【作者】 陈瀚；

【导师】 刘冠蓉；

【作者基本信息】 武汉理工大学 ， 计算机应用技术， 2004， 硕士

【摘要】 VPN(虚拟私有网络)是一种以开放公共网络(Internet)为基础，通过专门的隧道加密技术在公共数据网络上仿真一条点到点的专线技术。利用VPN技术，企业只需要租用本地的数据专线，连接上本地的公共信息网，各地的机构就可以互相传递信息。使用VPN有节约成本、提供远程访问、扩展性强、便于管理和实现全面控制等好处，是目前和今后企业利用Internet网构建企业的广域网络的发展趋势。 NAT技术是用来提高IP地址使用效率的好方法。同时NAT的另一个很有用的特性是能让多台计算机共用一个IP地址，从而增强了系统的安全性。现在人们可以经常在防火墙或者网关、路由器上看到应用了NAT技术。 但是很多的网络管理员在设法配置使用私有IP地址的VPN客户端和NAT的互连上遇到了很多的麻烦。其原因在于NAT破坏了VPN建立的隧道，VPN在建立通信隧道的时候对数据包的地址或求和的值进行了加密和解密的工作，而NAT改变了这个地址或求和值。造成VPN技术和NAT技术的不兼容。 本文在详细介绍了VPN产生和应用背景，VPN的技术基础，NAT技术基础之后，介绍了这两种技术的最新应用现状，并对两家著名公司的VPN和防火墙产品进行了技术分析。用构造模拟环境进行试验的方法分别测试两种技术之间的不兼容性，然后从理论上去解释不兼容的原理。在此基础之上，本文提出了自己的解决问题的方案，构造了一种新型的VPN网关，再加上巧妙和理地分配IP地址，有效解决了VPN和NAT的冲突，同时这种新型的VPN网关具有方便管理、配置灵活的特点。本文给出了VPN网关的总体设计和IPSec的实现。最后，本文分析了即将被使用的IPv6标准的技术影响，以及总结和对未来的展望。更多还原

【Abstract】 Virtual Private Network (VPN) is a network that uses the Internet or other network service as its backbone, and uses the security tunnel to simulate one exclusive line communication from point to point. In a VPN, so many filiales can connect each other if the enterprise rents the local connections to an Internet service provider (ISP) only. Using a virtual private network (VPN) to connect to enterprise networks has opened up a new world of flexible, cheaper, ease to manage etc.. The VPN will be adopted to build the enterprise WAN more and more in future.Network Address Translation was developed to make more efficient use of Internet Protocol (IP) addresses. NAT has subsequently gained popularity as a security mechanism and as a means of allowing many computers to share the same IP address. You may encounter NAT in many networking devices such as firewall/security gateways, routers.But many network administrators have tried to set up a virtual private network (VPN) client from a workstation with a private IP address only to find out much frustration with the network address translation (NAT) on the Internet router keeps the VPN client from making the connection. NAT can break the VPN tunnel. NAT changes the network IP address of a packet (and checksum values), whereas the tunneling, used by an IPSec or L2TP VPN gateway, encapsulates/encrypts the network IP address of a packet with another network IP address. This makes a trouble in compatible VPN with NAT.In this paper, I introduced the basic concept about the technology of VPN, NAT and the background, and introduced the application up to the minute, analysed the VPN and fireware products maded by the two famous companies. Tested the incompatible in VPN and NAT by building a virtual simulate circumstance, and found out the reason from theory. Based on that, I developed a new VPN gateway which is ease to manage and config to solve the incompatible VPN and NAT. I have discussed the design and IPSec in this paper. In the end, I analysed the infection of IPV6 standard and development in future.更多还原