中文摘要：

IPSec是一个策略驱动的安全机制，只有当安全策略被正确定义和配置时才能保证IPSec的功能被正确执行。如何正确地生成IPSec策略并避免策略冲突，在实际应用中依然存在复杂性。在讨论了IPSec策略配置过程中可能出现的冲突及相应的解决方法之后，给出了一个自动生成零冲突IPSec策略的算法，并与文献中的其他方法进行了比较。

英文摘要：

IPSec is a typical policy-enabled network serivce,it will function correctly only if security policies are correctly specified and configured.However,it is a tough issue how to generate policies correctly. After analyzing the possible policy conflicts,the author proposed an algorithm to automatically generate conflict--free policies which satisfy all requirements.We also compared the results of simulation with other approaches and show that it outperforms existing approaches in the literature.