某集团的VPN网络方案设计与分析

分类号：TP393.1UDC：D10621-408-(2010)2113-0密级：公开编号：2006121100某集团的VPN网络方案设计与分析论文作者姓名：项洋申请学位专业：网络工程申请学位类别：工学学士指导教师姓名（职称）：秦智（讲师）论文提交日期：2010年6月7日某集团的VPN网络方案设计与分析摘要先进的网络系统对于企业加强管理、提高工作效率和增加市场竞争力是至关重要的。企业网络采用的技术必须先进、成熟、稳定、可靠的网络系统，同时，对于身处异地的分支机构或者分公司，办事处，或者在外出差的企业员工，需要为其提供高效，实时的内网访问，保证相关业务的准确高效，同时，在远距离传输过程中要保证数据不被窃听和篡改。从整体上说，对于企业远程接入的设计不仅仅只是购买相应的VPN设备或者做相应的配置，还需要掌握企业针对远程接入的需求以及VPN设计的原则，从企业的实际需求出发，针对现今各种流行的VPN技术进行了分析比较，从原理到结构都做了详细的分析，再结合集团的实际需求，最后选出了适合企业的3种VPN部署方式，最后通过实验模拟，得出了VPN的实际效用。关键词：远程接入；通用路由封装；安全负载封装；多标签交换协议AnalysisandDesignofaGroupVPNAbstractTheadvancednetworksystemstrengthensthemanagement,theenhancementworkingefficiencyregardingtheenterpriseandincreasesthemarketcompetitivenessisveryimportant.Theenterprisenetworkusesthetechnologymustadvanced,mature,stable,thereliablenetworksystem,simultaneously,regardingplacesthedifferentplacetheBranchofficeorthesubsidiarycompany,theoffice,orenterprisestaffwhotravelsonofficialbusinessinoutside,needstoprovidehighlyeffective,thereal-timeinnetvisitforit,guaranteedthatrelatedserviceaccuratehighlyeffective,simultaneously,inthelong-distancetransmissionprocessmustguaranteethatthedataisnotinterceptedandthedistortion.Overallspeaking,notonlyisthepurchasecorrespondingVPNequipmentormakesthecorrespondingdispositionregardingtheenterpriselong-distanceturningondesign,butalsoneedstograsptheenterpriseinviewofthelong-distanceturningondemandaswellastheVPNdesignprinciple,embarksfromenterprise'sphysicaldemand,hascarriedontheanalysiscomparisoninviewofthenowadayseachkindofpopularVPNtechnology,tothearchitecturehasmadethedetailedanalysiscomparisonfromtheprincipletodatapacket'sseal,finallyselectedhassuitedenterprise's3VPNdeploymentway,finallythroughthetestsimulation,hasobtainedtheVPNactualutility.Keywords：RemoteAccess;GRE;IPSEC;MPLS目录论文总页数：43页1引言......................................................................12集团介绍...................................................................12.1集团背景介绍..........................................................12.2集团远程接入需求.......................................................13集团VPN建设需求...........................................................24集团现有网络现状描述.......................................................24.1集团出口网络描述.......................................................24.2集团网络资源描述.......................................................35VPN方案比较分析...........................................................35.1VPN综述...............................................................35.2VPN分类介绍...........................................................45.2.1第一类：按照功能位置..............................................45.2.2AccessVPN、IntranetVPN、ExtranetVPN............................55.2.3三层VPN、二层VPN................................................55.2.4按组网模型........................................................65.3常用VPN分析..........................................................75.3.1L2TPVPN..........................................................75.3.2GREVPN..........................................................115.3.3IPSECVPN........................................................135.3.4SSLVPN..........................................................175.3.5MPLSVPN.........................................................226适合集团的VPN网络构建....................................................266.1集团VPN技术选择......................................................266.2集团分公司以及分支机构重要业务分布....................................276.3集团VPN设计选择......................................................277组建集团VPN网络..........................................................287.1集团VPN总体设计......................................................287.2IPSECVPN建设........................................................287.2.1集团IPSECVPN部署...............................................287.2.2IPSECVPN基本配置................................................297.2.3IPSECVPN验证与测试.............................................307.3SSLVPN建设..........................................................327.3.1SSLVPN部署.....................................................327.3.2SSLVPN基本配置..................................................337.3.3SSLVPN验证方法.................................................357.4MPLSVPN建设.........................................................357.4.1现今MPLS承载网介绍..............................................357.4.2MPLS部署........................................................367.4.3MPLSVPN的配置...................................................367.4.4MPLSVPN验证.....................................................398VPN管理与维护............................................................398.1IPSECVPN的管理与维护................................................398.2SSLVPN的管理与维护..................................................408.3MPLSVPN的管理与维护.................................................40结论....................................................................40参考文献....................................................................41致谢....................................................................42声明..