CN104243465A - IPSEC implementation method and device based on WLAN - Google Patents
IPSEC implementation method and device based on WLAN Download PDFInfo
- Publication number
- CN104243465A CN104243465A CN201410456565.0A CN201410456565A CN104243465A CN 104243465 A CN104243465 A CN 104243465A CN 201410456565 A CN201410456565 A CN 201410456565A CN 104243465 A CN104243465 A CN 104243465A
- Authority
- CN
- China
- Prior art keywords
- security gateway
- ipsec
- wlan
- parameter
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network communication, in particular to an IPSEC implementation method and device based on a WLAN. The IPSEC implementation method and device based on the WLAN solve the problem of system breakdowns caused by security gateway failures. The method comprises the steps that the WLAN with the IPSEC function is configured with multiple security gateway configuration parameters; when the WLAN fails in establishing IPSEC connection with a first security gateway, the security gateway can automatically conduct updating on local configuration parameters based on the configuration parameters of a second security gateway and establish IPSEC connection with the corresponding second security gateway; the steps are repeated till establishment of IPSEC connection is successful. Therefore, continuation of service transmission can be effectively guaranteed, the reliability of the network is improved, network system breakdowns caused by security gateway failures are avoided, and the performance level of a whole network system is ensured.
Description
Technical field
The present invention relates to network communication technology field, particularly relate to implementation method and the device of a kind of IPSEC based on WLAN.
Background technology
Internet protocol safety (Internet Protocol Security, IPSEC) be a kind of mechanism guaranteeing IP layer communication security end to end designed by Internet Engineering Task group (Internet Engineering Task Force, IETF).For may be subjected in IP network communication process to eavesdrop, distort, IP spoofing, the attack such as repeating transmission; IPSEC agreement can provide transparent security service for IP network communications; protection TCP/IP communication exempts from eavesdropping and distorts; the integrality of protected data and confidentiality; effectively resist network attack, and keep ease for use simultaneously.
WLAN (wireless local area network) (Wireless Local Area Networks, WLAN) necessary component of network has been become, due to the opening of its transmission channel, it is easier than cable LAN under attack, on WLAN, therefore realizes IPSEC most important.At present, WLAN is upper can bearing multiple service, such as speech business, data service, video traffic etc.These different business modules can be integrated in WLAN, but they are but not quite similar for the requirement of user security, some service needed are virtual network forwarding data independently, some service needed IPSEC channel security forwarding datas, some business does not then need IPSEC escape way.In addition, based on these different user demands and combination thereof, different application strategy problems can also be caused.
In prior art, the existing solution research based on the wlan security of IPSEC, adopts IPSEC security protocol as the important application of wlan security technology, guarantees the confidentiality and integrity of data, be sent to security gateway with guaranteeing data security from WLAN.But, adopt current solution, once security gateway breaks down, connection between WLAN and security gateway just can be interrupted, relevant data send and data receiver just can be forced to interrupt, thus cause systemic breakdown, and then cause the performance of whole network system to reduce.
Summary of the invention
Technical problem solved by the invention is the implementation method and the device that provide a kind of IPSEC based on WLAN, in order to solve the problem causing systemic breakdown in prior art because of security gateway fault.
The concrete technical scheme that the embodiment of the present invention provides is as follows:
Based on an implementation method of the Internet Protocol Security IPSEC of WLAN (wireless local area network) WLAN, comprise the steps:
The first security gateway collocation parameter that WLAN adopts this locality to configure is set up IPSEC with the first security gateway and is connected;
When WLAN determines to connect failure with the first security gateway, obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter renewal;
WLAN adopts the second security gateway collocation parameter to set up IPSEC with the second security gateway to be connected.
Like this, in business data transmission process, once a certain security gateway breaks down, WLAN can select effective security gateway collocation parameter to set up IPSEC with the security gateway normally run to be connected voluntarily, thus not the interrupting of effective guarantee business transmission, improve the reliability of network, avoid the network system paralysis caused because of security gateway fault, ensure that the performance level of whole network system.
Preferably, the first security gateway collocation parameter that WLAN adopts this locality to configure is set up IPSEC with the first security gateway and is connected, and specifically comprises:
WLAN performs corresponding authentication mode according to described first security gateway collocation parameter;
WLAN is according to described first security gateway collocation optimum configurations gateway ip address, and configuration network outgoing interface;
WLAN sets up IPSEC in this locality with the first security gateway and is connected.
Preferably, WLAN performs corresponding authentication mode according to described first security gateway collocation parameter, comprising:
If WLAN is that the certification of Extensible Authentication Protocol and key assist (Extensible Authentication Protocol according to described first gateway configuration parameters determination authentication mode, Authentication and Key Agreement, eap_aka) authentication, then based on eap_aka authentication standard modification ipsec.conf file;
If WLAN is wildcard (Pre-shared Key, psk) authentication according to described first gateway configuration parameters determination authentication mode, then perform corresponding authorizing procedure based on psk authentication standard modification ipsec.conf part.
Preferably, WLAN determines to connect unsuccessfully with the first security gateway, obtains local second security gateway collocation parameter of preserving, carries out local configuration parameter renewal, comprising:
WLAN adopts the first security gateway collocation parameter to set up in the process of IPSEC connection, if settling time is overtime, or, the number of times setting up IPSEC connection reaches appointed threshold value, then determine to connect unsuccessfully with the first security gateway, and obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter renewal.
Preferably, after IPSEC Path Setup, when WLAN receives business datum, the type of service of described business datum is judged, when determining that described type of service meets the user demand of IPSEC passage, forward described business datum by IPSEC passage to the security gateway of correspondence.
Adopt the method that the present invention provides, the configurable multiple security gateway of IPSEC security gateway, when WLAN and the first security gateway set up IPSEC connection failure, WLAN automatic acquisition second security gateway collocation parameter set up IPSEC with the second security gateway and be connected, so until the success of IPSEC connection establishment immediately.Method establishment IPSEC provided by the invention is adopted to connect, not only ensure the safe and reliable of all kinds of business, the more important thing is, when security gateway breaks down, WLAN can connect with the second security gateway automatically, therefore effectively can avoid because security gateway interrupts the data transmission fails that causes, and avoid the systemic breakdown caused thus, effectively ensure the performance level of whole network system.
Based on an implement device of the Internet Protocol Security IPSEC of WLAN (wireless local area network) WLAN, comprising:
First communication unit, sets up IPSEC for adopting the first security gateway collocation parameter of local configuration with the first security gateway and is connected;
Dispensing unit, during for determining to connect failure with the first security gateway, obtaining local second security gateway collocation parameter of preserving, carrying out local configuration parameter renewal;
Second communication unit, sets up IPSEC for adopting the second security gateway collocation parameter with the second security gateway and is connected.
Preferably, adopt the first security gateway collocation parameter of local configuration and the first security gateway to set up IPSEC when being connected, the first communication unit specifically for:
Corresponding authentication mode is performed according to described first security gateway collocation parameter;
According to described first security gateway collocation optimum configurations gateway ip address, and configuration network outgoing interface;
Set up IPSEC in this locality with the first security gateway to be connected.
Preferably, when performing corresponding authentication mode according to described first security gateway collocation parameter, described first communication unit specifically for:
If be eap_aka authentication according to described first gateway configuration parameters determination authentication mode, then based on eap_aka authentication standard modification ipsec.conf file;
If be psk authentication according to described first gateway configuration parameters determination authentication mode, then perform corresponding authorizing procedure based on psk authentication standard modification ipsec.conf part.
Preferably, determine to connect unsuccessfully with the first security gateway, obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter when upgrading, described dispensing unit specifically for:
The first security gateway collocation parameter is adopted to set up in the process of IPSEC connection, if settling time is overtime, or, the number of times setting up IPSEC connection reaches appointed threshold value, then determine to connect unsuccessfully with the first security gateway, and obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter renewal.
Preferably, described second communication unit is further used for:
After IPSEC Path Setup, when receiving business datum, the type of service of described business datum being judged, when determining that described type of service meets the user demand of IPSEC passage, forwarding described business datum by IPSEC passage to the security gateway of correspondence.
Like this, in business data transmission process, once a certain security gateway breaks down, WLAN can select effective security gateway collocation parameter to set up IPSEC with the security gateway normally run to be connected voluntarily, thus not the interrupting of effective guarantee business transmission, improve the reliability of network, avoid the network system paralysis caused because of security gateway fault, ensure that the performance level of whole network system.
Accompanying drawing explanation
Fig. 1 is the implementation method schematic diagram of a kind of IPSEC based on WLAN;
Fig. 2 is the implementation method flow chart of a kind of IPSEC based on WLAN;
Fig. 3 is the implement device figure of a kind of IPSEC based on WLAN.
Embodiment
In order to solve the problem causing systemic breakdown in prior art because of security gateway fault, in the embodiment of the present invention, have on IPSEC function WLAN to be provided with to overlap security gateway collocation parameter more, when WLAN is based on when setting up IPSEC connection failure between the first security gateway collocation parameter and the first security gateway of correspondence, WLAN can adopt the second security gateway collocation parameter to carry out local configuration parameter renewal voluntarily, and after renewal, continue local with set up IPSEC between the second security gateway and be connected.
Below in conjunction with accompanying drawing, the preferred embodiment of the present invention is described in detail.
Consult shown in Fig. 1, in the embodiment of the present invention, the idiographic flow based on the implementation method of the IPSEC of WLAN is as follows:
The first security gateway collocation parameter that step 100:WLAN adopts this locality to configure is set up IPSEC with the first security gateway and is connected.
Specifically comprise:
WLAN performs corresponding authentication mode according to described first security gateway collocation parameter.
If WLAN is eap_aka authentication according to described first gateway configuration parameters determination authentication mode, then based on eap_aka authentication standard modification ipsec.conf file;
If WLAN is psk authentication according to described first gateway configuration parameters determination authentication mode, then perform corresponding authorizing procedure based on psk authentication standard modification ipsec.conf file.
WLAN is according to described first security gateway collocation optimum configurations gateway ip address, and configuration network outgoing interface.
WLAN sets up IPSEC in this locality with the first security gateway and is connected.
In the embodiment of the present invention, security gateway collocation parameter can comprise different kinds of parameters, such as, and security gateway title, security gateway address, security gateway interface type, security gateway type of message etc.
When step 110:WLAN determines to connect failure with the first security gateway, obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter renewal.
WLAN adopts the first security gateway collocation parameter to set up in the process of IPSEC connection, if settling time is overtime, or, the number of times setting up IPSEC connection reaches appointed threshold value, then determine to connect unsuccessfully with the first security gateway, and obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter renewal.
Step 120:WLAN adopts the second security gateway collocation parameter to set up IPSEC with the second security gateway to be connected.
Further, in the embodiment of the present invention, after IPSEC Path Setup, when WLAN receives business datum, the type of service of described business datum is judged, when determining that described type of service meets the user demand of IPSEC passage, forward described business datum by IPSEC passage to the security gateway of correspondence.
In fact, not all business all needs to use IPSEC passage forwarding data business.The smoothness of IPSEC passage is guaranteed in order to avoid IPSEC passage excess load, can distinguish the need of use IPSEC passage according to type of service, speech business can specify separate network outgoing interface to walk IPSEC passage, other business can assigned ip SEC passage, and other network outgoing interface also can be specified not walk IPSEC passage.Therefore, the different business on WLAN can be specified different passages and be selected different network outgoing interface to send, and like this, different business can be separate and can adopt different security strategies.
The switching flow of enforcement scene to security gateway that employing one is concrete is below made and being described in further detail.
Consult shown in Fig. 2, in the present embodiment, WLAN after the power-up, carries out IPSEC connection establishment, and the detailed process carrying out security gateway switching is as follows:
Step 201:WLAN creates two threads, and thread 1 is IPSEC parameter processing thread, and thread 2 is IPSEC state threads.
Step 202:WLAN can be detected in real time by thread 1, wait-receiving mode IPSEC configuration parameter.
Concrete, IPSEC configuration parameter derives from network management system or Operations, Administration and Maintenance (Operation, Administration and Maintenance, OAM) system, and IPSEC configuration parameter comprises: 1) authentication mode; 2) authentication code; 3) host identification number; 4) security gateway identification number; 5) heavy negotiation time; 6) the heavy proving time: 7) heavily consult switch; 8) re-authentication switch; 9) the first security gateway IP; 10) second security gateway IP; 11) the 3rd security gateway IP, supports 3 cover security gateway parameters at present, can support expansion.
Step 203:WLAN receives IPSEC configuration parameter by thread 1, judges authentication mode, if eap_aka authentication, then performs step 204; If psk authentication, then perform step 205.
Step 204: if eap_aka authentication, then WLAN requires amendment ipsec.conf configuration file according to eap_aka, has revised rear execution step 207.
Step 205: if psk authentication, then WLAN requires amendment ipsec.conf configuration file according to psk, has revised rear execution step 206.
Step 206:WLAN revises the authentication code of ipsec.secret.
It is pointed out that " authentication code " parameter is different at different security gateways.
The configuration parameter amendment ipsec.conf far-end security gateway of step 207:WLAN according to first set security gateway and the relevant configured parameter of subnet.
It is pointed out that " security gateway and subnet IP " these two parameters are different at the IPSEC security gateway of different manufacturers.
Step 208:WLAN is according to the type of service amendment nat_updown network outgoing interface of current business.
WLAN can specify the network outgoing interface transmission data whether using IPSEC passage when carrying out the transmission of business datum, such as: telephone voice traffic can use IPSEC passage and specify " independence " network outgoing interface brxx, and other WLAN business can specify physical interface eth0, do not send data by IPSEC passage.Therefore, not all business all needs to use IPSEC passage forwarding data business.The smoothness of IPSEC passage is guaranteed in order to avoid IPSEC passage excess load, different business on WLAN can be specified different passages and be selected different network outgoing interfaces to send, like this, different business can be separate and can adopt different security strategies.
In above process, several parameters of amendment are all set up IPSEC expanding channels in order to the IPSEC security gateway realized with overlap security gateway and different manufacturers more.
Step 209:WLAN performs current ipsecup.sh script, sets up IPSEC passage.
Step 210:WLAN can regularly inquire about IPSEC channel status by thread 2.
Step 211: judge IPESEC passage be successfully established/state is normal? if so, then step 210 is performed; Otherwise, perform step 212.
Does whether step 212:WLAN judge that IPSEC passage is set up in trial overtime, or the number of times setting up IPSEC connection reaches appointed threshold value? if so, then carry out step 213; Otherwise, return step 209.
Step 213:WLAN receives the second gateway configuration parameters by thread 1, and repetition step 204 is set up IPSEC to 208, WLAN with the second security gateway and is connected.
In above process, two threads can adopt asynchronous system to arrange, and two threads cooperatively interact.When also not completing IPSEC parameter configuration, the state of inquiry IPSEC is empty.When completing IPSEC parameter configuration, by thread 2, WLAN determines whether IPSEC passage is successfully established, if be successfully established, then and regular check IPSEC state; If the failure of IPSEC Path Setup, then use the second security gateway parameter.Now, WLAN receives the second security gateway parameter by thread 1 and is again configured, and sets up and is connected with the IPSEC of the second security gateway.Therefore, can ensure in whole process that WLAN sets up ease for use and the flexibility of IPSEC passage.In addition, after IPSEC Path Setup, when WLAN receives business datum, the type of service of business datum is judged, when determining that type of service meets the user demand of IPSEC passage, by the security gateway forwarding service data of IPSEC passage to correspondence.
Consult shown in Fig. 3, in the embodiment of the present invention, the implement device (namely having the WLAN of IPSEC function) based on the IPSEC of WLAN specifically comprises:
First communication unit 30, sets up IPSEC for adopting the first security gateway collocation parameter of local configuration with the first security gateway and is connected;
Dispensing unit 31, during for determining to connect failure with the first security gateway, obtaining local second security gateway collocation parameter of preserving, carrying out local configuration parameter renewal;
Second communication unit 32, sets up IPSEC for adopting the second security gateway collocation parameter with the second security gateway and is connected.
Preferably, adopt the first security gateway collocation parameter of local configuration and the first security gateway to set up IPSEC when being connected, the first communication unit 30 specifically for:
Corresponding authentication mode is performed according to the first security gateway collocation parameter;
According to the first security gateway collocation optimum configurations gateway ip address, and configuration network outgoing interface;
Set up IPSEC in this locality with the first security gateway to be connected.
Preferably, when performing corresponding authentication mode according to the first security gateway collocation parameter, the first communication unit 30 specifically for:
If be eap_aka authentication according to the first gateway configuration parameters determination authentication mode, then based on eap_aka authentication standard modification ipsec.conf file;
If be psk authentication according to the first gateway configuration parameters determination authentication mode, then perform corresponding authorizing procedure based on psk authentication standard modification ipsec.conf part.
Preferably, determine to connect unsuccessfully with the first security gateway, obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter when upgrading, dispensing unit 31 specifically for:
The first security gateway collocation parameter is adopted to set up in the process of IPSEC connection, if settling time is overtime, or, the number of times setting up IPSEC connection reaches appointed threshold value, then determine to connect unsuccessfully with the first security gateway, and obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter renewal.
Preferably, second communication unit 32 is further used for:
After IPSEC Path Setup, when receiving business datum, the type of service of business datum is judged, when determining that type of service meets the user demand of IPSEC passage, by the security gateway forwarding service data of IPSEC passage to correspondence.
In sum, in the embodiment of the present invention, the WLAN with IPSEC function is configured with many cover security gateway collocation parameters, when WLAN and the first security gateway set up IPSEC connection failure, automatically local configuration parameter renewal can be carried out based on the second security gateway collocation parameter, and set up IPSEC with the second corresponding security gateway and connect, so until the success of IPSEC connection establishment.Like this, in business data transmission process, once a certain security gateway breaks down, WLAN can select effective security gateway collocation parameter to set up IPSEC with the security gateway normally run to be connected voluntarily, thus not the interrupting of effective guarantee business transmission, improve the reliability of network, avoid the network system paralysis caused because of security gateway fault, ensure that the performance level of whole network system.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the embodiment of the present invention and not depart from the spirit and scope of the embodiment of the present invention.Like this, if these amendments of the embodiment of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (10)
1., based on an implementation method of the Internet Protocol Security IPSEC of WLAN (wireless local area network) WLAN, it is characterized in that, comprise the steps:
The first security gateway collocation parameter that WLAN adopts this locality to configure is set up IPSEC with the first security gateway and is connected;
When WLAN determines to connect failure with the first security gateway, obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter renewal;
WLAN adopts the second security gateway collocation parameter to set up IPSEC with the second security gateway to be connected.
2. the method for claim 1, is characterized in that, the first security gateway collocation parameter that WLAN adopts this locality to configure is set up IPSEC with the first security gateway and is connected, and specifically comprises:
WLAN performs corresponding authentication mode according to described first security gateway collocation parameter;
WLAN is according to described first security gateway collocation optimum configurations gateway ip address, and configuration network outgoing interface;
WLAN sets up IPSEC in this locality with the first security gateway and is connected.
3. method as claimed in claim 2, it is characterized in that, WLAN performs corresponding authentication mode according to described first security gateway collocation parameter, comprising:
If WLAN is the certifiede-mail protocol eap_aka authentication of Extensible Authentication Protocol according to described first gateway configuration parameters determination authentication mode, then based on eap_aka authentication standard modification ipsec.conf file;
If WLAN is wildcard psk authentication according to described first gateway configuration parameters determination authentication mode, then perform corresponding authorizing procedure based on psk authentication standard modification ipsec.conf part.
4. the method as described in claim 1,2 or 3, is characterized in that, WLAN determines to connect unsuccessfully with the first security gateway, obtains local second security gateway collocation parameter of preserving, carries out local configuration parameter renewal, comprising:
WLAN adopts the first security gateway collocation parameter to set up in the process of IPSEC connection, if settling time is overtime, or, the number of times setting up IPSEC connection reaches appointed threshold value, then determine to connect unsuccessfully with the first security gateway, and obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter renewal.
5. the method as described in claim 1,2 or 3, is characterized in that, comprise further:
After IPSEC Path Setup, when WLAN receives business datum, the type of service of described business datum being judged, when determining that described type of service meets the user demand of IPSEC passage, forwarding described business datum by IPSEC passage to the security gateway of correspondence.
6., based on an implement device of the Internet Protocol Security IPSEC of WLAN (wireless local area network) WLAN, it is characterized in that, comprising:
First communication unit, sets up IPSEC for adopting the first security gateway collocation parameter of local configuration with the first security gateway and is connected;
Dispensing unit, during for determining to connect failure with the first security gateway, obtaining local second security gateway collocation parameter of preserving, carrying out local configuration parameter renewal;
Second communication unit, sets up IPSEC for adopting the second security gateway collocation parameter with the second security gateway and is connected.
7. device as claimed in claim 6, is characterized in that, adopts the first security gateway collocation parameter of local configuration and the first security gateway to set up IPSEC when being connected, the first communication unit specifically for:
Corresponding authentication mode is performed according to described first security gateway collocation parameter;
According to described first security gateway collocation optimum configurations gateway ip address, and configuration network outgoing interface;
Set up IPSEC in this locality with the first security gateway to be connected.
8. device as claimed in claim 7, is characterized in that, when performing corresponding authentication mode according to described first security gateway collocation parameter, described first communication unit specifically for:
If be eap_aka authentication according to described first gateway configuration parameters determination authentication mode, then based on eap_aka authentication standard modification ipsec.conf file;
If be psk authentication according to described first gateway configuration parameters determination authentication mode, then perform corresponding authorizing procedure based on psk authentication standard modification ipsec.conf part.
9. the device as described in claim 6,7 or 8, is characterized in that, determines to connect unsuccessfully with the first security gateway, obtains local second security gateway collocation parameter of preserving, and carries out local configuration parameter when upgrading, described dispensing unit specifically for:
The first security gateway collocation parameter is adopted to set up in the process of IPSEC connection, if settling time is overtime, or, the number of times setting up IPSEC connection reaches appointed threshold value, then determine to connect unsuccessfully with the first security gateway, and obtain local second security gateway collocation parameter of preserving, carry out local configuration parameter renewal.
10. the device as described in claim 6,7 or 8, is characterized in that, described second communication unit is further used for:
After IPSEC Path Setup, when receiving business datum, the type of service of described business datum being judged, when determining that described type of service meets the user demand of IPSEC passage, forwarding described business datum by IPSEC passage to the security gateway of correspondence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410456565.0A CN104243465A (en) | 2014-09-09 | 2014-09-09 | IPSEC implementation method and device based on WLAN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410456565.0A CN104243465A (en) | 2014-09-09 | 2014-09-09 | IPSEC implementation method and device based on WLAN |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104243465A true CN104243465A (en) | 2014-12-24 |
Family
ID=52230815
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410456565.0A Pending CN104243465A (en) | 2014-09-09 | 2014-09-09 | IPSEC implementation method and device based on WLAN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104243465A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314136A (en) * | 2020-02-18 | 2020-06-19 | 安科讯(福建)科技有限公司 | Method and terminal for triggering LTE Femto gateway switching |
| CN114302503A (en) * | 2021-12-31 | 2022-04-08 | 广州爱浦路网络技术有限公司 | Data transmission method based on non-3GPP access function network element and non-3GPP access function network element |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1954309A (en) * | 2004-01-22 | 2007-04-25 | 株式会社东芝 | Serving network selection and multihoming using IP access network |
| CN101072157A (en) * | 2007-06-08 | 2007-11-14 | 迈普(四川)通信技术有限公司 | Virtual special net load backup system and its establishing method and data forwarding method |
-
2014
- 2014-09-09 CN CN201410456565.0A patent/CN104243465A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1954309A (en) * | 2004-01-22 | 2007-04-25 | 株式会社东芝 | Serving network selection and multihoming using IP access network |
| CN101072157A (en) * | 2007-06-08 | 2007-11-14 | 迈普(四川)通信技术有限公司 | Virtual special net load backup system and its establishing method and data forwarding method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314136A (en) * | 2020-02-18 | 2020-06-19 | 安科讯(福建)科技有限公司 | Method and terminal for triggering LTE Femto gateway switching |
| CN111314136B (en) * | 2020-02-18 | 2022-12-27 | 安科讯(福建)科技有限公司 | Method and terminal for triggering LTE Femto gateway switching |
| CN114302503A (en) * | 2021-12-31 | 2022-04-08 | 广州爱浦路网络技术有限公司 | Data transmission method based on non-3GPP access function network element and non-3GPP access function network element |
| CN114302503B (en) * | 2021-12-31 | 2023-06-06 | 广州爱浦路网络技术有限公司 | Data transmission method based on non-3GPP access function network element and non-3GPP access function network element |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10375609B2 (en) | Operation of a serving node in a network | |
| Dely et al. | CloudMAC—An OpenFlow based architecture for 802.11 MAC layer processing in the cloud | |
| CN105635084B (en) | Terminal authentication apparatus and method | |
| CA2769719C (en) | Method of providing telecommunications network security | |
| CN105472678A (en) | Wireless network switching method, wireless network switching device and terminal equipment | |
| CN107078946B (en) | Method, device and system for processing service flow processing strategy | |
| JP6796656B2 (en) | Basic service set identifier BSSID update | |
| US11233694B2 (en) | Method and device for processing communication path | |
| EP2732598B1 (en) | Method to enhance high availability in a secure telecommunications network, and telecommunications network comprising a plurality of remote nodes | |
| CN102083023A (en) | Method, system and equipment for restarting remote control equipment | |
| CN108141743B (en) | Methods, networks, apparatus, systems, media and devices handling communication exchanges | |
| CN101023647A (en) | Return routability optimisation | |
| CN105282735A (en) | Privacy protection method and protection system used based on mobile terminal networking | |
| CN103199990B (en) | A kind of method and apparatus of Routing Protocol certification migration | |
| CN102752752B (en) | base station maintenance method and apparatus | |
| CN104243465A (en) | IPSEC implementation method and device based on WLAN | |
| CN113676493A (en) | Communication method based on MOBIKE protocol and electronic equipment | |
| CN112839391B (en) | 4G communication method, device and system | |
| CN108900338B (en) | Channel backup communication system and method | |
| CN103458499A (en) | Off-line processing method and equipment | |
| CN108712782B (en) | Tunnel establishment method and device, electronic equipment and readable storage medium | |
| EP3319367B1 (en) | Node switching method, device, and system | |
| CN113691394A (en) | Method and system for establishing and switching VPN communication | |
| EP3200433A1 (en) | Ipv6 address management method, device and terminal | |
| KR102274204B1 (en) | Method for supporting security function in software defined network, and network apparatus and controller for the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141224 |
|
| RJ01 | Rejection of invention patent application after publication |