【摘要】 IPSec是为Internet通信提供安全服务的一组标准协议,它封装了传输层中的一些重要信息,而防火墙则需要访问报文中的信息进行控制处理。针对如何能够让IPSec和防火墙协同工作提出一种双层IPSec处理思想:将IP报文分为协议头和数据两部分,使用复合安全关联(Composite SA)对其进行安全处理,使IPSec和防火墙可以各取所需,从而给出上述问题的一个解决方案。该方案的优点在于安全主机与防火墙之间复合安全关联的协商灵活多变,与传统IPSec相比协议格式变化不大,传输效率较高。更多还原

【Abstract】 IPSec is a suite of standard protocols that provides security services for Internet communications,it encapsulates some important information of the transport layer of IP datagram,however,firewall requires the information above to process the access control work.About the problem of cooperation of IPSec and firewall,a technology of Double-Layer IPSec is(provi-)(ded),that is doing IPSec processes on protocol head and data in IP datagram separately,so we can solve the problem above.The advantage of our schema is the negotiation of Composite SA is variable between hosts and firewalls,changes of the format of IP datagram is very small and the transportation of imformation is efficient.更多还原