should not have access to many parts of a pany161。 work, explained Graham Titterington, principal analyst with marketresearch firm Ovum, IPsec [generally] connects users into a work and gives the same sort of access they would have if they were physically on the LAN.161。177。 Organizations are thus increasingly adopting VPNs based on Secure Sockets Layer technology from vendors such as Aventail, Cisco Systems, F5 Networks, Juniper Networks, and Nortel Networks. SSL VPNs enable relatively easy deployment, added Chris Silva, an analyst at Forrester Research, a marketresearchrm. A pany can install the VPN at its head quarters and push any necessary software to users, who then access the work via their 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 51 browsers, he explained. Organizations thus do not have to manage, update, or buy licenses for multiple clients, yielding lower costs, less maintenance and support, and greater simplicity than IPsec VPNs,Silva said. From a remoteaccess perspective, IPsec is turning into a legacy technology,161。177。 said Rich Campagna, Juniper161。 SSL VPN product manager Noheless, IPsec VPNs are still preferable for some uses, such as linking a remote, panycontrolled node, perhaps in a branch ofce, with the corporate work. Both VPN flavors are likely to continue to ourish, with the choice Published by the IEEE Computer Society An early attempt to create a VPN over the Inter used multiprotocol label switching, which adds labels to packets to designate their work path. In essence, all packets in a data set travel through designated tunnels to their destinations. However, MPLS VPNs don39。t encrypt data. IPsec and SSL VPNs, on the other hand, use encrypted packets with cryptographic keys exchanged between sender and receiver over the public Inter. Once encrypted, the data can take any route over the Inter to reach it39。s nal destination. There is no dedicated pathway. US Defense Department contractors began using this technique as far back as the late 1980s, according to Paul Hoffman, director of the VPN Consortium. Introducing IPsec Vendors initially used proprietary and other forms of encryption with their VPNs. However, to establish a standard way to create interoperable VPNs, many vendors moved to IPsec, which the Inter Engineering Task Force (IETF) adopted in 1998. With IPsec, a puter sends a request for data from a server through a gateway, acting essentially as a router, at the edge of its work. The gateway encrypts the data and sends it over the Inter. The receiving gateway queries the ining packets, authenticates 山東科技大學(xué)畢業(yè)設(shè)計(jì) (論文 ) 52 the sender39。s identity and designated workaccess level, and if everything checks out, admits and decrypts the information. Both the transmitter and receiver must support IPsec and share a public encryption key for authentication. December 2020 17 Firewal