Zyxel OMNI ADSL LAN H [171/533] Chapter 15 ipsec

Ɋɭɤɨɜɨɞɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɞɥɹ ɦɚɪɲɪɭɬɢɡɚɬɨɪɨɜ ɫɟɪɢɢ OMNI ADSL LAN

Ɂɧɚɤɨɦɫɬɜɨ ɫ IPSec 15-1

Chapter 15

Ɂɧɚɤɨɦɫɬɜɨ ɫ IPSec

ȼ ɞɚɧɧɨɣ ɝɥɚɜɟ ɫɨɞɟɪɠɚɬɫɹ ɨɫɧɨɜɧɵɟ ɫɜɟɞɟɧɢɹ ɨ ɪɚɛɨɬɟ ɩɪɨɬɨɤɨɥɚ IPSec ɜ ɜɢɪɬɭɚɥɶɧɵɯ

ɱɚɫɬɧɵɯ ɫɟɬɹɯ. ɋɨɞɟɪɠɚɧɢɟ ɞɚɧɧɨɣ ɱɚɫɬɢ ɨɬɧɨɫɢɬɫɹ ɤ ɦɨɞɟɥɹɦ OMNI ADSL LAN H/HW.

15.1 Ɉɩɢɫɚɧɢɟ ɜɢɪɬɭɚɥɶɧɵɯ ɱɚɫɬɧɵɯ ɫɟɬɟɣ (VPN)

VPN (Virtual Private Network - ȼɢɪɬɭɚɥɶɧɚɹ ɱɚɫɬɧɚɹ ɫɟɬɶ) ɨɛɟɫɩɟɱɢɜɚɟɬ ɛɟɡɨɩɚɫɧɭɸ ɩɟɪɟɞɚɱɭ ɞɚɧɧɵɯ

ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɛɟɡ ɡɚɬɪɚɬ ɧɚ ɜɵɞɟɥɟɧɧɵɟ ɥɢɧɢɢ "ɫɚɣɬ" - "ɫɚɣɬ". Ȼɟɡɨɩɚɫɧɚɹ ɱɚɫɬɧɚɹ ɜɢɪɬɭɚɥɶɧɚɹ ɫɟɬɶ

ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɫɨɜɨɤɭɩɧɨɫɬɶ ɬɟɯɧɨɥɨɝɢɣ/ɫɥɭɠɛ ɬɭɧɧɟɥɢɪɨɜɚɧɢɹ, ɲɢɮɪɨɜɚɧɢɹ, ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ,

ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ ɢ ɤɨɧɬɪɨɥɹ, ɢɫɩɨɥɶɡɭɟɦɵɯ ɞɥɹ ɩɟɪɟɞɚɱɢ ɬɪɚɮɢɤɚ ɱɟɪɟɡ ɂɧɬɟɪɧɟɬ ɢɥɢ ɞɪɭɝɢɟ

ɧɟɛɟɡɨɩɚɫɧɵɟ ɫɟɬɢ, ɢɫɩɨɥɶɡɭɸɳɢɟ ɞɥɹ ɤɨɦɦɭɧɢɤɚɰɢɣ ɫɬɟɤ ɩɪɨɬɨɤɨɥɨɜ TCP/IP.

15.1.1 IPSec (ɂɧɬɟɪɧɟɬ-ɩɪɨɬɨɤɨɥ ɛɟɡɨɩɚɫɧɨɣ ɩɟɪɟɞɚɱɢ ɞɚɧɧɵɯ)

ɂɧɬɟɪɧɟɬ-ɩɪɨɬɨɤɨɥ ɛɟɡɨɩɚɫɧɨɣ ɩɟɪɟɞɚɱɢ ɞɚɧɧɵɯ (IPSec) - ɨɫɧɨɜɚɧɧɚɹ ɧɚ ɫɬɚɧɞɚɪɬɚɯ ɪɟɚɥɢɡɚɰɢɹ VPN,

ɤɨɬɨɪɚɹ ɩɪɟɞɥɚɝɚɟɬ ɝɢɛɤɢɟ ɪɟɲɟɧɢɹ ɩɟɪɟɞɚɱɢ ɞɚɧɧɵɯ ɜ ɨɛɳɟɞɨɫɬɭɩɧɵɯ ɫɟɬɹɯ, ɬɚɤɢɯ ɤɚɤ ɂɧɬɟɪɧɟɬ.

IPSec ɫɨɱɟɬɚɟɬ ɜ ɫɟɛɟ ɫɬɚɧɞɚɪɬɢɡɨɜɚɧɧɵɟ ɫɪɟɞɫɬɜɚ ɲɢɮɪɨɜɚɧɢɹ ɞɚɧɧɵɯ, ɩɨɡɜɨɥɹɸɳɢɟ ɨɛɟɫɩɟɱɢɬɶ

ɤɨɧɮɢɞɟɧɰɢɚɥɶɧɨɫɬɶ, ɰɟɥɨɫɬɧɨɫɬɶ ɞɚɧɧɵɯ ɢ ɚɭɬɟɧɬɢɮɢɤɚɰɢɸ ɧɚ ɭɪɨɜɧɟ IP.

15.1.2 Ȼɟɡɨɩɚɫɧɨɟ ɫɨɟɞɢɧɟɧɢɟ

Security Association (SA - ɋɨɝɥɚɲɟɧɢɟ ɩɨ ɛɟɡɨɩɚɫɧɨɫɬɢ) - ɞɨɝɨɜɨɪ ɦɟɠɞɭ ɞɜɭɦɹ ɫɬɨɪɨɧɚɦɢ ɨ

ɩɚɪɚɦɟɬɪɚɯ ɡɚɳɢɬɵ, ɬɚɤɢɯ ɤɚɤ ɢɫɩɨɥɶɡɭɟɦɵɟ ɚɥɝɨɪɢɬɦɵ ɢ ɤɥɸɱɢ.

15.1.3 ɉɪɨɱɢɟ ɬɟɪɦɢɧɵ

¾ ɒɢɮɪɨɜɚɧɢɟ

ɒɢɮɪɨɜɚɧɢɟ - ɷɬɨ ɦɚɬɟɦɚɬɢɱɟɫɤɚɹ ɨɩɟɪɚɰɢɹ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ ɢɫɯɨɞɧɵɯ ɞɚɧɧɵɯ, ɨɬɤɪɵɬɵɯ ɞɥɹ

ɩɪɨɱɬɟɧɢɹ, ɜ ɤɨɞɢɪɨɜɚɧɧɵɣ (ɡɚɲɢɮɪɨɜɚɧɧɵɣ) ɫɩɨɦɨɳɶɸ "ɤɥɸɱɚ" ɧɚɛɨɪ ɞɚɧɧɵɯ. Ʉɥɸɱ ɢ

ɨɬɤɪɵɬɵɣ ɬɟɤɫɬ ɲɢɮɪɭɸɬɫɹ ɫ ɩɨɦɨɳɶɸ ɫɩɟɰɢɚɥɶɧɨɣ ɩɪɨɰɟɞɭɪɵ, ɜ ɪɟɡɭɥɶɬɚɬɟ ɱɟɝɨ ɞɚɧɧɵɟ

ɩɪɢɨɛɪɟɬɚɸɬ ɧɚɞɟɠɧɭɸ ɤɪɢɩɬɨɝɪɚɮɢɱɟɫɤɭɸ ɡɚɳɢɬɭ. Ⱦɟɲɢɮɪɨɜɚɧɢɟ - ɩɪɨɰɟɫɫ, ɨɛɪɚɬɧɵɣ

ɲɢɮɪɨɜɚɧɢɸ: ɷɬɨ ɦɚɬɟɦɚɬɢɱɟɫɤɚɹ ɨɩɟɪɚɰɢɹ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ ɡɚɲɢɮɪɨɜɚɧɧɨɝɨ ɬɟɤɫɬɚ ɜ ɨɬɤɪɵɬɵɣ.

Ⱦɥɹ ɞɟɲɢɮɪɨɜɚɧɢɹ ɬɚɤɠɟ ɬɪɟɛɭɟɬɫɹ ɤɥɸɱ.