| 摘要 |
Providing end-to-end security poses many challenges to security solutions. In Internet Security (IPsec), securing data locally and remotely, as well as reducing the number of security associations and polices needed to secure that data are such challenges. The provided method and apparatus answer these challenges by i) decrypting an encrypted packet according to a first policy, ii) establishing a local secure connection to an end node on a local network according to a second security policy in an event a source and a destination of the packet belong to a same security group, and the destination of the packet is on the local network, and iii) establishing a remote secure connection to a remote network according to a third security policy in an event the source and the destination of the packet belong to a same security group, and the destination of the packet is the remote network. |
