Zyxel OMNI ADSL LAN H [176/533] Ipsec nat

Ɋɭɤɨɜɨɞɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɞɥɹ ɦɚɪɲɪɭɬɢɡɚɬɨɪɨɜ ɫɟɪɢɢ OMNI ADSL LAN

15-6 Ɂɧɚɤɨɦɫɬɜɨ ɫ IPSec

15.4 IPSec ɢ NAT

Ɋɟɤɨɦɟɧɞɭɟɬɫɹ ɨɡɧɚɤɨɦɢɬɶɫɹ ɫ ɷɬɢɦ ɪɚɡɞɟɥɨɦ, ɟɫɥɢ ȼɵ ɩɨɥɶɡɭɟɬɟɫɶ IPSec ɧɚ ɯɨɫɬ-ɤɨɦɩɶɸɬɟɪɟ ɡɚ

ɭɫɬɪɨɣɫɬɜɨɦ OMNI ADSL.

NAT ɧɟɫɨɜɦɟɫɬɢɦɚ ɫ ɩɪɨɬɨɤɨɥɨɦ AH ɤɚɤ ɜ ɬɪɚɧɫɩɨɪɬɧɨɦ, ɬɚɤ ɢ ɜ ɬɭɧɧɟɥɶɧɨɦ ɪɟɠɢɦɟ. VPN,

ɩɨɞɞɟɪɠɢɜɚɸɳɚɹ IPSec ɢ ɢɫɩɨɥɶɡɭɸɳɚɹ ɩɪɨɬɨɤɨɥ AH, ɞɨɛɚɜɥɹɟɬ ɜ ɢɫɯɨɞɹɳɢɣ ɩɚɤɟɬ (ɜ ɩɨɥɹ ɞɚɧɧɵɯ

ɢ ɡɚɝɨɥɨɜɤɢ) ɡɧɚɱɟɧɢɟ ɯɷɲ-ɮɭɧɤɰɢɢ. ɉɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɩɪɨɬɨɤɨɥɚ AH ɫɨɞɟɪɠɚɧɢɟ ɩɚɤɟɬɚ (ɩɨɥɹ

ɞɚɧɧɵɯ) ɧɟ ɲɢɮɪɭɟɬɫɹ.

ɍɫɬɪɨɣɫɬɜɨ ɬɪɚɧɫɥɹɰɢɢ ɫɟɬɟɜɵɯ ɚɞɪɟɫɨɜ ɦɟɠɞɭ ɤɨɧɟɱɧɵɦɢ ɩɭɧɤɬɚɦɢ IPSec ɡɚɦɟɳɚɟɬ ɚɞɪɟɫ ɥɢɛɨ

ɢɫɬɨɱɧɢɤɚ, ɥɢɛɨ ɩɨɥɭɱɚɬɟɥɹ ɞɪɭɝɢɦ ɚɞɪɟɫɨɦ, ɜɵɛɢɪɚɸɳɢɦɫɹ ɫɚɦɢɦ ɭɫɬɪɨɣɫɬɜɨɦ. ɍɫɬɪɨɣɫɬɜɨ VPN

ɩɪɢɧɢɦɚɸɳɟɣ ɫɬɨɪɨɧɵ ɩɪɨɜɟɪɹɟɬ ɰɟɥɨɫɬɧɨɫɬɶ ɩɨɫɬɭɩɚɸɳɟɝɨ ɩɚɤɟɬɚ, ɜɵɱɢɫɥɹɹ ɫɨɛɫɬɜɟɧɧɨɟ ɡɧɚɱɟɧɢɟ

ɯɷɲ-ɮɭɧɤɰɢɢ, ɢ ɫɨɨɛɳɚɟɬ ɨ ɧɟɫɨɜɩɚɞɟɧɢɢ ɫɨ ɡɧɚɱɟɧɢɟɦ ɜ ɩɨɥɭɱɟɧɧɨɦ ɩɚɤɟɬɟ. Ɍɚɤ ɤɚɤ ɭɫɬɪɨɣɫɬɜɨ

VPN ɩɪɢɧɢɦɚɸɳɟɣ ɫɬɨɪɨɧɵ "ɧɟ ɡɧɚɟɬ" ɨ ɫɭɳɟɫɬɜɨɜɚɧɢɢ ɭɫɬɪɨɣɫɬɜɚ NAT ɧɚ ɩɭɬɢ ɩɚɤɟɬɚ, ɬɨ ɨɧɨ

ɛɭɞɟɬ ɫɱɢɬɚɬɶ ɷɬɨ ɭɦɵɲɥɟɧɧɵɦ ɢɡɦɟɧɟɧɢɟɦ ɞɚɧɧɵɯ.

IPSec, ɢɫɩɨɥɶɡɭɸɳɢɣ ESP ɜ ɬɭɧɧɟɥɶɧɨɦ ɪɟɠɢɦɟ, ɢɧɤɚɩɫɭɥɢɪɭɟɬ ɜɟɫɶ ɢɫɯɨɞɧɵɣ ɩɚɤɟɬ (ɜɤɥɸɱɚɹ

ɡɚɝɨɥɨɜɤɢ) ɜɧɨɜɵɣ IP-ɩɚɤɟɬ. Ⱥɞɪɟɫ ɢɫɬɨɱɧɢɤɚ ɜ ɧɨɜɨɦ ɩɚɤɟɬɟ - ɷɬɨ ɚɞɪɟɫ ɲɥɸɡɚ VPN ɧɚ

ɨɬɩɪɚɜɥɹɸɳɟɣ ɫɬɨɪɨɧɟ, ɚ ɚɞɪɟɫ ɧɚɡɧɚɱɟɧɢɹ - ɚɞɪɟɫ ɭɫɬɪɨɣɫɬɜɚ VPN ɧɚ ɩɪɢɧɢɦɚɸɳɟɣ ɫɬɨɪɨɧɟ. ɉɪɢ

ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɩɪɨɬɨɤɨɥɚ ESP ɫ ɚɭɬɟɧɬɢɮɢɤɚɰɢɟɣ ɲɢɮɪɭɟɬɫɹ ɜɫɟ ɫɨɞɟɪɠɢɦɨɟ ɩɚɤɟɬɚ (ɜ ɞɚɧɧɨɦ

ɫɥɭɱɚɟ ɜɟɫɶ ɩɟɪɜɨɧɚɱɚɥɶɧɵɣ ɩɚɤɟɬ ɰɟɥɢɤɨɦ). Ʉ ɡɚɲɢɮɪɨɜɚɧɧɨɦɭ ɫɨɞɟɪɠɚɧɢɸ (ɧɨɜɵɟ ɡɚɝɨɥɨɜɤɢ ɧɟ

ɲɢɮɪɭɸɬɫɹ) ɩɚɤɟɬɚ ɞɨɛɚɜɥɹɟɬɫɹ ɡɧɚɱɟɧɢɟ ɯɷɲ-ɮɭɧɤɰɢɢ.

ɉɪɨɬɨɤɨɥ ESP ɜ ɬɭɧɧɟɥɶɧɨɦ ɪɟɠɢɦɟ ɫ ɚɭɬɟɧɬɢɮɢɤɚɰɢɟɣ ɫɨɜɦɟɫɬɢɦ ɫ NAT, ɬɚɤ ɤɚɤ ɩɪɨɜɟɪɤɚ

ɰɟɥɨɫɬɧɨɫɬɢ ɨɫɭɳɟɫɬɜɥɹɟɬɫɹ ɩɨɜɟɪɯ ɤɨɦɛɢɧɚɰɢɢ "ɢɫɯɨɞɧɵɣ ɡɚɝɨɥɨɜɨɤ ɩɥɸɫ ɢɫɯɨɞɧɵɟ ɞɚɧɧɵɟ", ɜ

ɤɨɬɨɪɭɸ ɭɫɬɪɨɣɫɬɜɨɦ NAT ɧɟ ɜɧɨɫɹɬɫɹ ɢɡɦɟɧɟɧɢɹ. Ɍɪɚɧɫɩɨɪɬɧɵɣ ɪɟɠɢɦ ESP ɫ ɚɭɬɟɧɬɢɮɢɤɚɰɢɟɣ

ɧɟɫɨɜɦɟɫɬɢɦ ɫ NAT.

Ɍɚɛɥ. 15-1 VPN ɢ NAT

ɉɊɈɌɈɄɈɅ

ȻȿɁɈɉȺɋɇɈɋɌɂ

ɊȿɀɂɆ NAT

AH Ɍɪɚɧɫɩɨɪ

ɬɧɵɣ

AH Ɍɭɧɧɟɥɶɧ

ɵɣ

ESP Ɍɪɚɧɫɩɨɪ

ɬɧɵɣ

ESP Ɍɭɧɧɟɥɶɧ

ɵɣ