| 摘要 |
<p>Provided are a method and system for establishing an IPSec tunnel. The method comprises: an base station requesting a first configuration parameter from a configuration server, and requesting a digital certificate from a CA server according to the first configuration parameter which is responded by the configuration server; the base station establishing a temporary IPSec tunnel to a security gateway according to the acquired digital certificate, and requesting a second configuration parameter from a background network management unit through the temporary IPSec tunnel; and after acquiring the second configuration parameter, the base station dismantling the temporary IPSec tunnel, and establishing a permanent IPSec tunnel between itself and the security gateway according to the second configuration parameter. By adopting an IPSec tunnel which is automatically established between an base station and a security gateway based on a PKI authentication mode, the present invention solves the problem in the prior art that the self-discovery and automatic establishment of a secure communication link cannot be realized between an base station and a core network, thus realizing the automatic configuration of the base station, and ensures the security of data transmission between the base station and the core network.</p> |
