CN102571817A

CN102571817A - Method and device for accessing application server

Info

Publication number: CN102571817A
Application number: CN2012100341280A
Authority: CN
Inventors: 王春宁; 史建鑫; 李月
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2012-02-15
Filing date: 2012-02-15
Publication date: 2012-07-11
Anticipated expiration: 2032-02-15
Also published as: CN102571817B

Abstract

The embodiment of the invention provides a method and a device for accessing an application server. The method comprises the following steps that: a virtual private network (VPN) server receives a first login request transmitted by a first gateway, wherein the first login request comprises an identifier of the first gateway; the VPN server generates online gateway information according to the first login request, wherein the online gateway information comprises the identifier of the first gateway; the VPN server transmits the online gateway information to a client; the VPN server receives a second login request which is used for logging in the first gateway and is transmitted by the client, wherein the second login request comprises the identifier of the first gateway; the VPN server forwards the second login request to the first gateway, so that the first gateway can conveniently respond to the second login request; and the VPN server transmits first traffic used by accessing the application server through the first gateway by the client, wherein the application server is positioned in a VPN. In addition, the invention also provides other methods and devices. By the technical scheme provided by the embodiment of the invention, a VPN gateway is not required to occupy an Internet protocol (IP) address of a public network.

Description

The method of access application server and device

Technical field

The embodiment of the invention relates to the communication technology, relates in particular to the method and the device of access application server.

Background technology

(Virtual Private Network, setting up VPN) is more flexible, has greatly enriched the Internet resources that the Internet user can visit for Virtual Private Network.During concrete the realization, be arranged in the application server that the client of public network can be through Virtual Private Network gateway access Virtual Private Network (Application Server, AS).Application server can be web page server, file server, video server, internet protocol TV (Internet Protocol Television, IPTV) server etc.

The inventor finds that there is following problem in prior art:

Login Virtual Private Network gateway is the prerequisite that can visit the client-access Virtual Private Network of public network.This means that the Virtual Private Network gateway need take public network Internet Protocol (Internet Protocol, IP) address.

Summary of the invention

The embodiment of the invention provides the method for access application server promptly to install, and can solve the technical problem that the Virtual Private Network gateway takies public network IP address.

On the one hand, the method for a kind of access application server that the embodiment of the invention provides comprises:

The virtual private network server that is positioned at public network receives first logging request of first gateway transmission that is positioned at Virtual Private Network, and said first logging request comprises the sign of said first gateway;

Said virtual private network server is created on gauze according to said first logging request and closes information, and said online gateway information comprises the sign of said first gateway;

Said virtual private network server sends said online gateway information to client;

Said virtual private network server receives second logging request that said first gateway is logined in request that said client sends, and said second logging request comprises the sign of said first gateway;

Said virtual private network server is to said second logging request of said first gateway forwards, so that said first gateway responds said second logging request;

The said client of said Virtual Private Network Server Transport is through the first flow of the said application server of said first gateway access, and said application server is positioned at said Virtual Private Network.

On the other hand, the method for the another kind of access application server that the embodiment of the invention provides comprises:

First gateway that is positioned at Virtual Private Network sends first logging request of the sign that comprises said first gateway to the virtual private network server that is positioned at public network, so that said virtual private network server generates the online gateway information of the sign that comprises said first gateway that is used for being received by client;

Said first gateway receives second logging request that said first gateway is logined in request that the said client of said Virtual Private Network server forwards sends, and said second logging request comprises the sign of said first gateway;

Said first gateway responds said second logging request;

Said first gateway transmits the first flow of said client through the said application server of said first gateway access, and said application server is positioned at the said first gateway corresponding virtual private network.

Client receives the online gateway information of the virtual private network server transmission that is positioned at public network; Said online gateway information obtains through following approach: said virtual private network server receives first logging request of first gateway transmission that is positioned at Virtual Private Network, and said first logging request comprises the sign of said first gateway; Said virtual private network server is created on gauze according to said first logging request and closes information, and said online gateway information comprises the sign of said first gateway;

Said client is sent second logging request of said first gateway of request login to said virtual private network server; Said second logging request comprises the sign of said first gateway; So that said virtual private network server is to said second logging request of said first gateway forwards, said second logging request is used to make said first gateway that said second logging request is responded;

Said client is through the said application server of said first gateway access, and said application server is positioned at said Virtual Private Network.

On the other hand, the device of a kind of access application server that the embodiment of the invention provides comprises:

First receiving element is used to receive first logging request that first gateway that is positioned at Virtual Private Network sends, and said first logging request comprises the sign of said first gateway;

The gateway information generation unit is used for being created on gauze according to said first logging request and closes information, and said online gateway information comprises the sign of said first gateway;

Transmitting element is used for sending said online gateway information to client;

Second receiving element is used to receive second logging request that said first gateway is logined in request that said client sends, and said second logging request comprises the sign of said first gateway;

Retransmission unit is used for to said second logging request of said first gateway forwards, so that said first gateway responds said second logging request;

Transmission unit is used to transmit the first flow of said client through the said application server of said first gateway access, and said application server is positioned at said Virtual Private Network.

On the other hand, the device of the another kind of access application server that the embodiment of the invention provides comprises:

Transmitting element; Be used for sending first logging request of the sign that comprises first gateway that is positioned at Virtual Private Network, so that said virtual private network server generates the online gateway information that is used for by the sign that comprises said first gateway of client reception to the virtual private network server that is positioned at public network;

Receiving element is used to receive second logging request that said first gateway is logined in request that the said client of said Virtual Private Network server forwards sends, and said second logging request comprises the sign of said first gateway;

Response unit is used for said second logging request is responded;

Transmission unit is used to transmit the first flow of said client through the said application server of said first gateway access, and said application server is positioned at the said first gateway corresponding virtual private network.

Receiving element; Be used to receive the online gateway information of the virtual private network server transmission that is positioned at public network; Said online gateway information obtains through following approach: said virtual private network server receives first logging request of first gateway transmission that is positioned at Virtual Private Network, and said first logging request comprises the sign of said first gateway; Said virtual private network server is created on gauze according to said first logging request and closes information, and said online gateway information comprises the sign of said first gateway;

Transmitting element; Be used for sending second logging request of said first gateway of request login to said virtual private network server; Said second logging request comprises the sign of said first gateway; So that said virtual private network server is to said second logging request of said first gateway forwards, said second logging request is used to make said first gateway that said second logging request is responded;

Addressed location is used for through the said application server of said first gateway access, and said application server is positioned at said Virtual Private Network.

It is thus clear that in the technical scheme that the embodiment of the invention provides, the virtual private network server is positioned at public network, has public network IP address, client can be according to the public network IP address accesses virtual private network server of virtual private network server.Client can have been logined the pairing Virtual Private Network of Virtual Private Network gateway of virtual private network server through the Virtual Private Network server access.Therefore, through the technical scheme that the embodiment of the invention provides, can solve the technical problem that Virtual Private Network gateway in the prior art need take public network IP address.

Description of drawings

In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply; Obviously, the accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.

Fig. 1 is the networking structure figure that technical scheme that the embodiment of the invention provides is applied to a certain scene;

Fig. 2 is the flow chart of the method for a kind of access application server of providing of the embodiment of the invention;

Fig. 3 is the flow chart of the method for the another kind of access application server that provides of the embodiment of the invention;

Fig. 4 is the flow chart of the method for the another kind of access application server that provides of the embodiment of the invention;

Fig. 5 is the structural representation of the device of a kind of access application server of providing of the embodiment of the invention;

Fig. 6 is the structural representation of the device of the another kind of access application server that provides of the embodiment of the invention;

Fig. 7 is the structural representation of the device of the another kind of access application server that provides of the embodiment of the invention.

Embodiment

For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer; To combine the accompanying drawing in the embodiment of the invention below; Technical scheme in the embodiment of the invention is carried out clear, intactly description; Obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.

The embodiment of the invention provides a kind of method, device and system of access application server, can solve the technical problem that the Virtual Private Network gateway takies public network IP address.The technical scheme that Fig. 1 provides for the embodiment of the invention is applied to the networking structure figure of a certain scene.

The networking structure figure of Fig. 1 comprises four network equipments, is respectively client, virtual private network server, gateway and application server.

Client can be through access to the Internet virtual private network server.The virtual private network server can be through the access to the Internet gateway.Gateway is the gateway of Virtual Private Network.Gateway is positioned at the edge of Virtual Private Network and internet.Application server is positioned at Virtual Private Network, and application server can be mutual through gateway and internet.

Embodiment one:

The embodiment of the invention provides a kind of method of access application server, can be used for networking structure shown in Figure 1, and referring to Fig. 2, Fig. 2 is the flow chart of the method for the access application server that provides of the embodiment of the invention, and this method comprises:

201, the virtual private network server that is positioned at public network receives first logging request that first gateway be positioned at Virtual Private Network sends, and this first logging request comprises the sign of this first gateway.

The sign of this first gateway can be the sequence number of first gateway, and the virtual private network server is the name that this first gateway distributes.

The virtual private network server is positioned at public network, and this virtual private network server has at least one public network IP address.During concrete the realization, this virtual private network server public network IP addresses corresponding can obtain through manual configuration.In addition, can also be Virtual Private Network server configures domain name, and at this virtual private network server of name server registration.

During concrete the realization, client is connected with public network, and client can be sent the request of this network equipment of login to the network equipment that is positioned at public network.Client can be PC, mobile phone or personal digital assistant.

First gateway lands this virtual private network server when specifically realizing, can be:

(Secure Socket Layer, SSL) set up first gateway and be connected with SSL between the server by agreement through SSL for first gateway.It can be one that first gateway is connected with SSL between the virtual private network server, also can be a plurality of.First gateway lands this virtual private network server through the SSL connection.

Can set up this first gateway in the following way is connected with SSL between this virtual private network server:

This first gateway sends SSL to this virtual private network server and connects the request of foundation, and this server connects to this SSL of this first gateway transmission sets up the request corresponding response.The sign that this SSL of this Virtual Private Network server for saving connects.

When this first gateway requests is landed this virtual private network server and specifically realized, can be that (Hyper Text Transfer Protocol HTTP) logins this virtual private network server to first gateway through HTTP.

When this first gateway requests was landed this virtual private network server, this virtual private network server can carry out authentication to this first gateway.

When this first gateway is carried out authentication and specifically realizes, can be:

This virtual private network server is preserved the sign of the gateway that can land this virtual private network server in advance.The sign of gateway can be the sequence number of gateway.Configuration is used for the authentication mode that the gateway of this virtual private network server carries out authentication is landed in request on this virtual private network server in advance.This authentication mode can be the authentication mode of account and password.

This virtual private network server when this client is sent in the gauze information of closing and specifically realizes can be:

After client is landed this virtual private network server, send the request message of the online gateway information of acquisition request to this virtual private network server.This virtual private network server is sent in gauze pass information to this client after receiving this request message.

When client is landed this virtual private network server and specifically realized, can be:

The logical ssl protocol of client is set up and is connected with the SSL of this virtual private network server.When client-requested was landed this virtual private network server, this virtual private network server can carry out authentication to this client.About how setting up this client being connected, please refer to preceding text setting up the description that this first gateway is connected with SSL between this virtual private network server with the SSL of this virtual private network server.How this client is carried out authentication about this virtual private network server, please refer to preceding text carry out authentication to this first gateway to this virtual private network server description.

202, this virtual private network server is created on gauze according to this first logging request and closes information, and this online gateway information comprises the sign of this first gateway.

203, this virtual private network server sends this online gateway information to client.

Can realize in the following way that this virtual private network server is sent in gauze to client and closes information:

Mode one, client are landed this virtual private network server through browser.Client is received in gauze through this browser and closes information;

Mode two, client are landed this virtual private network server through browser.Client is obtained online gateway information through control.This control can be ActiveX.

204, this virtual private network server receives second logging request of this first gateway of request login of this client transmission, and this second logging request comprises the sign of this first gateway.

When second logging request of this first gateway of client transmission request login specifically realizes, can be:

Client is received in gauze through browser and closes information.Client is selected this first gateway from online gateway information, and sends second logging request through browser to this first gateway.

205, this virtual private network server is to this second logging request of this first gateway forwards, so that this first gateway responds this second logging request.

206, this this client of Virtual Private Network Server Transport is through the first flow of this this application server of first gateway access, and this application server is positioned at this Virtual Private Network.

During concrete the realization, can connect the flow of transmission client access application server through SSL.About how setting up SSL connecting, seeing also the description of hereinafter.

Application server is the application server that is positioned at Virtual Private Network.Application server can communicate through the network beyond first gateway and this Virtual Private Network.Application server can be video server, file server or Website server.

It is thus clear that in the technical scheme that present embodiment provides, the virtual private network server is positioned at public network, has public network IP address, client can be according to the public network IP address accesses virtual private network server of virtual private network server.Client can have been logined the pairing Virtual Private Network of Virtual Private Network gateway of virtual private network server through the Virtual Private Network server access.Therefore, through the technical scheme that present embodiment provides, can solve the technical problem that Virtual Private Network gateway in the prior art need take public network IP address.

Optional,

This this client of Virtual Private Network Server Transport comprises through the first flow of this this application server of first gateway access:

First access request that this virtual private network server sends to this this client of application server transmission; And first access response that this virtual private network server sends to this application server of this client transmissions; This first access request is used to make this application server to send this first access response to this client, and this first flow comprises this first access request and this first access response;

First access request that this virtual private network server sends to this this client of application server transmission comprises:

This virtual private network server connects this first access request that receives this client transmission through first SSL; The sign that comprises this first gateway in this first access request, this first SSL are connected to being connected between this client and this virtual private network server;

This virtual private network server obtains the sign that this first SSL connects based on the protocol stack of secure socket layer protocol; This virtual private network server generates first corresponding relation; This first corresponding relation comprises the sign that sign that the sign, second SSL of this first gateway connect and this first SSL connect, and this second SSL is connected to being connected between this virtual private network server and this first gateway;

This virtual private network server adds the sign that this first SSL connects to this first access request, generates second access request;

This virtual private network server connects to this this second access request of first gateway transmission through this second SSL; So that this first gateway is through first transmission control protocol (Transfer Control Protocol; TCP) connection is forwarded to this application server with this second access request; This second access request is used to make this first gateway to obtain the sign that this second SSL connects according to the secure socket layer protocol stack; And the sign that connects according to this first SSL in this second access request generates second corresponding relation; This second corresponding relation comprises sign, the sign of this second SSL connection and the sign that this first transmission control protocol connects that this first SSL connects; This first transmission control protocol is connected to being connected between this first gateway and this application server, and this second access request also is used to trigger this first gateway and connects to this application server through this first transmission control protocol and transmit this second access request;

This virtual private network server comprises to first access response that this application server of this client transmissions sends:

This virtual private network server receives second access response, and this second access response obtains through following approach:

This application server connects this first access response of transmission through this first transmission control protocol;

This first gateway obtains this first transmission control protocol connection according to the protocol stack of transmission control protocol, and this first gateway finds this second corresponding relation according to the sign that this first transmission control protocol connects; This first gateway obtains the sign of this first SSL connection and the sign that this second SSL connects according to this second corresponding relation;

This first gateway adds the sign that this first SSL connects to this second access response, generates this first access response;

This first gateway connects to this this first access response of virtual private network server transmission through this second SSL;

This virtual private network server confirms that based on the sign that this first SSL in this first access response connects this first SSL is connected to the connection that is used to communicate by letter, and through this first SSL connection this first access response is forwarded to this client.

Can write down first corresponding relation and second corresponding relation through the list item in the correspondence table.Also can be through file logging first corresponding relation and second corresponding relation.

First gateway finds second corresponding relation according to the sign that first transmission control protocol connects.During concrete the realization; Can be first gateway is searched the sign that comprises the connection of first transmission control protocol in corresponding tables list item, and obtain the sign of first SSL connection and the sign that second SSL connects based on the list item of the sign that comprises the connection of first transmission control protocol.

Optional,

This first flow is visited the flow of this application server with the mode of webpage agency, applied transformation, port forwarding or extension of network for this client.

First flow can be the flow of this client to this application server transmission, also can be the flow that this application server sends to this client.

Embodiment two:

The embodiment of the invention provides a kind of method of access application server, can be used for networking structure shown in Figure 1, and referring to Fig. 3, Fig. 3 is the flow chart of the method for the access application server that provides of the embodiment of the invention, and this method comprises:

301, first gateway that is positioned at Virtual Private Network sends first logging request of the sign that comprises this first gateway to the virtual private network server that is positioned at public network, so that this virtual private network server generates the online gateway information of the sign that comprises this first gateway that is used for being received by client.

302, second logging request of this first gateway of request login of this client transmission of this this Virtual Private Network server forwards of first gateway reception, this second logging request comprises the sign of this first gateway.

303, this first gateway responds this second logging request.

304, this this client of first gateway transmission is through the first flow of this this application server of first gateway access, and this application server is positioned at this first gateway corresponding virtual private network.

First gateway is set up first gateway through secure socket layer protocol and is connected with SSL between the server.It can be one that first gateway is connected with SSL between the virtual private network server, also can be a plurality of.First gateway lands this virtual private network server through the SSL connection.

When this first gateway requests is landed this virtual private network server and specifically realized, can be that first gateway is through this virtual private network server of HTTP login.

Optional,

This this client of first gateway transmission comprises through the first flow of this this application server of first gateway access:

First access request that this first gateway sends to this this client of application server transmission; And first access response that this first gateway sends to this application server of this client transmissions; This first access request is used to make this application server to send this first access response to this client, and this first flow comprises this first access request and this first access response;

First access request that this first gateway sends to this this client of application server transmission comprises:

This first gateway connects second access request that receives this virtual private network server transmission through second SSL; This second SSL is connected to being connected between this virtual private network server and this first gateway, and this second access request obtains through following approach:

This virtual private network server connects this first access request that receives this client transmission through first SSL; This first SSL is connected to being connected between this client and this virtual private network server, comprises the sign of this first gateway in this first access request;

This virtual private network server obtains the sign that this first SSL connects based on the protocol stack of secure socket layer protocol; This virtual private network server generates first corresponding relation based on the sign of this first SSL connection and the sign of this first gateway in this first access request, and this first corresponding relation comprises the sign of this first gateway, the sign of this second SSL connection and the sign that this first SSL connects;

This virtual private network server adds the sign that this first SSL connects to this first access request, generates this second access request;

This first gateway is forwarded to this application server through the connection of first transmission control protocol with this second access request; This first gateway obtains the sign that this second SSL connects based on the secure socket layer protocol stack; This first gateway generates second corresponding relation based on the sign that this first SSL in this second access request connects; This second corresponding relation comprises the sign that sign that this first SSL connects, sign that this second SSL connects and this first transmission control protocol connect, and this first transmission control protocol is connected to being connected between this first gateway and this application server;

This first gateway comprises to first access response that this application server of this client transmissions sends:

This first gateway connects this first access response that receives this application server transmission through this first transmission control protocol;

This first gateway obtains this first transmission control protocol connection according to the protocol stack of transmission control protocol, and this first gateway finds this second corresponding relation according to the sign that this first transmission control protocol connects; This first gateway obtains the sign of this first SSL connection and the sign that this second SSL connects according to this second corresponding relation; This first gateway adds the sign that this first SSL connects to this first access response, generates second access response;

This first gateway connects to this this second access response of virtual private network server transmission through this second SSL; This second access response is used for making this virtual private network server to confirm that based on the sign of this first SSL connection of this second access response this first SSL is connected to the connection that is used to communicate by letter, and through this first SSL connection this second access response is forwarded to this client.

Optional,

Embodiment three:

The embodiment of the invention provides a kind of method of access application server, can be used for networking structure shown in Figure 1, and referring to Fig. 4, Fig. 4 is the flow chart of the method for the access application server that provides of the embodiment of the invention, and this method comprises:

401, client receives the online gateway information of the virtual private network server transmission that is positioned at public network; This online gateway information obtains through following approach: this virtual private network server receives first logging request of first gateway transmission that is positioned at Virtual Private Network, and this first logging request comprises the sign of this first gateway; This virtual private network server is created on gauze according to this first logging request and closes information, and this online gateway information comprises the sign of this first gateway.

402, this client is sent second logging request of this first gateway of request login to this virtual private network server; This second logging request comprises the sign of this first gateway; So that this virtual private network server is to this second logging request of this first gateway forwards, this second logging request is used to make this first gateway that this second logging request is responded.

403, this client is through this this application server of first gateway access, and this application server is positioned at this Virtual Private Network.

During concrete the realization, can connect the flow of transmission client access application server through SSL.About how setting up SSL connecting, please participate in the description of hereinafter.

Optional,

This client comprises through this this application server of first gateway access:

This client is sent first access request through this first gateway to this application server; And this client receives first access response that this application server sends through this first gateway, and this first access request is used to make this application server to send this first access response to this client;

This client is sent first access request through this first gateway to this application server, comprising:

This client connects to this virtual private network server through first SSL sends this first access request; The sign that comprises this first gateway in this first access request, this first SSL are connected to being connected between this client and this virtual private network server; This first access request is used to make this virtual private network server to obtain the sign that this first SSL connects according to the protocol stack of secure socket layer protocol; This first access request also is used for making this virtual private network server to generate first corresponding relation according to the sign of this first gateway of this first access request and the sign of this first SSL connection; This first corresponding relation comprises the sign that sign that the sign, second SSL of this first gateway connect and this first SSL connect, and this second SSL is connected to being connected between this virtual private network server and this first gateway; This first access request also is used to make this virtual private network server to add the sign that this first SSL connects to this first access request, generates second access request; This first access request also is used to make this virtual private network server to connect to this this second access request of first gateway transmission through this second SSL; This second access request is used to make this first gateway through the connection of first transmission control protocol this second access request to be forwarded to this application server; This second access request is used to make this first gateway to obtain the sign that this second SSL connects according to the secure socket layer protocol stack; And the sign that connects according to this first SSL in this second access request generates second corresponding relation; This second corresponding relation comprises the sign that sign that this first SSL connects, sign that this second SSL connects and this first transmission control protocol connect, and this first transmission control protocol is connected to being connected between this first gateway and this application server; This second access request also is used to make this first gateway to connect to this this second access request of application server forwarding through this first transmission control protocol;

This client receives first access response that this application server sends through this first gateway, comprising:

This client connects second access response that receives this Virtual Private Network server forwards through this first SSL, and this second access response obtains through following approach:

This first gateway obtains the sign that this first transmission control protocol connects based on the protocol stack of transmission control protocol; This first gateway finds this second corresponding relation based on the sign that this first transmission control protocol connects, and this first gateway obtains the sign of this first SSL connection and the sign that this second SSL connects based on this second corresponding relation;

This first gateway adds the sign that this first SSL connects to this first access response, generates this second access response;

This first gateway connects to this this second access response of virtual private network server transmission through this second SSL;

This virtual private network server confirms that based on the sign that this first SSL in this second access response connects this first SSL is connected to the connection that is used to communicate by letter, and connects to this this second access response of client forwarding through this first SSL.

Optional,

This client transmits with webpage agency, applied transformation, port or the mode of extension of network is visited this application server.

Embodiment four:

The embodiment of the invention provides a kind of device of access application server, can be used for networking structure shown in Figure 1.It specifically can be the virtual private network server among Fig. 1.Referring to Fig. 5, Fig. 5 is the structural representation of the device of the access application server that provides of the embodiment of the invention, and this device comprises:

First receiving element 501 is used to receive first logging request that first gateway that is positioned at Virtual Private Network sends, and this first logging request comprises the sign of this first gateway;

Gateway information generation unit 502 is used for being created on gauze according to this first logging request and closes information, and this online gateway information comprises the sign of this first gateway;

Transmitting element 503 is used for sending this online gateway information to client;

Second receiving element 504 is used to receive second logging request of this first gateway of request login that this client sends, and this second logging request comprises the sign of this first gateway;

Retransmission unit 506 is used for to this second logging request of this first gateway forwards, so that this first gateway responds this second logging request;

Transmission unit 507 is used to transmit the first flow of this client through this this application server of first gateway access, and this application server is positioned at this Virtual Private Network.

Optional,

Transmission unit 507 comprises first subelement and second subelement;

This first subelement is used for first access request to this this client transmission of application server transmission;

This second subelement is used for first access response to this application server transmission of this client transmissions; This first access request is used to make this application server to send this first access response to this client, and this first flow comprises this first access request and this first access response;

This first subelement comprises:

The access request receiving element; Be used for connecting this first access request that receives this client transmission through first SSL; The sign that comprises this first gateway in this first access request, this first SSL are connected to being connected between this client and this virtual private network server;

The corresponding relation generation unit; Be used for obtaining the sign that this first SSL connects according to the protocol stack of secure socket layer protocol; Generate first corresponding relation; This first corresponding relation comprises the sign that sign that the sign, second SSL of this first gateway connect and this first SSL connect, and this second SSL is connected to being connected between this virtual private network server and this first gateway;

The access request updating block is used for adding the sign that this first SSL connects to this first access request, generates second access request;

The access request transmitting element; Be used for connecting to this this second access request of first gateway transmission through this second SSL; So that this first gateway connects through first transmission control protocol this second access request is sent to this application server; This second access request is used to make this first gateway to obtain the sign that this second SSL connects according to the secure socket layer protocol stack; And the sign that connects according to this first SSL in this second access request generates second corresponding relation; This second corresponding relation comprises sign, the sign of this second SSL connection and the sign that this first transmission control protocol connects that this first SSL connects; This first transmission control protocol is connected to being connected between this first gateway and this application server, and this second access request also is used to trigger this first gateway and connects to this application server through this first transmission control protocol and transmit this second access request;

This second subelement comprises:

The access response receiving element is used to receive second access response, and this second access response obtains through following approach:

The access response retransmission unit; Be used for the sign that this first SSL according to this first access response connects and confirm that this first SSL is connected to the connection that is used to communicate by letter, and connect through this first SSL this first access response is forwarded to this client.

Optional,

Embodiment five:

The embodiment of the invention provides a kind of device of access application server, can be used for networking structure shown in Figure 1.It specifically can be the gateway among Fig. 1.Referring to Fig. 6, Fig. 6 is the structural representation of the device of the access application server that provides of the embodiment of the invention, and this device comprises:

Transmitting element 601; Be used for sending first logging request of the sign that comprises first gateway that is positioned at Virtual Private Network, so that this virtual private network server generates the online gateway information that is used for by the sign that comprises this first gateway of client reception to the virtual private network server that is positioned at public network;

Receiving element 602 is used to receive second logging request that said first gateway is logined in request that this client of this Virtual Private Network server forwards sends, and this second logging request comprises the sign of this first gateway;

Response unit 603 is used for this second logging request is responded;

Transmission unit 604 is used to transmit the first flow of this client through this this application server of first gateway access, and this application server is positioned at this first gateway corresponding virtual private network.

Optional,

Transmission unit 604 comprises first subelement and second subelement;

This first subelement comprises:

The access request receiving element; Be used for connecting second access request that receives this virtual private network server transmission through second SSL; This second SSL is connected to being connected between this virtual private network server and this first gateway, and this second access request obtains through following approach:

This virtual private network server adds the sign that this first SSL connects to this first access request, generates this second access request; The access request retransmission unit is used for through the connection of first transmission control protocol this second access request being forwarded to this application server; This first gateway obtains the sign that this second SSL connects according to the secure socket layer protocol stack; This first gateway generates second corresponding relation according to the sign that this first SSL in this second access request connects; This second corresponding relation comprises sign, the sign of this second SSL connection and the sign that this first transmission control protocol connects that this first SSL connects, and this is first years old

Transmission control protocol is connected to being connected between this first gateway and this application server; This second subelement comprises:

The access response receiving element is used for connecting this first access response that receives this application server transmission through this first transmission control protocol;

Search the unit, be used for obtaining this first transmission control protocol connection according to the protocol stack of transmission control protocol, this first gateway finds this second corresponding relation according to the sign that this first transmission control protocol connects; This first gateway obtains the sign of this first SSL connection and the sign that this second SSL connects according to this second corresponding relation;

The access response updating block is used for adding the sign that this first SSL connects to this first access response, generates second access response;

The access response transmitting element; Be used for connecting to this this second access response of virtual private network server transmission through this second SSL; This second access response is used for making this virtual private network server to confirm that according to the sign of this first SSL connection of this second access response this first SSL is connected to the connection that is used to communicate by letter, and logical

Cross this first SSL connection this second access response is forwarded to this client.Can write down first corresponding relation and second corresponding relation through the list item in the correspondence table.Also can be through file logging first corresponding relation and second corresponding relation.

Optional,

Embodiment six:

The embodiment of the invention provides a kind of device of access application server, can be used for networking structure shown in Figure 1.It specifically can be the client among Fig. 1.Referring to Fig. 7, Fig. 7 is the structural representation of the device of the access application server that provides of the embodiment of the invention, and this device comprises:

Receiving element 701; Be used to receive the online gateway information of the virtual private network server transmission that is positioned at public network; This online gateway information obtains through following approach: this virtual private network server receives first logging request of first gateway transmission that is positioned at Virtual Private Network, and this first logging request comprises the sign of this first gateway; This virtual private network server is created on gauze according to this first logging request and closes information, and this online gateway information comprises the sign of this first gateway;

Transmitting element 702; Be used for sending second logging request of this first gateway of request login to this virtual private network server; This second logging request comprises the sign of this first gateway; So that this virtual private network server is to this second logging request of this first gateway forwards, this second logging request is used to make this first gateway that this second logging request is responded;

Addressed location 703 is used for through this this application server of first gateway access, and this application server is positioned at this Virtual Private Network.

Optional,

Addressed location 703 comprises first addressed location and second addressed location;

This first addressed location is used for sending first access request through this first gateway to this application server;

This second addressed location is used for receiving first access response that this application server sends through this first gateway, and this first access request is used to make this application server to send this first access response to this client;

This first addressed location comprises first trigger element and access request transmitting element:

This first trigger element is used to trigger this access request transmitting element and sends this first access request;

This access request transmitting element; Be used for connecting to this this first access request of virtual private network server transmission through first SSL; The sign that comprises this first gateway in this first access request, this first SSL are connected to being connected between this client and this virtual private network server; This first access request is used to make this virtual private network server to obtain the sign that this first SSL connects according to the protocol stack of secure socket layer protocol; This first access request also is used for making this virtual private network server to generate first corresponding relation according to the sign of this first gateway of this first access request and the sign of this first SSL connection; This first corresponding relation comprises the sign that sign that the sign, second SSL of this first gateway connect and this first SSL connect, and this second SSL is connected to being connected between this virtual private network server and this first gateway; This first access request also is used to make this virtual private network server to add the sign that this first SSL connects to this first access request, generates second access request; This first access request also is used to make this virtual private network server to connect to this this second access request of first gateway transmission through this second SSL; This second access request is used to make this first gateway through the connection of first transmission control protocol this second access request to be forwarded to this application server; This second access request is used to make this first gateway to obtain the sign that this second SSL connects according to the secure socket layer protocol stack; And the sign that connects according to this first SSL in this second access request generates second corresponding relation; This second corresponding relation comprises the sign that sign that this first SSL connects, sign that this second SSL connects and this first transmission control protocol connect, and this first transmission control protocol is connected to being connected between this first gateway and this application server; This second access request also is used to make this first gateway to connect to this this second access request of application server forwarding through this first transmission control protocol;

This second addressed location comprises second trigger element and access response receiving element:

This second trigger element is used to trigger this access response receiving element and receives second access response;

This access response receiving element is used for connecting this second access response that receives this Virtual Private Network server forwards through this first SSL, and this second access response obtains through following approach:

One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforementioned program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.

What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.

Claims

1. the method for an access application server is characterized in that, comprising:

2. according to the said method of claim 1, it is characterized in that,

The said client of said Virtual Private Network Server Transport comprises through the first flow of the said application server of said first gateway access:

Said virtual private network server transmits first access request that said client is sent to said application server; And first access response that said virtual private network server sends to the said application server of said client transmissions; Said first access request is used to make said application server to send said first access response to said client, and said first flow comprises said first access request and said first access response;

Said virtual private network server transmits first access request that said client is sent to said application server, comprising:

Said virtual private network server connects said first access request that receives said client transmission through first SSL; The sign that comprises said first gateway in said first access request, said first SSL are connected to being connected between said client and the said virtual private network server;

Said virtual private network server obtains the sign that said first SSL connects according to the protocol stack of secure socket layer protocol; Said virtual private network server generates first corresponding relation; Said first corresponding relation comprises the sign that sign that the sign, second SSL of said first gateway connect and said first SSL connect, and said second SSL is connected to being connected between said virtual private network server and said first gateway;

Said virtual private network server adds the sign that said first SSL connects to said first access request, generates second access request;

Said virtual private network server sends said second access request through said second SSL connection to said first gateway; So that said first gateway connects through first transmission control protocol said second access request is sent to said application server; Said second access request is used to make said first gateway to obtain the sign that said second SSL connects according to the secure socket layer protocol stack; And the sign that connects according to said first SSL in said second access request generates second corresponding relation; Said second corresponding relation comprises sign, the sign of said second SSL connection and the sign that said first transmission control protocol connects that said first SSL connects; Said first transmission control protocol is connected to being connected between said first gateway and the said application server, and said second access request also is used to trigger said first gateway and connects through said first transmission control protocol and transmit said second access request to said application server;

Said virtual private network server comprises to first access response that the said application server of said client transmissions sends:

Said virtual private network server receives second access response, and said second access response obtains through following approach:

Said application server connects said first access response of transmission through said first transmission control protocol;

Said first gateway obtains said first transmission control protocol connection according to the protocol stack of transmission control protocol, and said first gateway finds said second corresponding relation according to the sign that said first transmission control protocol connects; Said first gateway obtains the sign of said first SSL connection and the sign that said second SSL connects according to said second corresponding relation;

Said first gateway adds the sign that said first SSL connects to said second access response, generates said first access response;

Said first gateway sends said first access response through said second SSL connection to said virtual private network server;

Said virtual private network server confirms that according to the sign that said first SSL in said first access response connects said first SSL is connected to the connection that is used to communicate by letter, and through said first SSL connection said first access response is forwarded to said client.

3. according to claim 1 or 2 said methods, it is characterized in that,

Said first flow is said client is visited said application server with the mode of webpage agency, applied transformation, port forwarding or extension of network a flow.

4. the method for an access application server is characterized in that, comprising:

Said first gateway responds said second logging request;

5. according to the said method of claim 4, it is characterized in that,

Said first gateway transmits the first flow of said client through the said application server of said first gateway access, comprising:

Said first gateway transmits first access request that said client is sent to said application server; And first access response that said first gateway sends to the said application server of said client transmissions; Said first access request is used to make said application server to send said first access response to said client, and said first flow comprises said first access request and said first access response;

Said first gateway transmits first access request that said client is sent to said application server, comprising:

Said first gateway connects the said Virtual Private Network of reception through second SSL

Second access request that server sends, said second SSL are connected to being connected between said virtual private network server and said first gateway, and said second access request obtains through following approach:

Said virtual private network server connects said first access request that receives said client transmission through first SSL; Said first SSL is connected to being connected between said client and the said virtual private network server, comprises the sign of said first gateway in said first access request;

Said virtual private network server obtains the sign that said first SSL connects based on the protocol stack of secure socket layer protocol; Said virtual private network server generates first corresponding relation based on the sign of said first SSL connection and the sign of said first gateway in said first access request, and said first corresponding relation comprises the sign of the sign of said first gateway, the connection of said second SSL and the sign that said first SSL connects;

Said virtual private network server adds the sign that said first SSL connects to said first access request, generates said second access request;

Said first gateway is forwarded to said application server through the connection of first transmission control protocol with said second access request; Said first gateway obtains the sign that said second SSL connects according to the secure socket layer protocol stack; Said first gateway generates second corresponding relation according to the sign that said first SSL in said second access request connects; Said second corresponding relation comprises the sign that sign that said first SSL connects, sign that said second SSL connects and said first transmission control protocol connect, and said first transmission control protocol is connected to being connected between said first gateway and the said application server;

Said first gateway comprises to first access response that the said application server of said client transmissions sends:

Said first gateway connects said first access response that receives said application server transmission through said first transmission control protocol;

Said first gateway adds the sign that said first SSL connects to said first access response, generates second access response;

Said first gateway sends said second access response through said second SSL connection to said virtual private network server; Said second access response is used for making said virtual private network server to confirm that according to the sign of said first SSL connection of said second access response said first SSL is connected to the connection that is used to communicate by letter, and through said first SSL connection said second access response is forwarded to said client.

6. according to claim 4 or 5 said methods, it is characterized in that,

7. the method for an access application server is characterized in that, comprising:

8. according to the said method of claim 7, it is characterized in that,

Said client comprises through the said application server of said first gateway access:

Said client is sent first access request through said first gateway to said application server; And said client receives first access response that said application server sends through said first gateway, and said first access request is used to make said application server to send said first access response to said client;

Said client is sent first access request through said first gateway to said application server, comprising:

Said client connects through first SSL sends said first access request to said virtual private network server; The sign that comprises said first gateway in said first access request, said first SSL are connected to being connected between said client and the said virtual private network server; Said first access request is used to make said virtual private network server to obtain the sign that said first SSL connects according to the protocol stack of secure socket layer protocol; Said first access request also is used for making said virtual private network server to generate first corresponding relation according to the sign of said first gateway of said first access request and the sign of said first SSL connection; Said first corresponding relation comprises the sign that sign that the sign, second SSL of said first gateway connect and said first SSL connect, and said second SSL is connected to being connected between said virtual private network server and said first gateway; Said first access request also is used to make said virtual private network server to add the sign that said first SSL connects to said first access request, generates second access request; Said first access request also is used to make said virtual private network server to send said second access request through said second SSL connection to said first gateway; Said second access request is used to make said first gateway through the connection of first transmission control protocol said second access request to be forwarded to said application server; Said second access request is used to make said first gateway to obtain the sign that said second SSL connects according to the secure socket layer protocol stack; And the sign that connects according to said first SSL in said second access request generates second corresponding relation; Said second corresponding relation comprises the sign that sign that said first SSL connects, sign that said second SSL connects and said first transmission control protocol connect, and said first transmission control protocol is connected to being connected between said first gateway and the said application server; Said second access request also is used to make said first gateway to transmit said second access request through said first transmission control protocol connection to said application server;

Said client receives first access response that said application server sends through said first gateway, comprising:

Said client connects second access response that receives said Virtual Private Network server forwards through said first SSL, and said second access response obtains through following approach:

Said first gateway obtains the sign that said first transmission control protocol connects based on the protocol stack of transmission control protocol; Said first gateway finds said second corresponding relation based on the sign that said first transmission control protocol connects, and said first gateway obtains the sign of said first SSL connection and the sign that said second SSL connects based on said second corresponding relation;

Said first gateway adds the sign that said first SSL connects to said first access response, generates said second access response;

Said first gateway sends said second access response through said second SSL connection to said virtual private network server;

Said virtual private network server confirms that according to the sign that said first SSL in said second access response connects said first SSL is connected to the connection that is used to communicate by letter, and transmits said second access response through said first SSL connection to said client.

9. according to claim 7 or 8 said methods, it is characterized in that,

Said client transmits with webpage agency, applied transformation, port or the mode of extension of network is visited said application server.

10. the device of an access application server is characterized in that, comprising:

11. according to the said device of claim 10, it is characterized in that,

Said transmission unit comprises first subelement and second subelement;

Said first subelement is used for transmitting first access request that said client is sent to said application server;

Said second subelement is used for first access response to the said application server transmission of said client transmissions; Said first access request is used to make said application server to send said first access response to said client, and said first flow comprises said first access request and said first access response;

Said first subelement comprises:

The access request receiving element; Be used for connecting said first access request that receives said client transmission through first SSL; The sign that comprises said first gateway in said first access request, said first SSL are connected to being connected between said client and the said virtual private network server;

The corresponding relation generation unit; Be used for obtaining the sign that said first SSL connects according to the protocol stack of secure socket layer protocol; Generate first corresponding relation; Said first corresponding relation comprises the sign that sign that the sign, second SSL of said first gateway connect and said first SSL connect, and said second SSL is connected to being connected between said virtual private network server and said first gateway;

The access request updating block is used for adding the sign that said first SSL connects to said first access request, generates second access request;

The access request transmitting element; Be used for sending said second access request to said first gateway through said second SSL connection; So that said first gateway connects through first transmission control protocol said second access request is sent to said application server; Said second access request is used to make said first gateway to obtain the sign that said second SSL connects according to the secure socket layer protocol stack; And the sign that connects according to said first SSL in said second access request generates second corresponding relation; Said second corresponding relation comprises sign, the sign of said second SSL connection and the sign that said first transmission control protocol connects that said first SSL connects; Said first transmission control protocol is connected to being connected between said first gateway and the said application server, and said second access request also is used to trigger said first gateway and connects through said first transmission control protocol and transmit said second access request to said application server;

Said second subelement comprises:

The access response receiving element is used to receive second access response, and said second access response obtains through following approach:

The access response retransmission unit; Be used for the sign that said first SSL according to said first access response connects and confirm that said first SSL is connected to the connection that is used to communicate by letter, and connect through said first SSL said first access response is forwarded to said client.

12. the device of an access application server is characterized in that, comprising:

Response unit is used for said second logging request is responded;

13. according to the said device of claim 12, it is characterized in that,

Said transmission unit comprises first subelement and second subelement;

Said first subelement comprises:

The access request receiving element; Be used for connecting second access request that receives said virtual private network server transmission through second SSL; Said second SSL is connected to being connected between said virtual private network server and said first gateway, and said second access request obtains through following approach:

The access request retransmission unit is used for through the connection of first transmission control protocol said second access request being forwarded to said application server; Said first gateway obtains the sign that said second SSL connects according to the secure socket layer protocol stack; Said first gateway generates second corresponding relation according to the sign that said first SSL in said second access request connects; Said second corresponding relation comprises the sign that sign that said first SSL connects, sign that said second SSL connects and said first transmission control protocol connect, and said first transmission control protocol is connected to being connected between said first gateway and the said application server;

Said second subelement comprises:

The access response receiving element is used for connecting said first access response that receives said application server transmission through said first transmission control protocol;

Search the unit, be used for obtaining said first transmission control protocol connection according to the protocol stack of transmission control protocol, said first gateway finds said second corresponding relation according to the sign that said first transmission control protocol connects; Said first gateway obtains the sign of said first SSL connection and the sign that said second SSL connects according to said second corresponding relation;

The access response updating block is used for adding the sign that said first SSL connects to said first access response, generates second access response;

The access response transmitting element; Be used for sending said second access response to said virtual private network server through said second SSL connection; Said second access response is used for making said virtual private network server to confirm that according to the sign of said first SSL connection of said second access response said first SSL is connected to the connection that is used to communicate by letter, and through said first SSL connection said second access response is forwarded to said client.

14. the device of an access application server is characterized in that, comprising:

15. according to the said device of claim 14, it is characterized in that,

Said addressed location comprises first addressed location and second addressed location;

Said first addressed location is used for sending first access request through said first gateway to said application server;

Said second addressed location is used for receiving first access response that said application server sends through said first gateway, and said first access request is used to make said application server to send said first access response to said client;

Said first addressed location comprises first trigger element and access request transmitting element:

Said first trigger element is used to trigger said access request transmitting element and sends said first access request;

Said access request transmitting element; Be used for sending said first access request to said virtual private network server through the connection of first SSL; The sign that comprises said first gateway in said first access request, said first SSL are connected to being connected between said client and the said virtual private network server; Said first access request is used to make said virtual private network server to obtain the sign that said first SSL connects according to the protocol stack of secure socket layer protocol; Said first access request also is used for making said virtual private network server to generate first corresponding relation according to the sign of said first gateway of said first access request and the sign of said first SSL connection; Said first corresponding relation comprises the sign that sign that the sign, second SSL of said first gateway connect and said first SSL connect, and said second SSL is connected to being connected between said virtual private network server and said first gateway; Said first access request also is used to make said virtual private network server to add the sign that said first SSL connects to said first access request, generates second access request; Said first access request also is used to make said virtual private network server to send said second access request through said second SSL connection to said first gateway; Said second access request is used to make said first gateway through the connection of first transmission control protocol said second access request to be forwarded to said application server; Said second access request is used to make said first gateway to obtain the sign that said second SSL connects according to the secure socket layer protocol stack; And the sign that connects according to said first SSL in said second access request generates second corresponding relation; Said second corresponding relation comprises the sign that sign that said first SSL connects, sign that said second SSL connects and said first transmission control protocol connect, and said first transmission control protocol is connected to being connected between said first gateway and the said application server; Said second access request also is used to make said first gateway to transmit said second access request through said first transmission control protocol connection to said application server;

Said second addressed location comprises second trigger element and access response receiving element:

Said second trigger element is used to trigger said access response receiving element and receives second access response;

Said access response receiving element is used for connecting said second access response that receives said Virtual Private Network server forwards through said first SSL, and said second access response obtains through following approach: