One new solution of the key exchange introduced in this paper does improve the IKE protocol. This solution not only allows the remote mobile users security access to the intranet and get the intranet information on the premise of no reduction in security, but also extent the ways of IKE authentication,making it more efficient in negotiation and more controllable. Besides, the solution develops a corresponding mobile VPN access system which supports both dynamic distribution of intranet IP address and the extension of user identity authentication. Thus the access server can easily control and manage the intranet IP-based access.%对传统IKE协议进行了改进,改进后的协议在不降低安全性的前提下实现了移动用户远程安全接入,以便其获得内网信息;扩展了IKE的认证方式,使其具有更高的协商效率和更强的可控性;实现了相应的移动VPN接入系统,该系统既支持动态内网IP分配,又支持扩展用户身份认证,从而在接入服务器端可以方便地进行基于内网IP的访问控制管理.
展开▼