Abstract: A group policy based automatic management model for virtual private network (VPN) is proposed. Differnet from the current device-centered management method, this model splits the management view into parallel hierarchy and builds its securiy policy on resource group. With the centralized policy server, the procedures for policy translating, distributing and monitoring are automatically accomplished and the VPN devices are managed in a united manner. This model can be easily implemented and extended, and is supposed to hasve promising perspective.