CN102571817B - Method and device for accessing application server - Google Patents

Method and device for accessing application server Download PDF

Info

Publication number
CN102571817B
CN102571817B CN 201210034128 CN201210034128A CN102571817B CN 102571817 B CN102571817 B CN 102571817B CN 201210034128 CN201210034128 CN 201210034128 CN 201210034128 A CN201210034128 A CN 201210034128A CN 102571817 B CN102571817 B CN 102571817B
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
gateway
access
connection
private network
virtual private
Prior art date
Application number
CN 201210034128
Other languages
Chinese (zh)
Other versions
CN102571817A (en )
Inventor
王春宁
史建鑫
李月
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本发明实施例提供了一种访问应用服务器的方法,包括:VPN服务器接收第一网关发送的第一登录请求,第一登录请求包含第一网关的标识;VPN服务器根据第一登录请求生成在线网关信息,在线网关信息包含第一网关的标识;VPN服务器向客户端发送在线网关信息;VPN服务器接收客户端发送的请求登录第一网关的第二登录请求,第二登录请求包含第一网关的标识;VPN服务器向第一网关转发第二登录请求,以便于第一网关对第二登录请求进行响应;VPN服务器传输客户端通过第一网关访问应用服务器的第一流量,应用服务器位于VPN。 Example embodiments provide a method of accessing an application server of the present invention, comprising: VPN server receives a first login request sent by a first gateway, the first gateway login request containing the identification of a first; the VPN gateway server according to a first generating line login request information, line gateway information comprises identifying a first gateway; the VPN gateway server transmits the online information to a client; the VPN server receives the login request sent by a client of the first gateway a second login request, the second login request containing the identification of a first gateway ; VPN gateway server forwards the second login request to the first, for a second response to the login request to a first gateway; VPN server transmits a first flow through a first client accesses the application gateway server, application server located VPN. 此外,还提供了其他方法及装置。 In addition, other methods and apparatus provided. 通过本发明实施例提供的技术方案,VPN网关不需要占用公网IP地址。 The technical solution provided by the embodiment of the present invention, VPN gateway does not take up the public IP address.

Description

访问应用服务器的方法及装置 Method and apparatus for accessing an application server

技术领域 FIELD

[0001] 本发明实施例涉及通信技术,尤其涉及访问应用服务器的方法及装置。 Embodiment [0001] The present invention relates to communication technology, and particularly relates to a method and apparatus to access the application server.

背景技术 Background technique

[0002] 虚拟专用网(Virtual Private Network, VPN)的架设比较灵活,极大地丰富了因特网用户能够访问的网络资源。 [0002] virtual private network (Virtual Private Network, VPN) to set up a more flexible, greatly enriched the network resources users can access the Internet. 具体实现时,位于公网的客户端可以通过虚拟专用网网关访问虚拟专用网中的应用服务器(Applicat1n Server ,AS)。 Specific implementation, the public network clients can virtual private network application server (Applicat1n Server, AS) virtual private network gateway access. 应用服务器可以是网页服务器、文件服务器、视频服务器、因特网协议电视(Internet Protocol Televis1n, IPTV)月艮务器等。 The application server can be a web server, file server, video server, Internet Protocol TV (Internet Protocol Televis1n, IPTV) that works to month and so on.

[0003] 发明人发现现有技术存在如下问题: [0003] The inventors have found that the prior art has the following problems:

[0004] 登录虚拟专用网网关是能够访问公网的客户端访问虚拟专用网的前提。 [0004] Login Virtual Private Network Gateway is a prerequisite to access the public network clients to access virtual private network. 这意味着虚拟专用网网关需要占用公网因特网协议(Internet Protocol, IP)地址。 This means that the virtual private network gateway needs to occupy a public Internet Protocol (Internet Protocol, IP) address.

发明内容 SUMMARY

[0005] 本发明实施例提供访问应用服务器的方法即装置,可以解决虚拟专用网网关占用公网IP地址的技术问题。 The method of embodiment [0005] The present invention provides access to the application server apparatus, i.e., can solve the technical problems occupied virtual private network gateway public IP address.

[0006] —方面,本发明实施例提供的一种访问应用服务器的方法,包括: [0006] - aspect, a method for accessing an application server according to an embodiment of the present invention, comprising:

[0007] 位于公网的虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求,所述第一登录请求包含所述第一网关的标识; [0007] the public network, virtual private network gateway server receives at the first virtual private network transmits a first login request comprising the first login request identifies the first gateway;

[0008] 所述虚拟专用网服务器根据所述第一登录请求生成在线网关信息,所述在线网关信息包含所述第一网关的标识; [0008] identifies the virtual private network server according to the first request for online gateway generates log information, the information comprising the online gateway to the first gateway;

[0009] 所述虚拟专用网服务器向客户端发送所述在线网关信息; [0009] The VPN gateway server transmits the information to the client line;

[0010] 所述虚拟专用网服务器接收所述客户端发送的请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识; [0010] The virtual private network server receives the login request sent by the client of the first gateway a second login request, the second request comprising the login identifier of a first gateway;

[0011] 所述虚拟专用网服务器向所述第一网关转发所述第二登录请求,以便于所述第一网关对所述第二登录请求进行响应; [0011] The virtual private network server forwards the second login request to the first gateway to the first gateway to the second login request response;

[0012] 所述虚拟专用网服务器传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,所述应用服务器位于所述虚拟专用网。 [0012] The first flow of the first virtual gateway server to access the application server transmitting the private network through the client, the application server is in the virtual private network.

[0013] 另一方面,本发明实施例提供的另一种访问应用服务器的方法,包括: [0013] On the other hand, another method to access an application server according to an embodiment of the present invention, comprising:

[0014] 位于虚拟专用网的第一网关向位于公网的虚拟专用网服务器发送包含所述第一网关的标识的第一登录请求,以便于所述虚拟专用网服务器生成用于被客户端接收的包含所述第一网关的标识的在线网关信息; [0014] positioned a first virtual private network gateway transmits a registration request identifying a first of the first gateway to the public network, a virtual private network server, so as to generate the virtual private network server for the client is received online gateway information comprises the identification of the first gateway;

[0015] 所述第一网关接收所述虚拟专用网服务器转发的所述客户端发送的请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识; [0015] The first gateway receiving the second virtual private network server login request forwarding request sent by the client the log of the first gateway, the second login request containing the identification of the first gateway ;

[0016] 所述第一网关对所述第二登录请求进行响应; [0016] the first gateway to the second login request to respond;

[0017] 所述第一网关传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,所述应用服务器位于所述第一网关对应的虚拟专用网。 [0017] the first gateway via a first client to transmit the flow rate of the first gateway to access the application server, the application server is in a virtual private network gateway corresponding to the first.

[0018] 另一方面,本发明实施例提供的另一种访问应用服务器的方法,包括: [0018] On the other hand, another method to access an application server according to an embodiment of the present invention, comprising:

[0019] 客户端接收位于公网的虚拟专用网服务器发送的在线网关信息,所述在线网关信息通过如下途径得到:所述虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求,所述第一登录请求包含所述第一网关的标识;所述虚拟专用网服务器根据所述第一登录请求生成在线网关信息,所述在线网关信息包含所述第一网关的标识; [0019] The client receives the virtual private network server on the public network gateway information of the transmission line, the online gateway information obtained by the following route: the virtual private network gateway first login server receives a first virtual private network is located in the transmission request, the first identifier comprises a login request to the first gateway; the virtual private network gateway server request generating online information according to the first login, the line containing the identification information of the gateway to the first gateway;

[0020] 所述客户端向所述虚拟专用网服务器发送请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识,以便于所述虚拟专用网服务器向所述第一网关转发所述第二登录请求,所述第二登录请求用于使所述第一网关对所述第二登录请求进行响应; [0020] The client virtual private network to the login server sends a request to the second gateway a first login request, the second login request containing the identification of the first gateway to the virtual private network to the first gateway server forwards the second login request, the second login request for the first gateway to the second login request to respond;

[0021] 所述客户端通过所述第一网关访问所述应用服务器,所述应用服务器位于所述虚拟专用网。 [0021] The client via the first gateway to access the application server, the application server is in the virtual private network.

[0022] 另一方面,本发明实施例提供的一种访问应用服务器的装置,包括: [0022] On the other hand, means for accessing an application server according to an embodiment of the present invention, comprising:

[0023] 第一接收单元,用于接收位于虚拟专用网的第一网关发送的第一登录请求,所述第一登录请求包含所述第一网关的标识; [0023] a first receiving means for receiving at the first virtual private network gateway transmits a first login request comprising the first login request identifies the first gateway;

[0024] 网关信息生成单元,用于根据所述第一登录请求生成在线网关信息,所述在线网关信息包含所述第一网关的标识; [0024] the gateway information generation means for generating a request according to the first online gateway login information, comprising information identifying the online gateway to the first gateway;

[0025] 发送单元,用于向客户端发送所述在线网关信息; [0025] The transmitting unit for transmitting the information to a client online gateway;

[0026] 第二接收单元,用于接收所述客户端发送的请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识; [0026] The second receiving unit for receiving a request sent by the client to log in the second login request to a first gateway, the second login request containing the identification of the first gateway;

[0027] 转发单元,用于向所述第一网关转发所述第二登录请求,以便于所述第一网关对所述第二登录请求进行响应; [0027] The forwarding unit configured to forward the second login request to the first gateway to the first gateway to the second login request response;

[0028] 传输单元,用于传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,所述应用服务器位于所述虚拟专用网。 [0028] transmitting unit, a first flow through the first gateway to access the application server for transmitting the client, the application server is located in the virtual private network.

[0029] 另一方面,本发明实施例提供的另一种访问应用服务器的装置,包括: [0029] On the other hand, another means to access an application server according to an embodiment of the present invention, comprising:

[0030] 发送单元,用于向位于公网的虚拟专用网服务器发送包含位于虚拟专用网的第一网关的标识的第一登录请求,以便于所述虚拟专用网服务器生成用于被客户端接收的包含所述第一网关的标识的在线网关信息; [0030] The transmitting unit for transmitting a first login request containing the identification at the first virtual private network gateway to the public network, the virtual private network server, so as to generate the virtual private network server for the client is received online gateway information comprises the identification of the first gateway;

[0031] 接收单元,用于接收所述虚拟专用网服务器转发的所述客户端发送的请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识; [0031] The receiving means for receiving a login request of the virtual second login request to the first gateway forwards to the private network server sent by the client, the second login request containing the identification of the first gateway ;

[0032] 响应单元,用于对所述第二登录请求进行响应; [0032] The response unit for responding to the second login request;

[0033] 传输单元,用于传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,所述应用服务器位于所述第一网关对应的虚拟专用网。 [0033] transmitting unit, a first flow through the first gateway to access the application server for transmitting the client, the application server is located in a virtual private network gateway corresponding to the first.

[0034] 另一方面,本发明实施例提供的另一种访问应用服务器的装置,包括: [0034] On the other hand, another means to access an application server according to an embodiment of the present invention, comprising:

[0035] 接收单元,用于接收位于公网的虚拟专用网服务器发送的在线网关信息,所述在线网关信息通过如下途径得到:所述虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求,所述第一登录请求包含所述第一网关的标识;所述虚拟专用网服务器根据所述第一登录请求生成在线网关信息,所述在线网关信息包含所述第一网关的标识; [0035] The receiving means for receiving the online information of the gateway of the public network sent by the virtual private network server, the online gateway information obtained by the following route: the virtual private network gateway server receives at the first virtual private network transmission a first login request comprising the first login request identifies the first gateway; said virtual private network gateway server request generating line according to the first log information, the information comprising the online gateway to the first gateway identity;

[0036] 发送单元,用于向所述虚拟专用网服务器发送请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识,以便于所述虚拟专用网服务器向所述第一网关转发所述第二登录请求,所述第二登录请求用于使所述第一网关对所述第二登录请求进行响应; [0036] The transmission unit for the virtual private network server to a second login request to the first gateway sends a request to logon, the logon request comprises the second identity of the first gateway to facilitate virtual private web server forwards the first gateway to the second login request, the second login request for the first gateway to the second login request to respond;

[0037] 访问单元,用于通过所述第一网关访问所述应用服务器,所述应用服务器位于所述虚拟专用网。 [0037] access unit, through the first gateway for access to the application server, the application server is in the virtual private network.

[0038] 可见,本发明实施例提供的技术方案中,虚拟专用网服务器位于公网,具有公网IP地址,客户端能够根据虚拟专用网服务器的公网IP地址访问虚拟专用网服务器。 [0038] visible, embodiments of the present invention, the technical solution provided in the embodiment, a virtual private network server on the public network, the public network having an IP address, the client server according to the virtual private network can be a public IP address to access the virtual private network server. 客户端能够通过虚拟专用网服务器访问已登录虚拟专用网服务器的虚拟专用网网关所对应的虚拟专用网。 The client can be logged in a virtual private network server virtual private network access server through a virtual private network gateway corresponding to the virtual private network. 因此,通过本发明实施例提供的技术方案,能够解决现有技术中虚拟专用网网关需要占用公网IP地址的技术问题。 Therefore, the technical solution provided by the present invention can solve the technical problems of the prior art take up a virtual private network gateway public IP address.

附图说明 BRIEF DESCRIPTION

[0039] 为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。 [0039] In order to more clearly illustrate the technical solutions in the embodiments or the prior art embodiment of the present invention, the accompanying drawings for illustrating the prior art described or needed to be used in an embodiment will be briefly introduced hereinafter, the description below the figures show some embodiments of the present invention, those of ordinary skill in the art is concerned, without creative efforts, can derive from these drawings other drawings.

[0040] 图1是本发明实施例提供的技术方案应用于某一场景的组网结构图; [0040] FIG. 1 is an embodiment of the present invention provide a technical solution is applied to a network configuration diagram of a scene;

[0041] 图2是本发明实施例提供的一种访问应用服务器的方法的流程图; [0041] FIG 2 is a flowchart of a method of accessing an application server according to an embodiment of the present invention;

[0042] 图3是本发明实施例提供的另一种访问应用服务器的方法的流程图; [0042] FIG. 3 is a flowchart of another access application server according to an embodiment of the present invention;

[0043] 图4是本发明实施例提供的另一种访问应用服务器的方法的流程图; [0043] FIG. 4 is a flowchart of another access application server according to an embodiment of the present invention;

[0044] 图5是本发明实施例提供的一种访问应用服务器的装置的结构示意图; [0044] FIG. 5 is a schematic diagram of apparatus for accessing an application server according to an embodiment of the present invention;

[0045] 图6是本发明实施例提供的另一种访问应用服务器的装置的结构示意图; [0045] FIG. 6 is a schematic diagram of another embodiment of an apparatus provided by the application server access to the embodiment of the present invention;

[0046] 图7是本发明实施例提供的另一种访问应用服务器的装置的结构示意图。 [0046] FIG. 7 is a schematic diagram of another embodiment of an apparatus provided by the application server access to the embodiment of the present invention.

具体实施方式 detailed description

[0047] 为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。 [0047] In order that the invention object, technical solutions, and advantages of the embodiments more clearly, the following the present invention in the accompanying drawings, technical solutions of embodiments of the present invention are clearly and completely described, obviously, the described the embodiment is an embodiment of the present invention is a part, but not all embodiments. 基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。 Based on the embodiments of the present invention, those of ordinary skill in the art to make all other embodiments without creative work obtained by, it falls within the scope of the present invention.

[0048] 本发明实施例提供了一种访问应用服务器的方法、装置以及系统,可以解决虚拟专用网网关占用公网IP地址的技术问题。 [0048] The embodiment provides a method of accessing an application server, the system and apparatus of the present invention can solve the technical problems occupied virtual private network gateway public IP address. 图1为本发明实施例提供的技术方案应用于某一场景的组网结构图。 FIG network shown in Figure 1 provided technical solution applied to a scene of the embodiment of the present invention.

[0049] 图1的组网结构图包括四台网络设备,分别是客户端、虚拟专用网服务器、网关以及应用服务器。 Network shown in Figure [0049] Figure 1 includes four network devices, namely, the client, the virtual private network server, a gateway and an application server.

[0050] 客户端能够通过因特网访问虚拟专用网服务器。 [0050] The client can access virtual private network server via the Internet. 虚拟专用网服务器能够通过因特网访问网关。 Virtual private network server can be accessed through the Internet gateway. 网关为虚拟专用网的网关。 Gateway is the gateway virtual private network. 网关位于虚拟专用网以及因特网的边缘。 Gateway on the edge of a virtual private network and the Internet. 应用服务器位于虚拟专用网,应用服务器能够通过网关与因特网交互。 The application server is in a virtual private network, application server to interact with the Internet through the gateway.

[0051] 实施例一: [0051] Example a:

[0052] 本发明实施例提供了一种访问应用服务器的方法,可以用于图1所示的组网结构中,参见图2,图2是本发明实施例提供的访问应用服务器的方法的流程图,该方法包括: Embodiment [0052] The present invention provides a method of accessing an application server, may be used to network structure shown in FIG. 1, see FIG. 2, FIG. 2 is a flowchart of a method to access an application server according to an embodiment of the present invention FIG., the method comprising:

[0053] 201、位于公网的虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求,该第一登录请求包含该第一网关的标识。 The first login request [0053] 201, the public network, virtual private network gateway server receives at the first virtual private network sent the login request comprises a first identifier of the first gateway.

[0054] 该第一网关的标识可以是第一网关的序列号,虚拟专用网服务器为该第一网关分配的名字。 [0054] The first gateway identifier may be a serial number of a first gateway, the first virtual private network gateway server for Assigned Names.

[0055] 虚拟专用网服务器位于公网,该虚拟专用网服务器具有至少一个公网IP地址。 [0055] Virtual private network server on the public network, the virtual private network server having at least one public IP address. 具体实现时,该虚拟专用网服务器对应的公网IP地址可以通过手工配置获得。 In specific implementation, the virtual private network server corresponding public IP addresses can be configured manually obtained. 另外,还可以为虚拟专用网服务器配置域名,并且在域名服务器注册该虚拟专用网服务器。 Additionally, you can configure the virtual private network server domain name, and register the virtual private network server in the domain name server.

[0056] 具体实现时,客户端与公网连接,客户端能够向位于公网的网络设备发送登录该网络设备的请求。 [0056] In specific implementation, the client is connected with the public network, the client can send to the network device on the public network login request to the network device. 客户端可以是个人电脑、手机或者个人数字助理。 The client can be a PC, mobile phone or personal digital assistant.

[0057] 第一网关登陆该虚拟专用网服务器具体实现时,可以是: When [0057] the first landing of the virtual private network gateway server specific implementation, may be:

[0058] 第一网关通过安全套接层(Secure Socket Layer, SSL)协议建立第一网关与服务器之间的SSL连接。 [0058] SSL connection between the first gateway and the gateway server is established by the first secure socket layer (Secure Socket Layer, SSL) protocol. 第一网关与虚拟专用网服务器之间的SSL连接可以是一个,也可以是多个。 SSL connection between the first gateway and the virtual private network server may be one, or may be plural. 第一网关通过SSL连接登陆该虚拟专用网服务器。 The first gateway over SSL connections landed the virtual private network server.

[0059] 可以通过如下方式建立该第一网关与该虚拟专用网服务器之间的SSL连接: [0059] SSL connection can be established between the first gateway to the virtual private network server by:

[0060] 该第一网关向该虚拟专用网服务器发送SSL连接建立请求,该服务器向该第一网关发送该SSL连接建立请求对应的响应。 [0060] The first gateway to the virtual private network server transmits a connection establishment request SSL, the SSL server connection establishment request transmits the response corresponding to the first gateway. 该虚拟专用网服务器保存该SSL连接的标识。 The virtual private network server saves identify the SSL connection.

[0061] 该第一网关请求登陆该虚拟专用网服务器具体实现时,可以是第一网关通过超文本传输协议(Hyper Text Transfer Protocol, HTTP)登录该虚拟专用网服务器。 When [0061] The first gateway login request of the virtual private network server specific implementation, the first gateway through hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP) to log the virtual private network server.

[0062] 该第一网关请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该第一网关进行认证。 When [0062] the first request log gateway virtual private network server, the virtual private network server may authenticate the first gateway.

[0063] 对该第一网关进行认证具体实现时,可以是: [0063] When the first authentication gateway specific implementation may be:

[0064] 该虚拟专用网服务器预先保存能够登陆该虚拟专用网服务器的网关的标识。 [0064] The virtual private network server in advance can save log in to the virtual private network gateway server identity. 网关的标识可以是网关的序列号。 Identification of the gateway may be a serial number of the gateway. 预先在该虚拟专用网服务器上配置用于对请求登陆该虚拟专用网服务器的网关进行认证的认证方式。 In the pre-configured virtual private network server request log for the virtual private network gateway server authenticating the authentication mode. 该认证方式可以是账户和密码的认证方式。 The authentication may be authentication account and password.

[0065] 该虚拟专用网服务器向该客户端发送在线网关信息具体实现时,可以是: [0065] When the virtual private network gateway server to send information to the online client specific implementation may be:

[0066] 客户端登陆该虚拟专用网服务器后,向该虚拟专用网服务器发送请求获取在线网关信息的请求消息。 After [0066] The client log virtual private network servers, virtual private network to the server sends a request message acquiring request online gateway information. 该虚拟专用网服务器收到该请求消息后向该客户端发送在线网关信肩、O The virtual private network gateway server receives the online transmission of the request to the client after the message channel shoulder, O

[0067] 客户端登陆该虚拟专用网服务器具体实现时,可以是: When [0067] the client log virtual private network server specific implementation, may be:

[0068] 客户端通SSL协议建立与该虚拟专用网服务器的SSL连接。 [0068] The client through the SSL protocol to establish the virtual private network server SSL connection. 客户端请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该客户端进行认证。 When a client requests landed the virtual private network server, the virtual private network server can authenticate the client. 关于如何建立该客户端与该虚拟专用网服务器的SSL连接,请参考上文对建立该第一网关与该虚拟专用网服务器之间的SSL连接的描述。 The client on how to build the virtual private network server SSL connection, described above with reference to the establishment of the SSL connection to the first gateway between the virtual private network server. 关于该虚拟专用网服务器如何对该客户端进行认证,请参考上文对该虚拟专用网服务器对该第一网关进行认证的描述。 The virtual private network server on how to authenticate the client, see above the virtual private network server to authenticate the description of the first gateway.

[0069] 202、该虚拟专用网服务器根据该第一登录请求生成在线网关信息,该在线网关信息包含该第一网关的标识。 [0069] 202, the virtual private network server a request based on the first log information generating line gateway, the gateway information comprises the identifier of the line a first gateway.

[0070] 203、该虚拟专用网服务器向客户端发送该在线网关信息。 [0070] 203, the virtual private network server sends the online gateway information to the client.

[0071] 可以通过如下方式实现该虚拟专用网服务器向客户端发送在线网关信息: [0071] This may be implemented by server virtual private network gateway send online information to a client:

[0072] 方式一、客户端通过浏览器登陆该虚拟专用网服务器。 [0072] a way, the client log virtual private network server through a browser. 客户端通过该浏览器接收在线网关信息; The client receives online information gateway through the browser;

[0073] 方式二、客户端通过浏览器登陆该虚拟专用网服务器。 [0073] Second way, the client log in the virtual private network server through a browser. 客户端通过控件获取在线网关ί目息。 Client access to online information gateway ί project through controls. 该控件可以是ActiveX。 The control can be ActiveX.

[0074] 204、该虚拟专用网服务器接收该客户端发送的请求登录该第一网关的第二登录请求,该第二登录请求包含该第一网关的标识。 [0074] 204, the second virtual private network server receives the login request to the first gateway login request sent by the client, the second login request comprises a first identifier of the gateway.

[0075] 客户端发送请求登录该第一网关的第二登录请求具体实现时,可以是: When [0075] the second client sends a request to the first gateway Log request specific implementation may be:

[0076] 客户端通过浏览器接收在线网关信息。 [0076] The client receives online information gateway through a browser. 客户端从在线网关信息中选定该第一网关,并通过浏览器向该第一网关发送第二登录请求。 The first gateway client selected from an online gateway information, and sends the second login request to the first gateway through a browser.

[0077] 205、该虚拟专用网服务器向该第一网关转发该第二登录请求,以便于该第一网关对该第二登录请求进行响应。 [0077] 205, the virtual private network server to the first gateway forwards the second login request to the first gateway in response to the second registration request.

[0078] 206、该虚拟专用网服务器传输该客户端通过该第一网关访问该应用服务器的第一流量,该应用服务器位于该虚拟专用网。 [0078] 206, the virtual private network server transmits the traffic of the client application to access the first server via the first gateway, the application server is located in the virtual private network.

[0079] 具体实现时,可以通过SSL连接传输客户端访问应用服务器的流量。 When [0079] In specific implementation, the client traffic is transmitted can access the application server via SSL. 关于如何建立SSL连接,请参见下文的描述。 On how to establish an SSL connection, see description below.

[0080] 应用服务器是位于虚拟专用网的应用服务器。 [0080] The application server is an application server is in a virtual private network. 应用服务器能够通过第一网关与该虚拟专用网以外的网络进行通信。 An application server capable of communicating with the gateway through a first virtual private network other than the network. 应用服务器可以是视频服务器、文件服务器或者是网站服务器。 The application server can be a video server, a file server or web server.

[0081] 可见,本实施例提供的技术方案中,虚拟专用网服务器位于公网,具有公网IP地址,客户端能够根据虚拟专用网服务器的公网IP地址访问虚拟专用网服务器。 [0081] seen that the present embodiment provides the technical solutions, virtual private network server on the public network, the public network having an IP address, the client server according to the virtual private network can be a public IP address to access the virtual private network server. 客户端能够通过虚拟专用网服务器访问已登录虚拟专用网服务器的虚拟专用网网关所对应的虚拟专用网。 The client can be logged in a virtual private network server virtual private network access server through a virtual private network gateway corresponding to the virtual private network. 因此,通过本实施例提供的技术方案,能够解决现有技术中虚拟专用网网关需要占用公网IP地址的技术问题。 Therefore, the technical solution provided in this embodiment, it is possible to solve the prior art take up a virtual private network gateway public IP address technical issues.

[0082] 可选的, [0082] Alternatively,

[0083] 该虚拟专用网服务器传输该客户端通过该第一网关访问该应用服务器的第一流量,包括: [0083] The virtual private network server transmits the traffic of the client application to access the first server via the first gateway, comprising:

[0084] 该虚拟专用网服务器向该应用服务器传输该客户端发送的第一访问请求,并且该虚拟专用网服务器向该客户端传输该应用服务器发送的第一访问响应,该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应,该第一流量包括该第一访问请求以及该第一访问响应; [0084] The virtual private network server transmitting a first access request sent by the client to the application server, and the virtual private network in response to the first access server to the client application server sends the transmission, by the first access request to cause the application server to the client in response to transmitting the first access, the first flow comprising the first access request and the response to the first access;

[0085] 该虚拟专用网服务器向该应用服务器传输该客户端发送的第一访问请求,包括: [0085] The virtual private network server transmitting a first access request sent by the client to the application server, comprising:

[0086] 该虚拟专用网服务器通过第一安全套接层连接接收该客户端发送的该第一访问请求,该第一访问请求中包含该第一网关的标识,该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接; [0086] The virtual private network server receives a first secure socket layer connection through the first access request sent by the client, the first access request comprises a first identifier of the gateway, the first connection for the Secure Socket Layer the connection between the client and the virtual private network server;

[0087] 该虚拟专用网服务器根据安全套接层协议的协议栈得到该第一安全套接层连接的标识,该虚拟专用网服务器生成第一对应关系,该第一对应关系包括该第一网关的标识、第二安全套接层连接的标识以及该第一安全套接层连接的标识,该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接; [0087] The virtual private network server to obtain the first identifier Secure Sockets Layer protocol stack connection according to the Secure Sockets Layer protocol, the virtual private network server generating a first corresponding relationship, the first correspondence relationship comprises a first identifier of the gateway second identification Secure Sockets layer identifies the first connection and secure socket layer connection, the second connection for the Secure Sockets layer virtual private network connection between the first server and the gateway;

[0088] 该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求,生成第二访问请求; [0088] The identifying the virtual private network server connected to a first secure socket layer added to the first access request, generating a second access request;

[0089] 该虚拟专用网服务器通过该第二安全套接层连接向该第一网关发送该第二访问请求,以便于该第一网关通过第一传输控制协议(Transfer Control Protocol, TCP)连接将该第二访问请求转发至该应用服务器,该第二访问请求用于使该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识,并根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系,该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识,该第一传输控制协议连接为该第一网关与该应用服务器之间的连接,该第二访问请求还用于触发该第一网关通过该第一传输控制协议连接向该应用服务器转发该第二访问请求; [0089] The virtual private network server transmits the second request to the first access gateway via the second secure socket layer connection, so that the first gateway via the first transmission control protocol (Transfer Control Protocol, TCP) the second access request is forwarded to the application server, the request for the second access gateway to obtain a first identifier of the second connector according to the Secure Socket layer Secure Sockets layer protocol stack, based on the first and the second access request identifying a Secure Sockets layer connected to generate a second correspondence relationship, the second corresponding relationship between the first identifier comprises a Secure Socket layer connection identifier identifies the Secure Sockets layer second connection and the first transmission control protocol connection, the a first connection for the transmission control protocol connection between the first gateway and the application server, the second access request is further configured to trigger the first gateway via the first transmission control protocol to access the application server forwards the second request;

[0090] 该虚拟专用网服务器向该客户端传输该应用服务器发送的第一访问响应,包括: [0090] The virtual private network server to the client application in response to the transmission of the first access server sends, comprising:

[0091] 该虚拟专用网服务器接收第二访问响应,该第二访问响应通过如下途径得到: [0091] The second virtual private network server receives the access response, to the second access response obtained by the following ways:

[0092] 该应用服务器通过该第一传输控制协议连接发送该第一访问响应; [0092] The application server is connected to the first access response transmitted by the first transmission control protocol;

[0093] 该第一网关根据传输控制协议的协议栈得到该第一传输控制协议连接,该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系;该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识; [0093] The first transmission control protocol gateway protocol stack obtained by the first transmission control protocol according to the connection identifier of the connection according to the first gateway to the first transmission control protocol to find the corresponding relationship between the second; according to the first gateway the second corresponding relationship between the obtained first Secure Sockets layer identifier and a connection identifier of the second connection Secure Socket layer;

[0094] 该第一网关将该第一安全套接层连接的标识添加到该第二访问响应,生成该第一访问响应; [0094] The first gateway identifies the Secure Sockets Layer adding the first connection to the second access response generated in response to the first access;

[0095] 该第一网关通过该第二安全套接层连接向该虚拟专用网服务器发送该第一访问响应; [0095] The first gateway via the second secure socket layer connection in response to transmitting the first access to the virtual private network server;

[0096] 该虚拟专用网服务器根据该第一访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接,并通过该第一安全套接层连接将该第一访问响应转发至该客户端。 [0096] The virtual private network server is determined based on the first response to the first access identification Secure Sockets Layer connected to the first connector is a secure socket layer connection for communication, and through the first connection Secure Sockets Layer the first visit forwards the response to the client.

[0097] 可以通过对应表中的表项记录第一对应关系和第二对应关系。 [0097] corresponding to the record entry by the first correspondence table and the second correspondence. 也可以通过文件记录第一对应关系和第二对应关系。 It can be recorded in a first corresponding relationship and a second relationship with the aid file.

[0098] 第一网关根据第一传输控制协议连接的标识查找到第二对应关系。 [0098] The first gateway to find the corresponding relationship between a second identifier according to the first transmission control protocol connection. 具体实现时,可以是第一网关在对应表中查找包含第一传输控制协议连接的标识的表项,并根据包含第一传输控制协议连接的标识的表项得到第一安全套接层连接的标识以及第二安全套接层连接的标识。 In specific implementation, the first gateway may be a lookup table entry identifier comprises a first transmission control protocol connection in the correspondence table, and to obtain a first identifier secure socket layer connection according to a first table entry contains a transmission control protocol connection identifier and identifying a second secure socket layer connection.

[0099] 可选的, [0099] Alternatively,

[0100] 该第一流量为该客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问该应用服务器的流量。 [0100] The first flow for the client to web proxy, application conversion, port forwarding or network extension way traffic of the application server.

[0101] 第一流量可以是该客户端向该应用服务器发送的流量,也可以是该应用服务器向该客户端发送的流量。 [0101] The first flow rate of the flow may be sent from the client to the application server, the application may be traffic transmitted by the server to the client.

[0102] 实施例二: [0102] Example II:

[0103] 本发明实施例提供了一种访问应用服务器的方法,可以用于图1所示的组网结构中,参见图3,图3是本发明实施例提供的访问应用服务器的方法的流程图,该方法包括: Embodiment [0103] The present invention provides a method of accessing an application server, may be used to network structure shown in FIG. 1, see FIG. 3, FIG. 3 is a flowchart of a method to access an application server according to an embodiment of the present invention FIG., the method comprising:

[0104] 301、位于虚拟专用网的第一网关向位于公网的虚拟专用网服务器发送包含该第一网关的标识的第一登录请求,以便于该虚拟专用网服务器生成用于被客户端接收的包含该第一网关的标识的在线网关信息。 [0104] 301, the first gateway is a virtual private network transmits a first login request identifies the first gateway to the public network, a virtual private network server, so as to generate the virtual private network server for the client is received the online gateway contains information that identifies the first gateway.

[0105] 302、该第一网关接收该虚拟专用网服务器转发的该客户端发送的请求登录该第一网关的第二登录请求,该第二登录请求包含该第一网关的标识。 [0105] 302, the first gateway receives the login request requesting the second virtual client private network server to forward the first transmitting gateway login, the login request includes an identifier of the second first gateway.

[0106] 303、该第一网关对该第二登录请求进行响应。 [0106] 303, the first gateway to the second login request response.

[0107] 304、该第一网关传输该客户端通过该第一网关访问该应用服务器的第一流量,该应用服务器位于该第一网关对应的虚拟专用网。 [0107] 304, the gateway transmits the first client to access the first application flow through the first gateway server, application server located in the virtual private network gateway corresponding to the first.

[0108] 该第一网关的标识可以是第一网关的序列号,虚拟专用网服务器为该第一网关分配的名字。 [0108] The first gateway identifier may be a serial number of a first gateway, the first virtual private network gateway server for Assigned Names.

[0109] 虚拟专用网服务器位于公网,该虚拟专用网服务器具有至少一个公网IP地址。 [0109] Virtual private network server on the public network, the virtual private network server having at least one public IP address. 具体实现时,该虚拟专用网服务器对应的公网IP地址可以通过手工配置获得。 In specific implementation, the virtual private network server corresponding public IP addresses can be configured manually obtained. 另外,还可以为虚拟专用网服务器配置域名,并且在域名服务器注册该虚拟专用网服务器。 Additionally, you can configure the virtual private network server domain name, and register the virtual private network server in the domain name server.

[0110] 具体实现时,客户端与公网连接,客户端能够向位于公网的网络设备发送登录该网络设备的请求。 [0110] In specific implementation, the client is connected with the public network, the client can send to the network device on the public network login request to the network device. 客户端可以是个人电脑、手机或者个人数字助理。 The client can be a PC, mobile phone or personal digital assistant.

[0111] 第一网关登陆该虚拟专用网服务器具体实现时,可以是: When [0111] the first landing of the virtual private network gateway server specific implementation, may be:

[0112] 第一网关通过安全套接层协议建立第一网关与服务器之间的SSL连接。 [0112] SSL connection between the first gateway and the gateway server is established by the first Secure Socket Layer protocol. 第一网关与虚拟专用网服务器之间的SSL连接可以是一个,也可以是多个。 SSL connection between the first gateway and the virtual private network server may be one, or may be plural. 第一网关通过SSL连接登陆该虚拟专用网服务器。 The first gateway over SSL connections landed the virtual private network server.

[0113] 可以通过如下方式建立该第一网关与该虚拟专用网服务器之间的SSL连接: [0113] SSL connection can be established between the first gateway to the virtual private network server by:

[0114] 该第一网关向该虚拟专用网服务器发送SSL连接建立请求,该服务器向该第一网关发送该SSL连接建立请求对应的响应。 [0114] The first gateway to the virtual private network server transmits a connection establishment request SSL, the SSL server connection establishment request transmits the response corresponding to the first gateway. 该虚拟专用网服务器保存该SSL连接的标识。 The virtual private network server saves identify the SSL connection.

[0115] 该第一网关请求登陆该虚拟专用网服务器具体实现时,可以是第一网关通过超文本传输协议登录该虚拟专用网服务器。 When [0115] The first gateway login request of the virtual private network server specific implementation, the first gateway through hypertext transfer protocol log on to the virtual private network server.

[0116] 该第一网关请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该第一网关进行认证。 When [0116] the first request log gateway virtual private network server, the virtual private network server may authenticate the first gateway.

[0117] 对该第一网关进行认证具体实现时,可以是: [0117] When the first authentication gateway specific implementation may be:

[0118] 该虚拟专用网服务器预先保存能够登陆该虚拟专用网服务器的网关的标识。 [01] The virtual private network server in advance can save log in to the virtual private network gateway server identity. 网关的标识可以是网关的序列号。 Identification of the gateway may be a serial number of the gateway. 预先在该虚拟专用网服务器上配置用于对请求登陆该虚拟专用网服务器的网关进行认证的认证方式。 In the pre-configured virtual private network server request log for the virtual private network gateway server authenticating the authentication mode. 该认证方式可以是账户和密码的认证方式。 The authentication may be authentication account and password.

[0119] 该虚拟专用网服务器向该客户端发送在线网关信息具体实现时,可以是: [0119] When the virtual private network gateway server to send information to the online client specific implementation may be:

[0120] 客户端登陆该虚拟专用网服务器后,向该虚拟专用网服务器发送请求获取在线网关信息的请求消息。 After [0120] The client log virtual private network servers, virtual private network to the server sends a request message acquiring request online gateway information. 该虚拟专用网服务器收到该请求消息后向该客户端发送在线网关信肩、O The virtual private network gateway server receives the online transmission of the request to the client after the message channel shoulder, O

[0121] 客户端登陆该虚拟专用网服务器具体实现时,可以是: When [0121] the client log virtual private network server specific implementation, may be:

[0122] 客户端通SSL协议建立与该虚拟专用网服务器的SSL连接。 [0122] The client through the SSL protocol to establish the virtual private network server SSL connection. 客户端请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该客户端进行认证。 When a client requests landed the virtual private network server, the virtual private network server can authenticate the client. 关于如何建立该客户端与该虚拟专用网服务器的SSL连接,请参考上文对建立该第一网关与该虚拟专用网服务器之间的SSL连接的描述。 The client on how to build the virtual private network server SSL connection, described above with reference to the establishment of the SSL connection to the first gateway between the virtual private network server. 关于该虚拟专用网服务器如何对该客户端进行认证,请参考上文对该虚拟专用网服务器对该第一网关进行认证的描述。 The virtual private network server on how to authenticate the client, see above the virtual private network server to authenticate the description of the first gateway.

[0123] 可以通过如下方式实现该虚拟专用网服务器向客户端发送在线网关信息: [0123] This may be implemented by server virtual private network gateway send online information to a client:

[0124] 方式一、客户端通过浏览器登陆该虚拟专用网服务器。 [0124] a way, the client log virtual private network server through a browser. 客户端通过该浏览器接收在线网关信息; The client receives online information gateway through the browser;

[0125] 方式二、客户端通过浏览器登陆该虚拟专用网服务器。 [0125] Second way, the client log in the virtual private network server through a browser. 客户端通过控件获取在线网关ί目息。 Client access to online information gateway ί project through controls. 该控件可以是ActiveX。 The control can be ActiveX.

[0126] 客户端发送请求登录该第一网关的第二登录请求具体实现时,可以是: When [0126] the second client sends a request to the first gateway Log request specific implementation may be:

[0127] 客户端通过浏览器接收在线网关信息。 [0127] The client receives online information gateway through a browser. 客户端从在线网关信息中选定该第一网关,并通过浏览器向该第一网关发送第二登录请求。 The first gateway client selected from an online gateway information, and sends the second login request to the first gateway through a browser.

[0128] 具体实现时,可以通过SSL连接传输客户端访问应用服务器的流量。 When [0128] In specific implementation, the client traffic is transmitted can access the application server via SSL. 关于如何建立SSL连接,请参见下文的描述。 On how to establish an SSL connection, see description below.

[0129] 应用服务器是位于虚拟专用网的应用服务器。 [0129] The application server is an application server is in a virtual private network. 应用服务器能够通过第一网关与该虚拟专用网以外的网络进行通信。 An application server capable of communicating with the gateway through a first virtual private network other than the network. 应用服务器可以是视频服务器、文件服务器或者是网站服务器。 The application server can be a video server, a file server or web server.

[0130] 可见,本实施例提供的技术方案中,虚拟专用网服务器位于公网,具有公网IP地址,客户端能够根据虚拟专用网服务器的公网IP地址访问虚拟专用网服务器。 [0130] seen that the present embodiment provides the technical solutions, virtual private network server on the public network, the public network having an IP address, the client server according to the virtual private network can be a public IP address to access the virtual private network server. 客户端能够通过虚拟专用网服务器访问已登录虚拟专用网服务器的虚拟专用网网关所对应的虚拟专用网。 The client can be logged in a virtual private network server virtual private network access server through a virtual private network gateway corresponding to the virtual private network. 因此,通过本实施例提供的技术方案,能够解决现有技术中虚拟专用网网关需要占用公网IP地址的技术问题。 Therefore, the technical solution provided in this embodiment, it is possible to solve the prior art take up a virtual private network gateway public IP address technical issues.

[0131] 可选的, [0131] Alternatively,

[0132] 该第一网关传输该客户端通过该第一网关访问该应用服务器的第一流量,包括: [0132] The client transmits the first gateway through a first flow rate of the first application to access the gateway server, comprising:

[0133] 该第一网关向该应用服务器传输该客户端发送的第一访问请求,并且该第一网关向该客户端传输该应用服务器发送的第一访问响应,该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应,该第一流量包括该第一访问请求以及该第一访问响应; [0133] The first gateway transmitting a first access request sent by the client to the application server, and the first gateway to the client application in response to the transmission of the first access server sends the access request for a first the application server transmits to the client in response to the first access, the first flow comprising the first access request and the response to the first access;

[0134] 该第一网关向该应用服务器传输该客户端发送的第一访问请求,包括: [0134] The first gateway to the application server transmits to the first access request sent by the client, comprising:

[0135] 该第一网关通过第二安全套接层连接接收该虚拟专用网服务器发送的第二访问请求,该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接,该第二访问请求通过如下途径得到: Second access [0135] the first gateway via a second connection to receive the Secure Sockets Layer Virtual Private Network server sends a request to the second connection for the Secure Sockets Layer virtual private network connection between the server and the first gateway, the second access request obtained by the following ways:

[0136] 该虚拟专用网服务器通过第一安全套接层连接接收该客户端发送的该第一访问请求,该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接,该第一访问请求中包含该第一网关的标识; [0136] The first virtual private network server receives the Secure Sockets Layer connection to the first access request sent by the client, connecting the first Secure Socket Layer for the connection between the client and the virtual private network server, the It comprises a first identifier of the first access gateway request;

[0137] 该虚拟专用网服务器根据安全套接层协议的协议栈得到该第一安全套接层连接的标识,该虚拟专用网服务器根据该第一安全套接层连接的标识以及该第一访问请求中的该第一网关的标识生成第一对应关系,该第一对应关系包括该第一网关的标识、该第二安全套接层连接的标识以及该第一安全套接层连接的标识; [0137] The virtual private network server to obtain the first identifier Secure Sockets Layer protocol stack connection according to the Secure Sockets Layer protocol, the virtual private network server according to the first Secure Sockets Layer identifier and a connection request to the first access generating a first identifier of the gateway a first corresponding relationship, the first correspondence relationship comprises a first identifier of the gateway, the second identification Secure Sockets layer identifies the first connection and secure socket layer connection;

[0138] 该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求,生成该第二访问请求; [0138] The identifying the virtual private network server connected to a first secure socket layer added to the first access request, generating the second access request;

[0139] 该第一网关通过第一传输控制协议连接将该第二访问请求转发至该应用服务器;该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识,该第一网关根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系,该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识,该第一传输控制协议连接为该第一网关与该应用服务器之间的连接; [0139] The first gateway via the first transmission control protocol the second access request is forwarded to the application server; to give the first identifier of the second gateway secure socket layer connection according to the Secure Sockets Layer protocol stack, the first the gateway generates a second correspondence relationship between the first and the second access request condom identification layer connection, and the second corresponding relationship between the first identifier comprises a Secure Socket layer connection, the second connection identifier Secure Socket layer and identifying the first transmission control protocol connection, the TCP connection for the first connection between the first gateway and the application server;

[0140] 该第一网关向该客户端传输该应用服务器发送的第一访问响应,包括: [0140] The first gateway to the client application in response to the first access transmission sent by the server, comprising:

[0141] 该第一网关通过该第一传输控制协议连接接收该应用服务器发送的该第一访问响应; [0141] The first gateway coupled to receive the first access response sent by the application server through the first transmission control protocol;

[0142] 该第一网关根据传输控制协议的协议栈得到该第一传输控制协议连接,该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系;该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识;该第一网关将该第一安全套接层连接的标识添加到该第一访问响应,生成第二访问响应; [0142] The first transmission control protocol gateway protocol stack obtained by the first transmission control protocol according to the connection identifier of the connection according to the first gateway to the first transmission control protocol to find the corresponding relationship between the second; according to the first gateway the second corresponding relationship between the obtained first Secure Sockets layer identifier and a connection identifier of the Secure Socket layer second connection; the first gateway identifies the Secure Sockets layer adding the first connection to the first access response generating section two access response;

[0143] 该第一网关通过该第二安全套接层连接向该虚拟专用网服务器发送该第二访问响应,该第二访问响应用于使该虚拟专用网服务器根据该第二访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接,并通过该第一安全套接层连接将该第二访问响应转发至该客户端。 [0143] The first through the second gateway is connected to the Secure Sockets Layer Virtual Private Network server transmitting the second access response, to the second access response for the virtual private network server in response to the second access in accordance with Secure Sockets layer connection identifier first determine that the first connection is a secure socket layer connection for communication, and is connected to the second access forwards the response to the first client via the Secure Sockets layer.

[0144] 可以通过对应表中的表项记录第一对应关系和第二对应关系。 [0144] Table records can be the first correspondence table and the second correspondence correspondence relationship. 也可以通过文件记录第一对应关系和第二对应关系。 It can be recorded in a first corresponding relationship and a second relationship with the aid file.

[0145] 第一网关根据第一传输控制协议连接的标识查找到第二对应关系。 [0145] The first gateway to find the corresponding relationship between a second identifier according to the first transmission control protocol connection. 具体实现时,可以是第一网关在对应表中查找包含第一传输控制协议连接的标识的表项,并根据包含第一传输控制协议连接的标识的表项得到第一安全套接层连接的标识以及第二安全套接层连接的标识。 In specific implementation, the first gateway may be a lookup table entry identifier comprises a first transmission control protocol connection in the correspondence table, and to obtain a first identifier secure socket layer connection according to a first table entry contains a transmission control protocol connection identifier and identifying a second secure socket layer connection.

[0146] 可选的, [0146] Alternatively,

[0147] 该第一流量为该客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问该应用服务器的流量。 [0147] The first flow for the client to web proxy, application conversion, port forwarding or network extension way traffic of the application server.

[0148] 第一流量可以是该客户端向该应用服务器发送的流量,也可以是该应用服务器向该客户端发送的流量。 [0148] The first flow rate of the flow may be sent from the client to the application server, the application may be traffic transmitted by the server to the client.

[0149] 实施例三: [0149] Example III:

[0150] 本发明实施例提供了一种访问应用服务器的方法,可以用于图1所示的组网结构中,参见图4,图4是本发明实施例提供的访问应用服务器的方法的流程图,该方法包括: Embodiment [0150] The present invention provides a method of accessing an application server, may be used to network structure shown in FIG. 1, refer to FIG. 4, FIG. 4 is a flowchart of a method to access an application server according to an embodiment of the present invention FIG., the method comprising:

[0151] 401、客户端接收位于公网的虚拟专用网服务器发送的在线网关信息,该在线网关信息通过如下途径得到:该虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求,该第一登录请求包含该第一网关的标识;该虚拟专用网服务器根据该第一登录请求生成在线网关信息,该在线网关信息包含该第一网关的标识。 [0151] 401, the client receives the virtual private network server on the public network gateway information transmission line, the online gateway information obtained by the following route: the virtual private network server receives a first log at the first virtual private network gateway transmitted request, the login request comprises a first identifier of the first gateway; the virtual private network gateway server request generating online information according to the first login, the online gateway information comprises a first identifier of the gateway.

[0152] 402、该客户端向该虚拟专用网服务器发送请求登录该第一网关的第二登录请求,该第二登录请求包含该第一网关的标识,以便于该虚拟专用网服务器向该第一网关转发该第二登录请求,该第二登录请求用于使该第一网关对该第二登录请求进行响应。 [0152] 402, the client is virtual private network server to send a second request to the first gateway login login request, and the second login request comprises a first identifier of the gateway, so that the virtual private network server to the first a second gateway forwards the login request, the second login request for the first gateway to the second login request response.

[0153] 403、该客户端通过该第一网关访问该应用服务器,该应用服务器位于该虚拟专用网。 [0153] 403, the client accesses the application server via the first gateway, the application server is located in the virtual private network.

[0154] 该第一网关的标识可以是第一网关的序列号,虚拟专用网服务器为该第一网关分配的名字。 [0154] The first gateway identifier may be a serial number of a first gateway, the first virtual private network gateway server for Assigned Names.

[0155] 虚拟专用网服务器位于公网,该虚拟专用网服务器具有至少一个公网IP地址。 [0155] Virtual private network server on the public network, the virtual private network server having at least one public IP address. 具体实现时,该虚拟专用网服务器对应的公网IP地址可以通过手工配置获得。 In specific implementation, the virtual private network server corresponding public IP addresses can be configured manually obtained. 另外,还可以为虚拟专用网服务器配置域名,并且在域名服务器注册该虚拟专用网服务器。 Additionally, you can configure the virtual private network server domain name, and register the virtual private network server in the domain name server.

[0156] 具体实现时,客户端与公网连接,客户端能够向位于公网的网络设备发送登录该网络设备的请求。 [0156] In specific implementation, the client is connected with the public network, the client can send to the network device on the public network login request to the network device. 客户端可以是个人电脑、手机或者个人数字助理。 The client can be a PC, mobile phone or personal digital assistant.

[0157] 第一网关登陆该虚拟专用网服务器具体实现时,可以是: When [0157] the first landing of the virtual private network gateway server specific implementation, may be:

[0158] 第一网关通过安全套接层协议建立第一网关与服务器之间的SSL连接。 [0158] SSL connection between the first gateway and the gateway server is established by the first Secure Socket Layer protocol. 第一网关与虚拟专用网服务器之间的SSL连接可以是一个,也可以是多个。 SSL connection between the first gateway and the virtual private network server may be one, or may be plural. 第一网关通过SSL连接登陆该虚拟专用网服务器。 The first gateway over SSL connections landed the virtual private network server.

[0159] 可以通过如下方式建立该第一网关与该虚拟专用网服务器之间的SSL连接: [0159] SSL connection can be established between the first gateway to the virtual private network server by:

[0160] 该第一网关向该虚拟专用网服务器发送SSL连接建立请求,该服务器向该第一网关发送该SSL连接建立请求对应的响应。 [0160] The first gateway to the virtual private network server transmits a connection establishment request SSL, the SSL server connection establishment request transmits the response corresponding to the first gateway. 该虚拟专用网服务器保存该SSL连接的标识。 The virtual private network server saves identify the SSL connection.

[0161] 该第一网关请求登陆该虚拟专用网服务器具体实现时,可以是第一网关通过超文本传输协议登录该虚拟专用网服务器。 When [0161] The first gateway login request of the virtual private network server specific implementation, the first gateway through hypertext transfer protocol log on to the virtual private network server.

[0162] 该第一网关请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该第一网关进行认证。 When [0162] the first request log gateway virtual private network server, the virtual private network server may authenticate the first gateway.

[0163] 对该第一网关进行认证具体实现时,可以是: [0163] When the first authentication gateway specific implementation may be:

[0164] 该虚拟专用网服务器预先保存能够登陆该虚拟专用网服务器的网关的标识。 [0164] The virtual private network server in advance can save log in to the virtual private network gateway server identity. 网关的标识可以是网关的序列号。 Identification of the gateway may be a serial number of the gateway. 预先在该虚拟专用网服务器上配置用于对请求登陆该虚拟专用网服务器的网关进行认证的认证方式。 In the pre-configured virtual private network server request log for the virtual private network gateway server authenticating the authentication mode. 该认证方式可以是账户和密码的认证方式。 The authentication may be authentication account and password.

[0165] 该虚拟专用网服务器向该客户端发送在线网关信息具体实现时,可以是: [0165] When the virtual private network gateway server to send information to the online client specific implementation may be:

[0166] 客户端登陆该虚拟专用网服务器后,向该虚拟专用网服务器发送请求获取在线网关信息的请求消息。 After [0166] The client log virtual private network servers, virtual private network to the server sends a request message acquiring request online gateway information. 该虚拟专用网服务器收到该请求消息后向该客户端发送在线网关信肩、O The virtual private network gateway server receives the online transmission of the request to the client after the message channel shoulder, O

[0167] 客户端登陆该虚拟专用网服务器具体实现时,可以是: When [0167] the client log virtual private network server specific implementation, may be:

[0168] 客户端通SSL协议建立与该虚拟专用网服务器的SSL连接。 [0168] The client through the SSL protocol to establish the virtual private network server SSL connection. 客户端请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该客户端进行认证。 When a client requests landed the virtual private network server, the virtual private network server can authenticate the client. 关于如何建立该客户端与该虚拟专用网服务器的SSL连接,请参考上文对建立该第一网关与该虚拟专用网服务器之间的SSL连接的描述。 The client on how to build the virtual private network server SSL connection, described above with reference to the establishment of the SSL connection to the first gateway between the virtual private network server. 关于该虚拟专用网服务器如何对该客户端进行认证,请参考上文对该虚拟专用网服务器对该第一网关进行认证的描述。 The virtual private network server on how to authenticate the client, see above the virtual private network server to authenticate the description of the first gateway.

[0169] 可以通过如下方式实现该虚拟专用网服务器向客户端发送在线网关信息: [0169] This may be implemented by server virtual private network gateway send online information to a client:

[0170] 方式一、客户端通过浏览器登陆该虚拟专用网服务器。 [0170] a way, the client log virtual private network server through a browser. 客户端通过该浏览器接收在线网关信息; The client receives online information gateway through the browser;

[0171] 方式二、客户端通过浏览器登陆该虚拟专用网服务器。 [0171] Second way, the client log in the virtual private network server through a browser. 客户端通过控件获取在线网关ί目息。 Client access to online information gateway ί project through controls. 该控件可以是ActiveX。 The control can be ActiveX.

[0172] 客户端发送请求登录该第一网关的第二登录请求具体实现时,可以是: When [0172] the second client sends a request to the first gateway Log request specific implementation may be:

[0173] 客户端通过浏览器接收在线网关信息。 [0173] The client receives online information gateway through a browser. 客户端从在线网关信息中选定该第一网关,并通过浏览器向该第一网关发送第二登录请求。 The first gateway client selected from an online gateway information, and sends the second login request to the first gateway through a browser.

[0174] 具体实现时,可以通过SSL连接传输客户端访问应用服务器的流量。 When [0174] In specific implementation, the client traffic is transmitted can access the application server via SSL. 关于如何建立SSL连接,请参加下文的描述。 On how to establish an SSL connection, please join described below.

[0175] 应用服务器是位于虚拟专用网的应用服务器。 [0175] The application server is an application server is in a virtual private network. 应用服务器能够通过第一网关与该虚拟专用网以外的网络进行通信。 An application server capable of communicating with the gateway through a first virtual private network other than the network. 应用服务器可以是视频服务器、文件服务器或者是网站服务器。 The application server can be a video server, a file server or web server.

[0176] 可见,本实施例提供的技术方案中,虚拟专用网服务器位于公网,具有公网IP地址,客户端能够根据虚拟专用网服务器的公网IP地址访问虚拟专用网服务器。 [0176] seen that the present embodiment provides the technical solutions, virtual private network server on the public network, the public network having an IP address, the client server according to the virtual private network can be a public IP address to access the virtual private network server. 客户端能够通过虚拟专用网服务器访问已登录虚拟专用网服务器的虚拟专用网网关所对应的虚拟专用网。 The client can be logged in a virtual private network server virtual private network access server through a virtual private network gateway corresponding to the virtual private network. 因此,通过本实施例提供的技术方案,能够解决现有技术中虚拟专用网网关需要占用公网IP地址的技术问题。 Therefore, the technical solution provided in this embodiment, it is possible to solve the prior art take up a virtual private network gateway public IP address technical issues.

[0177] 可选的, [0177] Alternatively,

[0178] 该客户端通过该第一网关访问该应用服务器,包括: [0178] The client accesses the application server via the first gateway, comprising:

[0179] 该客户端通过该第一网关向该应用服务器发送第一访问请求,并且该客户端通过该第一网关接收该应用服务器发送的第一访问响应,该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应; [0179] The client sends a first request to access the application server through the first gateway and the client application in response to the received first access server via the first gateway, the access request for the first the application server transmits to the client in response to the first access;

[0180] 该客户端通过该第一网关向该应用服务器发送第一访问请求,包括: [0180] The client sends a first access request, including to the application server via the first gateway:

[0181] 该客户端通过第一安全套接层连接向该虚拟专用网服务器发送该第一访问请求,该第一访问请求中包含该第一网关的标识,该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接;该第一访问请求用于使该虚拟专用网服务器根据安全套接层协议的协议栈得到该第一安全套接层连接的标识,该第一访问请求还用于使该虚拟专用网服务器根据该第一访问请求中的该第一网关的标识以及该第一安全套接层连接的标识生成第一对应关系,该第一对应关系包括该第一网关的标识、第二安全套接层连接的标识以及该第一安全套接层连接的标识,该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接;该第一访问请求还用于使该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求,生成第二访问请求;该第一 [0181] The client sends a first request through the first access connection to the Secure Sockets Layer Virtual Private Network server, the first access request comprises a first identifier of the gateway, the first connection for the client Secure Socket Layer connection to the virtual private network between the server; the access request for a first virtual private network server to obtain the identifier of the first connector according to the Secure Socket layer protocol stack Secure Sockets layer protocol, the first access request also for the virtual private network server generating a first corresponding relationship between the identifier of the first gateway according to the first access request and identifying the first Secure Socket layer connection, the first correspondence relationship comprises a first identifier of the gateway second identification Secure Sockets layer identifies the first connection and secure socket layer connection, the second connection for the Secure Sockets layer virtual private network connection between the first server and the gateway; also with the first access request the virtual private network to the server to add first identification Secure Sockets layer connection to the first access request, generating a second access request; the first 访问请求还用于使该虚拟专用网服务器通过该第二安全套接层连接向该第一网关发送该第二访问请求;该第二访问请求用于使该第一网关通过第一传输控制协议连接将该第二访问请求转发至该应用服务器,该第二访问请求用于使该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识,并根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系,该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识,该第一传输控制协议连接为该第一网关与该应用服务器之间的连接;该第二访问请求还用于使该第一网关通过该第一传输控制协议连接向该应用服务器转发该第二访问请求; Further access requests for the virtual private network server through the second secure socket layer connection transmitting the second request to the first access gateway; the second access request for the first gateway via the first transmission control protocol connection the second access request is forwarded to the application server, the request for the second access gateway to obtain a first identifier of the second connector according to the Secure Socket layer Secure Sockets layer protocol stack, and based on the second access request Secure Sockets layer identification of the first connector to generate a second correspondence relationship, the second corresponding relationship between the first identifier comprises a Secure Socket layer connection, the second connection of the Secure Sockets layer identifier and a first transmission control protocol connection identifier , the first transmission control protocol connection for the connection between the first gateway and the application server; the second access request for the first gateway is also connected by the first transmission control protocol to the application server forwards the second two access requests;

[0182] 该客户端通过该第一网关接收该应用服务器发送的第一访问响应,包括: [0182] The first access client application receives the server sends a response via the first gateway, comprising:

[0183] 该客户端通过该第一安全套接层连接接收该虚拟专用网服务器转发的第二访问响应,该第二访问响应通过如下途径得到: [0183] The first client through the Secure Socket Layer coupled to receive a second access response to the virtual private network server forwarded, the second access response obtained by the following ways:

[0184] 该应用服务器通过该第一传输控制协议连接发送该第一访问响应; [0184] The application server is connected to the first access response transmitted by the first transmission control protocol;

[0185] 该第一网关根据传输控制协议的协议栈得到该第一传输控制协议连接的标识,该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系,该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识; [0185] The first transmission control protocol gateway protocol stack obtained by first identifying the TCP connection according to the identifier of the first gateway according to a first lookup TCP connection to the second correspondence, the first the first gateway obtained Secure Sockets layer connection identifier and a second identifier of the Secure Socket layer connection based on the second correspondence;

[0186] 该第一网关将该第一安全套接层连接的标识添加到该第一访问响应,生成该第二访问响应; [0186] The first gateway identifies the Secure Sockets Layer adding the first connection to the first access response, generating the second access response;

[0187] 该第一网关通过该第二安全套接层连接向该虚拟专用网服务器发送该第二访问响应; [0187] The first gateway via the second secure socket layer connection to the second access response transmitted to the virtual private network server;

[0188] 该虚拟专用网服务器根据该第二访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接,并通过该第一安全套接层连接向该客户端转发该第二访问响应。 [0188] The second virtual private network server to access the first response to the Secure Sockets Layer connection identifier determining that the first connection is a secure socket layer connection for communication, and the first connection according to the Secure Sockets Layer the client forwards the second access response.

[0189] 可以通过对应表中的表项记录第一对应关系和第二对应关系。 [0189] Table records can be the first correspondence table and the second correspondence correspondence relationship. 也可以通过文件记录第一对应关系和第二对应关系。 It can be recorded in a first corresponding relationship and a second relationship with the aid file.

[0190] 第一网关根据第一传输控制协议连接的标识查找到第二对应关系。 [0190] The first gateway to find the corresponding relationship between a second identifier according to the first transmission control protocol connection. 具体实现时,可以是第一网关在对应表中查找包含第一传输控制协议连接的标识的表项,并根据包含第一传输控制协议连接的标识的表项得到第一安全套接层连接的标识以及第二安全套接层连接的标识。 In specific implementation, the first gateway may be a lookup table entry identifier comprises a first transmission control protocol connection in the correspondence table, and to obtain a first identifier secure socket layer connection according to a first table entry contains a transmission control protocol connection identifier and identifying a second secure socket layer connection.

[0191] 可选的, [0191] Alternatively,

[0192] 该客户端通过该第一网关访问该应用服务器,包括: [0192] The client accesses the application server via the first gateway, comprising:

[0193] 该客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问该应用服务器。 [0193] The web client to the proxy, application conversion, port forwarding or network extension of access to the application server.

[0194] 实施例四: [0194] Example IV:

[0195] 本发明实施例提供了一种访问应用服务器的装置,可以用于图1所示的组网结构中。 Example embodiments provide an apparatus for accessing an application server [0195] of the present invention, it may be used in the network structure shown in FIG. 具体可以是图1中的虚拟专用网服务器。 Specifically in FIG 1 may be virtual private network server. 参见图5,图5是本发明实施例提供的访问应用服务器的装置的结构示意图,该装置包括: Referring to FIG. 5, FIG. 5 is a schematic of an apparatus to access the application server configuration according to an embodiment of the present invention, the apparatus comprising:

[0196] 第一接收单元501,用于接收位于虚拟专用网的第一网关发送的第一登录请求,该第一登录请求包含该第一网关的标识; [0196] The first receiving unit 501, a first gateway login request received at the first virtual private network sent the login request comprises a first identifier of the first gateway;

[0197] 网关信息生成单元502,用于根据该第一登录请求生成在线网关信息,该在线网关信息包含该第一网关的标识; [0197] the gateway information generating unit 502, based on the first request for online gateway generates log information, the online information gateway comprises a first identifier of the gateway;

[0198] 发送单元503,用于向客户端发送该在线网关信息; [0198] sending unit 503, configured to send the information to a client online gateway;

[0199] 第二接收单元504,用于接收该客户端发送的请求登录该第一网关的第二登录请求,该第二登录请求包含该第一网关的标识; [0199] The second receiving unit 504, the client sends a request for a second login request to the login receiving a first gateway, the second login request comprises a first identifier of the gateway;

[0200] 转发单元506,用于向该第一网关转发该第二登录请求,以便于该第一网关对该第二登录请求进行响应; [0200] forwarding unit 506 for forwarding the first gateway to the second login request to the first gateway in response to the login request to the second;

[0201] 传输单元507,用于传输该客户端通过该第一网关访问该应用服务器的第一流量,该应用服务器位于该虚拟专用网。 [0201] transmitting unit 507 for transmitting the flow rate of the first client access to the application server via the first gateway, the application server is located in the virtual private network.

[0202] 该第一网关的标识可以是第一网关的序列号,虚拟专用网服务器为该第一网关分配的名字。 [0202] The first gateway identifier may be a serial number of a first gateway, the first virtual private network gateway server for Assigned Names.

[0203] 虚拟专用网服务器位于公网,该虚拟专用网服务器具有至少一个公网IP地址。 [0203] Virtual private network server on the public network, the virtual private network server having at least one public IP address. 具体实现时,该虚拟专用网服务器对应的公网IP地址可以通过手工配置获得。 In specific implementation, the virtual private network server corresponding public IP addresses can be configured manually obtained. 另外,还可以为虚拟专用网服务器配置域名,并且在域名服务器注册该虚拟专用网服务器。 Additionally, you can configure the virtual private network server domain name, and register the virtual private network server in the domain name server.

[0204] 具体实现时,客户端与公网连接,客户端能够向位于公网的网络设备发送登录该网络设备的请求。 [0204] In specific implementation, the client is connected with the public network, the client can send to the network device on the public network login request to the network device. 客户端可以是个人电脑、手机或者个人数字助理。 The client can be a PC, mobile phone or personal digital assistant.

[0205] 第一网关登陆该虚拟专用网服务器具体实现时,可以是: When [0205] the first landing of the virtual private network gateway server specific implementation, may be:

[0206] 第一网关通过安全套接层协议建立第一网关与服务器之间的SSL连接。 [0206] SSL connection between the first gateway and the gateway server is established by the first Secure Socket Layer protocol. 第一网关与虚拟专用网服务器之间的SSL连接可以是一个,也可以是多个。 SSL connection between the first gateway and the virtual private network server may be one, or may be plural. 第一网关通过SSL连接登陆该虚拟专用网服务器。 The first gateway over SSL connections landed the virtual private network server.

[0207] 可以通过如下方式建立该第一网关与该虚拟专用网服务器之间的SSL连接: [0207] SSL connection can be established between the first gateway to the virtual private network server by:

[0208] 该第一网关向该虚拟专用网服务器发送SSL连接建立请求,该服务器向该第一网关发送该SSL连接建立请求对应的响应。 [0208] The first gateway to the virtual private network server transmits a connection establishment request SSL, the SSL server connection establishment request transmits the response corresponding to the first gateway. 该虚拟专用网服务器保存该SSL连接的标识。 The virtual private network server saves identify the SSL connection.

[0209] 该第一网关请求登陆该虚拟专用网服务器具体实现时,可以是第一网关通过超文本传输协议登录该虚拟专用网服务器。 When [0209] The first gateway login request of the virtual private network server specific implementation, the first gateway through hypertext transfer protocol log on to the virtual private network server.

[0210] 该第一网关请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该第一网关进行认证。 When [0210] the first request log gateway virtual private network server, the virtual private network server may authenticate the first gateway.

[0211] 对该第一网关进行认证具体实现时,可以是: [0211] When the first authentication gateway specific implementation may be:

[0212] 该虚拟专用网服务器预先保存能够登陆该虚拟专用网服务器的网关的标识。 [0212] The virtual private network server in advance can save log in to the virtual private network gateway server identity. 网关的标识可以是网关的序列号。 Identification of the gateway may be a serial number of the gateway. 预先在该虚拟专用网服务器上配置用于对请求登陆该虚拟专用网服务器的网关进行认证的认证方式。 In the pre-configured virtual private network server request log for the virtual private network gateway server authenticating the authentication mode. 该认证方式可以是账户和密码的认证方式。 The authentication may be authentication account and password.

[0213] 该虚拟专用网服务器向该客户端发送在线网关信息具体实现时,可以是: [0213] When the virtual private network gateway server to send information to the online client specific implementation may be:

[0214] 客户端登陆该虚拟专用网服务器后,向该虚拟专用网服务器发送请求获取在线网关信息的请求消息。 After [0214] The client log virtual private network servers, virtual private network to the server sends a request message acquiring request online gateway information. 该虚拟专用网服务器收到该请求消息后向该客户端发送在线网关信肩、O The virtual private network gateway server receives the online transmission of the request to the client after the message channel shoulder, O

[0215] 客户端登陆该虚拟专用网服务器具体实现时,可以是: When [0215] the client log virtual private network server specific implementation, may be:

[0216] 客户端通SSL协议建立与该虚拟专用网服务器的SSL连接。 [0216] The client through the SSL protocol to establish the virtual private network server SSL connection. 客户端请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该客户端进行认证。 When a client requests landed the virtual private network server, the virtual private network server can authenticate the client. 关于如何建立该客户端与该虚拟专用网服务器的SSL连接,请参考上文对建立该第一网关与该虚拟专用网服务器之间的SSL连接的描述。 The client on how to build the virtual private network server SSL connection, described above with reference to the establishment of the SSL connection to the first gateway between the virtual private network server. 关于该虚拟专用网服务器如何对该客户端进行认证,请参考上文对该虚拟专用网服务器对该第一网关进行认证的描述。 The virtual private network server on how to authenticate the client, see above the virtual private network server to authenticate the description of the first gateway.

[0217] 可以通过如下方式实现该虚拟专用网服务器向客户端发送在线网关信息: [0217] This may be implemented by server virtual private network gateway send online information to a client:

[0218] 方式一、客户端通过浏览器登陆该虚拟专用网服务器。 [0218] a way, the client log virtual private network server through a browser. 客户端通过该浏览器接收在线网关信息; The client receives online information gateway through the browser;

[0219] 方式二、客户端通过浏览器登陆该虚拟专用网服务器。 [0219] Second way, the client log in the virtual private network server through a browser. 客户端通过控件获取在线网关ί目息。 Client access to online information gateway ί project through controls. 该控件可以是ActiveX。 The control can be ActiveX.

[0220] 客户端发送请求登录该第一网关的第二登录请求具体实现时,可以是: When [0220] the second client sends a request to the first gateway Log request specific implementation may be:

[0221] 客户端通过浏览器接收在线网关信息。 [0221] The client receives online information gateway through a browser. 客户端从在线网关信息中选定该第一网关,并通过浏览器向该第一网关发送第二登录请求。 The first gateway client selected from an online gateway information, and sends the second login request to the first gateway through a browser.

[0222] 应用服务器是位于虚拟专用网的应用服务器。 [0222] The application server is an application server is in a virtual private network. 应用服务器能够通过第一网关与该虚拟专用网以外的网络进行通信。 An application server capable of communicating with the gateway through a first virtual private network other than the network. 应用服务器可以是视频服务器、文件服务器或者是网站服务器。 The application server can be a video server, a file server or web server.

[0223] 可见,本实施例提供的技术方案中,虚拟专用网服务器位于公网,具有公网IP地址,客户端能够根据虚拟专用网服务器的公网IP地址访问虚拟专用网服务器。 [0223] seen that the present embodiment provides the technical solutions, virtual private network server on the public network, the public network having an IP address, the client server according to the virtual private network can be a public IP address to access the virtual private network server. 客户端能够通过虚拟专用网服务器访问已登录虚拟专用网服务器的虚拟专用网网关所对应的虚拟专用网。 The client can be logged in a virtual private network server virtual private network access server through a virtual private network gateway corresponding to the virtual private network. 因此,通过本实施例提供的技术方案,能够解决现有技术中虚拟专用网网关需要占用公网IP地址的技术问题。 Therefore, the technical solution provided in this embodiment, it is possible to solve the prior art take up a virtual private network gateway public IP address technical issues.

[0224] 可选的, [0224] Alternatively,

[0225] 传输单元507包括第一子单元以及第二子单元; [0225] transmitting unit 507 includes a first subunit and a second subunit;

[0226] 该第一子单元用于向该应用服务器传输该客户端发送的第一访问请求; [0226] The first sub-unit for transmitting a first access request sent by the client to the application server;

[0227] 该第二子单元用于向该客户端传输该应用服务器发送的第一访问响应,该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应,该第一流量包括该第一访问请求以及该第一访问响应; [0227] The second sub-unit for the first access response transmitted to the client the application server sends the access request for the first application of the first access server sends a response to the client, the first the first flow comprising a first access request and access response;

[0228] 该第一子单元包括: [0228] The first sub-unit comprises:

[0229] 访问请求接收单元,用于通过第一安全套接层连接接收该客户端发送的该第一访问请求,该第一访问请求中包含该第一网关的标识,该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接; [0229] access request receiving means for receiving the connection to the first access request sent by a first client Secure Sockets Layer, the first access request comprises a first identifier of the gateway, the first connection Secure Socket Layer for the client and the connection between the virtual private network server;

[0230] 对应关系生成单元,用于根据安全套接层协议的协议栈得到该第一安全套接层连接的标识,生成第一对应关系,该第一对应关系包括该第一网关的标识、第二安全套接层连接的标识以及该第一安全套接层连接的标识,该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接; [0230] correspondence relation generating means for obtaining a protocol stack according to the Secure Sockets Layer protocol identifier of the first secure socket layer connection, generating a first corresponding relationship between the identifier of the first correspondence relationship comprises a first gateway, a second Secure Sockets layer identifier identifies the first connection and secure socket layer connection, the second connection for the Secure Sockets layer virtual private network connection between the first server and the gateway;

[0231] 访问请求更新单元,用于将该第一安全套接层连接的标识添加到该第一访问请求,生成第二访问请求; [0231] access request updating means for adding the first identification Secure Sockets Layer connection to the first access request, generating a second access request;

[0232] 访问请求发送单元,用于通过该第二安全套接层连接向该第一网关发送该第二访问请求,以便于该第一网关通过第一传输控制协议连接将该第二访问请求发送至该应用服务器,该第二访问请求用于使该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识,并根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系,该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识,该第一传输控制协议连接为该第一网关与该应用服务器之间的连接,该第二访问请求还用于触发该第一网关通过该第一传输控制协议连接向该应用服务器转发该第二访问请求; [0232] access request transmitting means for transmitting the second access request through the second secure socket layer connection to the first gateway, the first gateway in order to connect the first transmission control protocol by the second access request to the application server, the request for the second access gateway to obtain a first identifier of the second connector according to the Secure Socket layer Secure Sockets layer protocol stack, based on the first connection and the second access request condom access layer generating a second corresponding relationship between the identifier, the identifier of the second corresponding relationship includes a first secure socket layer connection, the second connection Secure Sockets layer identification and identifying the first transmission control protocol connection, the first transmission control protocol a first connector for the connection between the gateway and the application server, the second access request is further configured to trigger the first gateway via the first transmission control protocol to a second application server forwards the access request;

[0233] 该第二子单元包括: [0233] The second sub-unit comprises:

[0234] 访问响应接收单元,用于接收第二访问响应,该第二访问响应通过如下途径得到: [0234] access response receiving means for receiving a second access response, to the second access response obtained by the following ways:

[0235] 该应用服务器通过该第一传输控制协议连接发送该第一访问响应; [0235] The application server is connected to the first access response transmitted by the first transmission control protocol;

[0236] 该第一网关根据传输控制协议的协议栈得到该第一传输控制协议连接,该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系;该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识; [0236] The first transmission control protocol gateway protocol stack obtained by the first transmission control protocol according to the connection identifier of the connection according to the first gateway to the first transmission control protocol to find the corresponding relationship between the second; according to the first gateway the second corresponding relationship between the obtained first Secure Sockets layer identifier and a connection identifier of the second connection Secure Socket layer;

[0237] 该第一网关将该第一安全套接层连接的标识添加到该第二访问响应,生成该第一访问响应; [0237] The first gateway identifies the Secure Sockets Layer adding the first connection to the second access response generated in response to the first access;

[0238] 该第一网关通过该第二安全套接层连接向该虚拟专用网服务器发送该第一访问响应; [0238] The first gateway via the second secure socket layer connection in response to transmitting the first access to the virtual private network server;

[0239] 访问响应转发单元,用于根据该第一访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接,并通过该第一安全套接层连接将该第一访问响应转发至该客户端。 [0239] access response forwarding unit, for the first access in response to the first identification Secure Sockets Layer determines that the first connection is connected to the Secure Socket Layer connection for communication, and the first through the Secure Socket Layer The connecting the first access forwards the response to the client.

[0240] 可以通过对应表中的表项记录第一对应关系和第二对应关系。 [0240] Table records can be the first correspondence table and the second correspondence correspondence relationship. 也可以通过文件记录第一对应关系和第二对应关系。 It can be recorded in a first corresponding relationship and a second relationship with the aid file.

[0241] 第一网关根据第一传输控制协议连接的标识查找到第二对应关系。 [0241] The first gateway to find the corresponding relationship between a second identifier according to the first transmission control protocol connection. 具体实现时,可以是第一网关在对应表中查找包含第一传输控制协议连接的标识的表项,并根据包含第一传输控制协议连接的标识的表项得到第一安全套接层连接的标识以及第二安全套接层连接的标识。 In specific implementation, the first gateway may be a lookup table entry identifier comprises a first transmission control protocol connection in the correspondence table, and to obtain a first identifier secure socket layer connection according to a first table entry contains a transmission control protocol connection identifier and identifying a second secure socket layer connection.

[0242] 可选的, [0242] Alternatively,

[0243] 该第一流量为该客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问该应用服务器的流量。 [0243] The first flow for the client to web proxy, application conversion, port forwarding or network extension way traffic of the application server.

[0244] 第一流量可以是该客户端向该应用服务器发送的流量,也可以是该应用服务器向该客户端发送的流量。 [0244] The first flow rate of the flow may be sent from the client to the application server, the application may be traffic transmitted by the server to the client.

[0245] 实施例五: [0245] Example Five:

[0246] 本发明实施例提供了一种访问应用服务器的装置,可以用于图1所示的组网结构中。 Example embodiments provide an apparatus for accessing an application server [0246] of the present invention, it may be used in the network structure shown in FIG. 具体可以是图1中的网关。 1 may be in particular gateways FIG. 参见图6,图6是本发明实施例提供的访问应用服务器的装置的结构示意图,该装置包括: Referring to FIG. 6, FIG. 6 is a structural diagram of the device accesses the application server according to an embodiment of the present invention, the apparatus comprising:

[0247] 发送单元601,用于向位于公网的虚拟专用网服务器发送包含位于虚拟专用网的第一网关的标识的第一登录请求,以便于该虚拟专用网服务器生成用于被客户端接收的包含该第一网关的标识的在线网关信息; [0247] sending unit 601, configured to send a first login request containing the identification at the first virtual private network gateway to the public network, the virtual private network server in order to generate the virtual private network server for the client is received identifying a first gateway comprises the gateway information is online;

[0248] 接收单元602,用于接收该虚拟专用网服务器转发的该客户端发送的请求登录所述第一网关的第二登录请求,该第二登录请求包含该第一网关的标识; [0248] The receiving unit 602 receives the login request for the second login request to the first virtual gateway server forwards the client's private network sends, and the second identifier of the login request comprises a first gateway;

[0249] 响应单元603,用于对该第二登录请求进行响应; [0249] responding unit 603, the second login request for a response;

[0250] 传输单元604,用于转发该客户端通过该第一网关访问该应用服务器的第一流量,该应用服务器位于该第一网关对应的虚拟专用网。 [0250] transmitting unit 604, for forwarding a first flow rate of the client to access the application server via the first gateway, the application server is located in a virtual private network gateway corresponding to the first.

[0251] 该第一网关的标识可以是第一网关的序列号,虚拟专用网服务器为该第一网关分配的名字。 [0251] The first gateway identifier may be a serial number of a first gateway, the first virtual private network gateway server for Assigned Names.

[0252] 虚拟专用网服务器位于公网,该虚拟专用网服务器具有至少一个公网IP地址。 [0252] Virtual private network server on the public network, the virtual private network server having at least one public IP address. 具体实现时,该虚拟专用网服务器对应的公网IP地址可以通过手工配置获得。 In specific implementation, the virtual private network server corresponding public IP addresses can be configured manually obtained. 另外,还可以为虚拟专用网服务器配置域名,并且在域名服务器注册该虚拟专用网服务器。 Additionally, you can configure the virtual private network server domain name, and register the virtual private network server in the domain name server.

[0253] 具体实现时,客户端与公网连接,客户端能够向位于公网的网络设备发送登录该网络设备的请求。 [0253] In specific implementation, the client is connected with the public network, the client can send to the network device on the public network login request to the network device. 客户端可以是个人电脑、手机或者个人数字助理。 The client can be a PC, mobile phone or personal digital assistant.

[0254] 第一网关登陆该虚拟专用网服务器具体实现时,可以是: When [0254] the first landing of the virtual private network gateway server specific implementation, may be:

[0255] 第一网关通过安全套接层协议建立第一网关与服务器之间的SSL连接。 [0255] SSL connection between the first gateway and the gateway server is established by the first Secure Socket Layer protocol. 第一网关与虚拟专用网服务器之间的SSL连接可以是一个,也可以是多个。 SSL connection between the first gateway and the virtual private network server may be one, or may be plural. 第一网关通过SSL连接登陆该虚拟专用网服务器。 The first gateway over SSL connections landed the virtual private network server.

[0256] 可以通过如下方式建立该第一网关与该虚拟专用网服务器之间的SSL连接: [0256] SSL connection can be established between the first gateway to the virtual private network server by:

[0257] 该第一网关向该虚拟专用网服务器发送SSL连接建立请求,该服务器向该第一网关发送该SSL连接建立请求对应的响应。 [0257] The first gateway to the virtual private network server transmits a connection establishment request SSL, the SSL server connection establishment request transmits the response corresponding to the first gateway. 该虚拟专用网服务器保存该SSL连接的标识。 The virtual private network server saves identify the SSL connection.

[0258] 该第一网关请求登陆该虚拟专用网服务器具体实现时,可以是第一网关通过超文本传输协议登录该虚拟专用网服务器。 When [0258] The first gateway login request of the virtual private network server specific implementation, the first gateway through hypertext transfer protocol log on to the virtual private network server.

[0259] 该第一网关请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该第一网关进行认证。 When [0259] the first request log gateway virtual private network server, the virtual private network server may authenticate the first gateway.

[0260] 对该第一网关进行认证具体实现时,可以是: [0260] When the first authentication gateway specific implementation may be:

[0261] 该虚拟专用网服务器预先保存能够登陆该虚拟专用网服务器的网关的标识。 [0261] The virtual private network server in advance can save log in to the virtual private network gateway server identity. 网关的标识可以是网关的序列号。 Identification of the gateway may be a serial number of the gateway. 预先在该虚拟专用网服务器上配置用于对请求登陆该虚拟专用网服务器的网关进行认证的认证方式。 In the pre-configured virtual private network server request log for the virtual private network gateway server authenticating the authentication mode. 该认证方式可以是账户和密码的认证方式。 The authentication may be authentication account and password.

[0262] 该虚拟专用网服务器向该客户端发送在线网关信息具体实现时,可以是: [0262] When the virtual private network gateway server to send information to the online client specific implementation may be:

[0263] 客户端登陆该虚拟专用网服务器后,向该虚拟专用网服务器发送请求获取在线网关信息的请求消息。 After [0263] The client log virtual private network servers, virtual private network to the server sends a request message acquiring request online gateway information. 该虚拟专用网服务器收到该请求消息后向该客户端发送在线网关信肩、O The virtual private network gateway server receives the online transmission of the request to the client after the message channel shoulder, O

[0264] 客户端登陆该虚拟专用网服务器具体实现时,可以是: When [0264] the client log virtual private network server specific implementation, may be:

[0265] 客户端通SSL协议建立与该虚拟专用网服务器的SSL连接。 [0265] The client through the SSL protocol to establish the virtual private network server SSL connection. 客户端请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该客户端进行认证。 When a client requests landed the virtual private network server, the virtual private network server can authenticate the client. 关于如何建立该客户端与该虚拟专用网服务器的SSL连接,请参考上文对建立该第一网关与该虚拟专用网服务器之间的SSL连接的描述。 The client on how to build the virtual private network server SSL connection, described above with reference to the establishment of the SSL connection to the first gateway between the virtual private network server. 关于该虚拟专用网服务器如何对该客户端进行认证,请参考上文对该虚拟专用网服务器对该第一网关进行认证的描述。 The virtual private network server on how to authenticate the client, see above the virtual private network server to authenticate the description of the first gateway.

[0266] 可以通过如下方式实现该虚拟专用网服务器向客户端发送在线网关信息: [0266] This may be implemented by server virtual private network gateway send online information to a client:

[0267] 方式一、客户端通过浏览器登陆该虚拟专用网服务器。 [0267] a way, the client log virtual private network server through a browser. 客户端通过该浏览器接收在线网关信息; The client receives online information gateway through the browser;

[0268] 方式二、客户端通过浏览器登陆该虚拟专用网服务器。 [0268] Second way, the client log in the virtual private network server through a browser. 客户端通过控件获取在线网关ί目息。 Client access to online information gateway ί project through controls. 该控件可以是ActiveX。 The control can be ActiveX.

[0269] 客户端发送请求登录该第一网关的第二登录请求具体实现时,可以是: When [0269] the second client sends a request to the first gateway Log request specific implementation may be:

[0270] 客户端通过浏览器接收在线网关信息。 [0270] The client receives online information gateway through a browser. 客户端从在线网关信息中选定该第一网关,并通过浏览器向该第一网关发送第二登录请求。 The first gateway client selected from an online gateway information, and sends the second login request to the first gateway through a browser.

[0271] 应用服务器是位于虚拟专用网的应用服务器。 [0271] The application server is an application server is in a virtual private network. 应用服务器能够通过第一网关与该虚拟专用网以外的网络进行通信。 An application server capable of communicating with the gateway through a first virtual private network other than the network. 应用服务器可以是视频服务器、文件服务器或者是网站服务器。 The application server can be a video server, a file server or web server.

[0272] 可见,本实施例提供的技术方案中,虚拟专用网服务器位于公网,具有公网IP地址,客户端能够根据虚拟专用网服务器的公网IP地址访问虚拟专用网服务器。 [0272] seen that the present embodiment provides the technical solutions, virtual private network server on the public network, the public network having an IP address, the client server according to the virtual private network can be a public IP address to access the virtual private network server. 客户端能够通过虚拟专用网服务器访问已登录虚拟专用网服务器的虚拟专用网网关所对应的虚拟专用网。 The client can be logged in a virtual private network server virtual private network access server through a virtual private network gateway corresponding to the virtual private network. 因此,通过本实施例提供的技术方案,能够解决现有技术中虚拟专用网网关需要占用公网IP地址的技术问题。 Therefore, the technical solution provided in this embodiment, it is possible to solve the prior art take up a virtual private network gateway public IP address technical issues.

[0273] 可选的, [0273] Alternatively,

[0274] 传输单元604包括第一子单元和第二子单元; [0274] transmitting unit 604 includes a first subunit and a second subunit;

[0275] 该第一子单元用于向该应用服务器传输该客户端发送的第一访问请求; [0275] The first sub-unit for transmitting a first access request sent by the client to the application server;

[0276] 该第二子单元用于向该客户端传输该应用服务器发送的第一访问响应,该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应,该第一流量包括该第一访问请求以及该第一访问响应; [0276] The second sub-unit for the first access response transmitted to the client the application server sends the access request for the first application of the first access server sends a response to the client, the first the first flow comprising a first access request and access response;

[0277] 该第一子单元包括: [0277] The first sub-unit comprises:

[0278] 访问请求接收单元,用于通过第二安全套接层连接接收该虚拟专用网服务器发送的第二访问请求,该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接,该第二访问请求通过如下途径得到: [0278] access request receiving means for receiving a second connection request to the virtual private network access server via a second secure socket layer, the second connection for the Secure Sockets Layer Virtual Private Network between the first server and gateway connection, the second access request is obtained by the following ways:

[0279] 该虚拟专用网服务器通过第一安全套接层连接接收该客户端发送的该第一访问请求,该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接,该第一访问请求中包含该第一网关的标识; [0279] The first virtual private network server receives the Secure Sockets Layer connection to the first access request sent by the client, connecting the first Secure Socket Layer for the connection between the client and the virtual private network server, the It comprises a first identifier of the first access gateway request;

[0280] 该虚拟专用网服务器根据安全套接层协议的协议栈得到该第一安全套接层连接的标识,该虚拟专用网服务器根据该第一安全套接层连接的标识以及该第一访问请求中的该第一网关的标识生成第一对应关系,该第一对应关系包括该第一网关的标识、该第二安全套接层连接的标识以及该第一安全套接层连接的标识; [0280] The virtual private network server to obtain the first identifier Secure Sockets Layer protocol stack connection according to the Secure Sockets Layer protocol, the virtual private network server according to the first Secure Sockets Layer identifier and a connection request to the first access generating a first identifier of the gateway a first corresponding relationship, the first correspondence relationship comprises a first identifier of the gateway, the second identification Secure Sockets layer identifies the first connection and secure socket layer connection;

[0281] 该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求,生成该第二访问请求;访问请求转发单元,用于通过第一传输控制协议连接将该第二访问请求转发至该应用服务器;该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识,该第一网关根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系,该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识,该第一 [0281] The virtual private network server identifies the Secure Sockets Layer adding the first connection to the first access request, generating the second access request; access request forwarding unit, a first connection for the first transmission control protocol two access request is forwarded to the application server; to give the first identifier of the second gateway secure socket layer connection according to the Secure Sockets layer protocol stack, the first gateway according to the first to the second access request condom access layer connection generating a second identifier corresponding relationship to the identifier of the second corresponding relationship includes a first secure socket layer connection identifier of the second connector and a Secure Socket layer TCP connection to the first identifier, the first

[0282] 传输控制协议连接为该第一网关与该应用服务器之间的连接;该第二子单元包括: [0282] TCP connection for the connection between the first gateway and the application server; the second sub-unit comprises:

[0283] 访问响应接收单元,用于通过该第一传输控制协议连接接收该应用服务器发送的该第一访问响应; [0283] access response receiving means for receiving the first access connection via the first transmission control protocol of the application server sends a response;

[0284] 查找单元,用于根据传输控制协议的协议栈得到该第一传输控制协议连接,该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系;该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识; [0284] search unit, a protocol stack for transmission control protocol connection is obtained in accordance with the first transmission control protocol, the first gateway to find the identifier of the second corresponding relationship according to the first transmission control protocol connection; the first gateway the second corresponding relationship between the obtained first Secure Sockets layer identifier and a connection identifier of the second connector according to the Secure Socket layer;

[0285] 访问响应更新单元,用于将该第一安全套接层连接的标识添加到该第一访问响应,生成第二访问响应; [0285] access response updating means for adding the first identification Secure Sockets Layer connection to the first access response, generating a second access response;

[0286] 访问响应发送单元,用于通过该第二安全套接层连接向该虚拟专用网服务器发送该第二访问响应,该第二访问响应用于使该虚拟专用网服务器根据该第二访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接,并通 [0286] access response transmitting unit configured to transmit the second private network server access response through the second connection to the virtual secure socket layer, the second access response for the virtual private network server according to the second access response Secure identification of the first contact layer is connected to first determine the Secure Socket layer connection is connected for communication, and through

[0287] 过该第一安全套接层连接将该第二访问响应转发至该客户端。 [0287] The first through the Secure Socket Layer connecting the second access forwards the response to the client. 可以通过对应表中的表项记录第一对应关系和第二对应关系。 Entry by recording the first correspondence table and the second correspondence correspondence relationship. 也可以通过文件记录第一对应关系和第二对应关系。 It can be recorded in a first corresponding relationship and a second relationship with the aid file.

[0288] 第一网关根据第一传输控制协议连接的标识查找到第二对应关系。 [0288] The first gateway to find the corresponding relationship between a second identifier according to the first transmission control protocol connection. 具体实现时,可以是第一网关在对应表中查找包含第一传输控制协议连接的标识的表项,并根据包含第一传输控制协议连接的标识的表项得到第一安全套接层连接的标识以及第二安全套接层连接的标识。 In specific implementation, the first gateway may be a lookup table entry identifier comprises a first transmission control protocol connection in the correspondence table, and to obtain a first identifier secure socket layer connection according to a first table entry contains a transmission control protocol connection identifier and identifying a second secure socket layer connection.

[0289] 可选的, [0289] Alternatively,

[0290] 该第一流量为该客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问该应用服务器的流量。 [0290] The first flow for the client to web proxy, application conversion, port forwarding or network extension way traffic of the application server.

[0291] 第一流量可以是该客户端向该应用服务器发送的流量,也可以是该应用服务器向该客户端发送的流量。 [0291] The first flow rate of the flow may be sent from the client to the application server, the application may be traffic transmitted by the server to the client.

[0292] 实施例六: [0292] Example VI:

[0293] 本发明实施例提供了一种访问应用服务器的装置,可以用于图1所示的组网结构中。 [0293] Example embodiments provide an apparatus for accessing an application server, it may be used to network structure shown in FIG. 1 according to the present invention. 具体可以是图1中的客户端。 Specifically in FIG 1 may be a client. 参见图7,图7是本发明实施例提供的访问应用服务器的装置的结构示意图,该装置包括: Referring to FIG. 7, FIG. 7 is a schematic structural diagram of the device accesses the application server according to an embodiment of the present invention, the apparatus comprising:

[0294] 接收单元701,用于接收位于公网的虚拟专用网服务器发送的在线网关信息,该在线网关信息通过如下途径得到:该虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求,该第一登录请求包含该第一网关的标识;该虚拟专用网服务器根据该第一登录请求生成在线网关信息,该在线网关信息包含该第一网关的标识; [0294] The receiving unit 701 for receiving information on the public line network gateway virtual private network server sends the online gateway information obtained by the following route: the virtual private network gateway server receives located on a first virtual private network transmission a login request to the login request comprises a first identifier of the first gateway; the virtual private network gateway server request generating online information according to the first login, the online gateway information comprises a first identifier of the gateway;

[0295] 发送单元702,用于向该虚拟专用网服务器发送请求登录该第一网关的第二登录请求,该第二登录请求包含该第一网关的标识,以便于该虚拟专用网服务器向该第一网关转发该第二登录请求,该第二登录请求用于使该第一网关对该第二登录请求进行响应; [0295] transmitting unit 702, a second virtual private network login request to the login server sends a request to the first gateway, the second login request comprises a first identifier of the gateway, so that the virtual private network server to the first gateway forwards the second login request, the second login request for the first gateway in response to the second login request;

[0296] 访问单元703,用于通过该第一网关访问该应用服务器,该应用服务器位于该虚拟专用网。 [0296] access unit 703 for accessing the application through the first gateway server, the application server is located in the virtual private network.

[0297] 该第一网关的标识可以是第一网关的序列号,虚拟专用网服务器为该第一网关分配的名字。 [0297] The first gateway identifier may be a serial number of a first gateway, the first virtual private network gateway server for Assigned Names.

[0298] 虚拟专用网服务器位于公网,该虚拟专用网服务器具有至少一个公网IP地址。 [0298] Virtual private network server on the public network, the virtual private network server having at least one public IP address. 具体实现时,该虚拟专用网服务器对应的公网IP地址可以通过手工配置获得。 In specific implementation, the virtual private network server corresponding public IP addresses can be configured manually obtained. 另外,还可以为虚拟专用网服务器配置域名,并且在域名服务器注册该虚拟专用网服务器。 Additionally, you can configure the virtual private network server domain name, and register the virtual private network server in the domain name server.

[0299] 具体实现时,客户端与公网连接,客户端能够向位于公网的网络设备发送登录该网络设备的请求。 [0299] In specific implementation, the client is connected with the public network, the client can send to the network device on the public network login request to the network device. 客户端可以是个人电脑、手机或者个人数字助理。 The client can be a PC, mobile phone or personal digital assistant.

[0300] 第一网关登陆该虚拟专用网服务器具体实现时,可以是: When [0300] the first landing of the virtual private network gateway server specific implementation, may be:

[0301 ] 第一网关通过安全套接层协议建立第一网关与服务器之间的SSL连接。 [0301] SSL connection between the first gateway and the gateway server is established by the first Secure Socket Layer protocol. 第一网关与虚拟专用网服务器之间的SSL连接可以是一个,也可以是多个。 SSL connection between the first gateway and the virtual private network server may be one, or may be plural. 第一网关通过SSL连接登陆该虚拟专用网服务器。 The first gateway over SSL connections landed the virtual private network server.

[0302] 可以通过如下方式建立该第一网关与该虚拟专用网服务器之间的SSL连接: [0302] SSL connection can be established between the first gateway to the virtual private network server by:

[0303] 该第一网关向该虚拟专用网服务器发送SSL连接建立请求,该服务器向该第一网关发送该SSL连接建立请求对应的响应。 [0303] The first gateway to the virtual private network server transmits a connection establishment request SSL, the SSL server connection establishment request transmits the response corresponding to the first gateway. 该虚拟专用网服务器保存该SSL连接的标识。 The virtual private network server saves identify the SSL connection.

[0304] 该第一网关请求登陆该虚拟专用网服务器具体实现时,可以是第一网关通过超文本传输协议登录该虚拟专用网服务器。 When [0304] The first gateway login request of the virtual private network server specific implementation, the first gateway through hypertext transfer protocol log on to the virtual private network server.

[0305] 该第一网关请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该第一网关进行认证。 When [0305] the first request log gateway virtual private network server, the virtual private network server may authenticate the first gateway.

[0306] 对该第一网关进行认证具体实现时,可以是: [0306] When the first authentication gateway specific implementation may be:

[0307] 该虚拟专用网服务器预先保存能够登陆该虚拟专用网服务器的网关的标识。 [0307] The virtual private network server in advance can save log in to the virtual private network gateway server identity. 网关的标识可以是网关的序列号。 Identification of the gateway may be a serial number of the gateway. 预先在该虚拟专用网服务器上配置用于对请求登陆该虚拟专用网服务器的网关进行认证的认证方式。 In the pre-configured virtual private network server request log for the virtual private network gateway server authenticating the authentication mode. 该认证方式可以是账户和密码的认证方式。 The authentication may be authentication account and password.

[0308] 该虚拟专用网服务器向该客户端发送在线网关信息具体实现时,可以是: [0308] When the virtual private network gateway server to send information to the online client specific implementation may be:

[0309] 客户端登陆该虚拟专用网服务器后,向该虚拟专用网服务器发送请求获取在线网关信息的请求消息。 After [0309] The client log virtual private network servers, virtual private network to the server sends a request message acquiring request online gateway information. 该虚拟专用网服务器收到该请求消息后向该客户端发送在线网关信肩、ο The virtual private network gateway server receives the online transmission channel after the shoulder to the client request message, ο

[0310] 客户端登陆该虚拟专用网服务器具体实现时,可以是: When [0310] the client log virtual private network server specific implementation, may be:

[0311] 客户端通SSL协议建立与该虚拟专用网服务器的SSL连接。 [0311] The client through the SSL protocol to establish the virtual private network server SSL connection. 客户端请求登陆该虚拟专用网服务器时,该虚拟专用网服务器可以对该客户端进行认证。 When a client requests landed the virtual private network server, the virtual private network server can authenticate the client. 关于如何建立该客户端与该虚拟专用网服务器的SSL连接,请参考上文对建立该第一网关与该虚拟专用网服务器之间的SSL连接的描述。 The client on how to build the virtual private network server SSL connection, described above with reference to the establishment of the SSL connection to the first gateway between the virtual private network server. 关于该虚拟专用网服务器如何对该客户端进行认证,请参考上文对该虚拟专用网服务器对该第一网关进行认证的描述。 The virtual private network server on how to authenticate the client, see above the virtual private network server to authenticate the description of the first gateway.

[0312] 可以通过如下方式实现该虚拟专用网服务器向客户端发送在线网关信息: [0312] This may be implemented by server virtual private network gateway send online information to a client:

[0313] 方式一、客户端通过浏览器登陆该虚拟专用网服务器。 [0313] a way, the client log virtual private network server through a browser. 客户端通过该浏览器接收在线网关信息; The client receives online information gateway through the browser;

[0314] 方式二、客户端通过浏览器登陆该虚拟专用网服务器。 [0314] Second way, the client log in the virtual private network server through a browser. 客户端通过控件获取在线网关ί目息。 Client access to online information gateway ί project through controls. 该控件可以是ActiveX。 The control can be ActiveX.

[0315] 客户端发送请求登录该第一网关的第二登录请求具体实现时,可以是: When [0315] the second client sends a request to the first gateway Log request specific implementation may be:

[0316] 客户端通过浏览器接收在线网关信息。 [0316] The client receives online information gateway through a browser. 客户端从在线网关信息中选定该第一网关,并通过浏览器向该第一网关发送第二登录请求。 The first gateway client selected from an online gateway information, and sends the second login request to the first gateway through a browser.

[0317] 应用服务器是位于虚拟专用网的应用服务器。 [0317] The application server is an application server is in a virtual private network. 应用服务器能够通过第一网关与该虚拟专用网以外的网络进行通信。 An application server capable of communicating with the gateway through a first virtual private network other than the network. 应用服务器可以是视频服务器、文件服务器或者是网站服务器。 The application server can be a video server, a file server or web server.

[0318] 可见,本实施例提供的技术方案中,虚拟专用网服务器位于公网,具有公网IP地址,客户端能够根据虚拟专用网服务器的公网IP地址访问虚拟专用网服务器。 [0318] seen that the present embodiment provides the technical solutions, virtual private network server on the public network, the public network having an IP address, the client server according to the virtual private network can be a public IP address to access the virtual private network server. 客户端能够通过虚拟专用网服务器访问已登录虚拟专用网服务器的虚拟专用网网关所对应的虚拟专用网。 The client can be logged in a virtual private network server virtual private network access server through a virtual private network gateway corresponding to the virtual private network. 因此,通过本实施例提供的技术方案,能够解决现有技术中虚拟专用网网关需要占用公网IP地址的技术问题。 Therefore, the technical solution provided in this embodiment, it is possible to solve the prior art take up a virtual private network gateway public IP address technical issues.

[0319] 可选的, [0319] Alternatively,

[0320] 访问单元703包括第一访问单元和第二访问单元; [0320] access unit 703 includes a first access unit and a second access unit;

[0321] 该第一访问单元,用于通过该第一网关向该应用服务器发送第一访问请求; [0321] The first access unit, configured to send a first request to access the application server through a first gateway;

[0322] 该第二访问单元,用于通过该第一网关接收该应用服务器发送的第一访问响应,该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应; [0322] The second access unit, for receiving a first access response sent by the application server via the first gateway, the first access request for the application server to the client in response to transmitting the first access;

[0323] 该第一访问单元包括第一触发单元以及访问请求发送单元: [0323] The first access means comprises a first trigger unit and an access request transmitting unit:

[0324] 该第一触发单元,用于触发该访问请求发送单元发送该第一访问请求; [0324] The first trigger means for triggering the access request transmitting unit transmits the first access request;

[0325] 该访问请求发送单元,用于通过第一安全套接层连接向该虚拟专用网服务器发送该第一访问请求,该第一访问请求中包含该第一网关的标识,该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接;该第一访问请求用于使该虚拟专用网服务器根据安全套接层协议的协议栈得到该第一安全套接层连接的标识,该第一访问请求还用于使该虚拟专用网服务器根据该第一访问请求中的该第一网关的标识以及该第一安全套接层连接的标识生成第一对应关系,该第一对应关系包括该第一网关的标识、第二安全套接层连接的标识以及该第一安全套接层连接的标识,该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接;该第一访问请求还用于使该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求,生成第二 [0325] The access request transmitting means for transmitting the first access request to the virtual private network server connected by a first Secure Sockets Layer, the first access request comprises a first identifier of the gateway, the first Secure Socket layer connection for the connection between the client and the virtual private network server; the access request for a first virtual private network server to obtain the identifier of the first connector according to the Secure Socket layer protocol stack Secure Sockets layer protocol, which further first access request for the virtual private network server generating a first corresponding relationship between the identifier of the first gateway according to the first access request and identifying the first Secure Socket layer connection, the first correspondence relationship comprises the identifying a first gateway, a second identification Secure Sockets layer identifies the first connection and secure socket layer connection, the second connection for the Secure Sockets layer virtual private network connection between the first gateway server; the first a further access requests for the virtual private network server identifies the Secure Sockets layer adding the first connection to the first access request, generates a second 访问请求;该第一访问请求还用于使该虚拟专用网服务器通过该第二安全套接层连接向该第一网关发送该第二访问请求;该第二访问请求用于使该第一网关通过第一传输控制协议连接将该第二访问请求转发至该应用服务器,该第二访问请求用于使该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识,并根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系,该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识,该第一传输控制协议连接为该第一网关与该应用服务器之间的连接;该第二访问请求还用于使该第一网关通过该第一传输控制协议连接向该应用服务器转发该第二访问请求; Access request; the first access request also for the virtual private network server transmits the second request to the first access gateway via the second secure socket layer connection; request for access to the second gateway via the first a first TCP connection with the second access request is forwarded to the application server, the request for the second access gateway to obtain a first identifier of the second connector according to the Secure Socket layer Secure Sockets layer protocol stack, and based on the the first identification Secure Sockets layer connected to the second access request generates a second correspondence relationship, the second corresponding relationship between the first identifier comprises a Secure Socket layer connection identifier of the Secure Socket layer second connection and the first connection identification transmission control protocol, the first TCP connection for the connection between the first gateway and the application server; the second access request is further configured such that the first gateway via the first connection to a transmission control protocol the second application server forwards the access request;

[0326] 该第二访问单元包括第二触发单元以及访问响应接收单元: [0326] The second trigger unit comprises a second access unit and an access response receiving unit:

[0327] 该第二触发单元,用于触发该访问响应接收单元接收第二访问响应; [0327] The second triggering means for triggering the access response receiving unit receives a second access response;

[0328] 该访问响应接收单元,用于通过该第一安全套接层连接接收该虚拟专用网服务器转发的该第二访问响应,该第二访问响应通过如下途径得到: [0328] The access response receiving unit, for the second access response forwarded by the first connector receives the Secure Sockets Layer Virtual Private Network server, the second access response obtained by the following ways:

[0329] 该应用服务器通过该第一传输控制协议连接发送该第一访问响应; [0329] The application server is connected to the first access response transmitted by the first transmission control protocol;

[0330] 该第一网关根据传输控制协议的协议栈得到该第一传输控制协议连接的标识,该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系,该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识; [0330] The first transmission control protocol gateway protocol stack obtained by first identifying the TCP connection according to the identifier of the first gateway according to a first lookup TCP connection to the second correspondence, the first the first gateway obtained Secure Sockets layer connection identifier and a second identifier of the Secure Socket layer connection based on the second correspondence;

[0331] 该第一网关将该第一安全套接层连接的标识添加到该第一访问响应,生成该第二访问响应; [0331] The first gateway identifies the Secure Sockets Layer adding the first connection to the first access response, generating the second access response;

[0332] 该第一网关通过该第二安全套接层连接向该虚拟专用网服务器发送该第二访问响应; [0332] The first gateway via the second secure socket layer connection to the second access response transmitted to the virtual private network server;

[0333] 该虚拟专用网服务器根据该第二访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接,并通过该第一安全套接层连接向该客户端转发该第二访问响应。 [0333] The second virtual private network server to access the first response to the Secure Sockets Layer connection identifier determining that the first connection is a secure socket layer connection for communication, and the first connection according to the Secure Sockets Layer the client forwards the second access response.

[0334] 可以通过对应表中的表项记录第一对应关系和第二对应关系。 [0334] Table records can be the first correspondence table and the second correspondence correspondence relationship. 也可以通过文件记录第一对应关系和第二对应关系。 It can be recorded in a first corresponding relationship and a second relationship with the aid file.

[0335] 第一网关根据第一传输控制协议连接的标识查找到第二对应关系。 [0335] The first gateway to find the corresponding relationship between a second identifier according to the first transmission control protocol connection. 具体实现时,可以是第一网关在对应表中查找包含第一传输控制协议连接的标识的表项,并根据包含第一传输控制协议连接的标识的表项得到第一安全套接层连接的标识以及第二安全套接层连接的标识。 In specific implementation, the first gateway may be a lookup table entry identifier comprises a first transmission control protocol connection in the correspondence table, and to obtain a first identifier secure socket layer connection according to a first table entry contains a transmission control protocol connection identifier and identifying a second secure socket layer connection.

[0336] 本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:R0M、RAM、磁碟或者光盘等各种可以存储程序代码的介质。 [0336] Those of ordinary skill in the art can be appreciated: realize all or part of the steps of the method described above may be implemented by a program instructing relevant hardware to complete, the program may be stored in a computer readable storage medium, when the program execution , comprising the step of performing the above-described embodiment of the method; and the storage medium comprising: R0M, RAM, magnetic disk, optical disk or other media capable of storing program code.

[0337] 最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。 [0337] Finally, it should be noted that: the above embodiments are intended to illustrate the present invention, rather than limiting;. Although the present invention has been described in detail embodiments, those of ordinary skill in the art should be understood: may still be made to the technical solutions described in each embodiment of the modified or part of the technical features equivalents; as such modifications or replacements do not cause the essence of corresponding technical solutions to depart from the technical solutions of the embodiments of the present invention and scope.

Claims (15)

  1. 1.一种访问应用服务器的方法,其特征在于,包括: 位于公网的虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求,所述第一登录请求包含所述第一网关的标识; 所述虚拟专用网服务器根据所述第一登录请求生成在线网关信息,所述在线网关信息包含所述第一网关的标识; 所述虚拟专用网服务器向客户端发送所述在线网关信息; 所述虚拟专用网服务器接收所述客户端发送的请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识; 所述虚拟专用网服务器向所述第一网关转发所述第二登录请求,以便于所述第一网关对所述第二登录请求进行响应; 所述虚拟专用网服务器传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,所述应用服务器位于所述虚拟专用网。 1. A method of accessing an application server, characterized by comprising: a public network, virtual private network login request at the first server receives a first virtual private network gateway transmitted, the first login request including the first identifies a gateway; the virtual private network server according to the first request for online gateway generates log information containing the identification information of the online gateway to the first gateway; the virtual private network server transmits to the client the line gateway information; the virtual private network server receives the login request sent by the second client of the first gateway login request, the second login request containing the identification of the first gateway; the virtual private network server forwarding the second login request to the first gateway, to respond to the second login request to the first gateway; the server transmitting the virtual private network client to access the gateway through the first a first flow rate of said application server, the application server is in the virtual private network.
  2. 2.根据权利要求1所述方法,其特征在于, 所述虚拟专用网服务器传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,包括: 所述虚拟专用网服务器向所述应用服务器传输所述客户端发送的第一访问请求,并且所述虚拟专用网服务器向所述客户端传输所述应用服务器发送的第一访问响应,所述第一访问请求用于使所述应用服务器向所述客户端发送所述第一访问响应,所述第一流量包括所述第一访问请求以及所述第一访问响应; 所述虚拟专用网服务器向所述应用服务器传输所述客户端发送的第一访问请求,包括: 所述虚拟专用网服务器通过第一安全套接层连接接收所述客户端发送的所述第一访问请求,所述第一访问请求中包含所述第一网关的标识,所述第一安全套接层连接为所述客户端与所述虚拟专用网服务器之间的连接; 所述虚拟专 2. The method according to claim 1, wherein the first flow of the first virtual gateway server to access the application server transmitting the private network through the client, comprising: a virtual private network server to the application server to transmit the first access request sent by the client, and the first virtual private network access response sent by the server to the client transmitting the application server, the first access request for the said application server sends to the client in response to the first access, the first flow comprising the first access request and the first access response; the application server transmitting the virtual private network server to the a first access request sent by the client, comprising: a virtual private network server through the first secure socket layer connection by the client receiving a first access request sent by the first access request comprising the first identification of the gateway, the first secure socket layer connection between the private network connecting the client and the server virtual; the virtual private 用网服务器根据安全套接层协议的协议栈得到所述第一安全套接层连接的标识,所述虚拟专用网服务器生成第一对应关系,所述第一对应关系包括所述第一网关的标识、第二安全套接层连接的标识以及所述第一安全套接层连接的标识,所述第二安全套接层连接为所述虚拟专用网服务器与所述第一网关之间的连接; 所述虚拟专用网服务器将所述第一安全套接层连接的标识添加到所述第一访问请求,生成第二访问请求; 所述虚拟专用网服务器通过所述第二安全套接层连接向所述第一网关发送所述第二访问请求,以便于所述第一网关通过第一传输控制协议连接将所述第二访问请求发送至所述应用服务器,所述第二访问请求用于使所述第一网关根据安全套接层协议栈得到所述第二安全套接层连接的标识,并根据所述第二访问请求中的所述第一安全套接层 For the identification of the first connector according to the Secure Sockets Layer protocol stack with the Secure Sockets Layer protocol network server, a virtual private network server generating a first corresponding relationship, the first correspondence relationship comprises identifying a first gateway, Secure Sockets layer second identification identifies the first connection and secure socket layer connection, said second connection is a secure socket layer connection between the server and the virtual private network first gateway; virtual private identifying the first network server connected to the Secure Socket layer added to the first access request, generating a second access request; the virtual private network server via said second secure socket layer connection to send to the first gateway said second access request to the first gateway is connected to the second access request to the application server through the first transmission control protocol, the second request for access according to the first gateway Secure Sockets layer protocol stack to obtain the second identification secure socket layer connection and the second access request in accordance with the first Secure Sockets layer 接的标识生成第二对应关系,所述第二对应关系包括所述第一安全套接层连接的标识、所述第二安全套接层连接的标识以及所述第一传输控制协议连接的标识,所述第一传输控制协议连接为所述第一网关与所述应用服务器之间的连接,所述第二访问请求还用于触发所述第一网关通过所述第一传输控制协议连接向所述应用服务器转发所述第二访问请求; 所述虚拟专用网服务器向所述客户端传输所述应用服务器发送的第一访问响应,包括: 所述虚拟专用网服务器接收第二访问响应,所述第二访问响应通过如下途径得到: 所述应用服务器通过所述第一传输控制协议连接发送所述第一访问响应; 所述第一网关根据传输控制协议的协议栈得到所述第一传输控制协议连接,所述第一网关根据所述第一传输控制协议连接的标识查找到所述第二对应关系;所述第一 Then generating a second corresponding relationship between the identifier, the second identifier comprises a corresponding relationship between said first secure socket layer connection identifier identifying the second secure socket layer connection and the first transmission control protocol connection, the said first transmission control protocol connection for the connection between the first gateway and the application server, said second access request is further configured to trigger the first gateway via the first connection to the transmission control protocol the application server forwards the second access request; of the first virtual private network access response sent by the server to the client transmitting the application server, comprising: a virtual private network access server receives a second response to the second two access response obtained by the following route: the application server is connected to the first access response transmitted by the first transmission control protocol; the first gateway to obtain the first TCP connection in accordance with the transmission control protocol stack , find the first gateway according to the identifier of the first TCP connection to the second corresponding relationship; the first 网关根据所述第二对应关系得到所述第一安全套接层连接的标识以及所述第二安全套接层连接的标识; 所述第一网关将所述第一安全套接层连接的标识添加到所述第二访问响应,生成所述第一访问响应; 所述第一网关通过所述第二安全套接层连接向所述虚拟专用网服务器发送所述第一访问响应; 所述虚拟专用网服务器根据所述第一访问响应中的所述第一安全套接层连接的标识确定所述第一安全套接层连接为用于通信的连接,并通过所述第一安全套接层连接将所述第一访问响应转发至所述客户端。 Identifying a first gateway to obtain secure socket layer connection and identifies the second secure socket layer connection according to the second correspondence relationship; identifying the first gateway to the first secure socket layer connection is added to the said second access response generating the first access response; the first gateway via the second connection to the Secure Sockets layer virtual private network server transmitting the first access response; according to the virtual private network server said first first access response Secure Sockets layer connection identifier to determine the first connection for secure socket layer connection for communication, and is connected to the first access by the first Secure Sockets layer forwarding the response to the client.
  3. 3.根据权利要求1或2所述方法,其特征在于, 所述第一流量为所述客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问所述应用服务器的流量。 3. A method according to claim 1 or claim 2, wherein the flow rate of the first client to the Web Agent, the conversion application, or a network port forwarding and scalable way traffic of the application server.
  4. 4.一种访问应用服务器的方法,其特征在于,包括: 位于虚拟专用网的第一网关向位于公网的虚拟专用网服务器发送包含所述第一网关的标识的第一登录请求,以便于所述虚拟专用网服务器生成用于被客户端接收的包含所述第一网关的标识的在线网关信息; 所述第一网关接收所述虚拟专用网服务器转发的所述客户端发送的请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识; 所述第一网关对所述第二登录请求进行响应; 所述第一网关传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,所述应用服务器位于所述第一网关对应的虚拟专用网。 A method of accessing an application server, characterized by comprising: a first virtual private network gateway is located in a first transmission of the login request comprises an identification of a first gateway to the public network, the virtual private network server, in order to the virtual private network gateway server to generate a line identifying information is included in the first gateway receives the client; the first gateway receives the request sent by the client virtual private network server forwards the login said second login request to a first gateway, the second login request containing the identification of the first gateway; the first gateway to the second login request response; transmitting the first gateway to the client a first flow through the first gateway to access the application server, the application server is in a virtual private network gateway corresponding to the first.
  5. 5.根据权利要求4所述方法,其特征在于, 所述第一网关传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,包括: 所述第一网关向所述应用服务器传输所述客户端发送的第一访问请求,并且所述第一网关向所述客户端传输所述应用服务器发送的第一访问响应,所述第一访问请求用于使所述应用服务器向所述客户端发送所述第一访问响应,所述第一流量包括所述第一访问请求以及所述第一访问响应; 所述第一网关向所述应用服务器传输所述客户端发送的第一访问请求,包括: 所述第一网关通过第二安全套接层连接接收所述虚拟专用网服务器发送的第二访问请求,所述第二安全套接层连接为所述虚拟专用网服务器与所述第一网关之间的连接,所述第二访问请求通过如下途径得到: 所述虚拟专用网服务器通过第一安全套接层连接接收所述 5. The method according to claim 4, wherein the first gateway via a first client to transmit the flow rate of the first gateway to access the application server, comprising: the first gateway to the the first application server to transmit the access request sent by the client, and the first access gateway sends to the first client in response to the transmission of the application server, the first access request for the application server sends to the client in response to the first access, the first flow comprising the first access request and the first access response; the first gateway sends to the application server transmits to the client first access request, comprising: a first gateway coupled to receive the second through the Secure Sockets layer virtual private network second access request sent by the server, the second connection is the secure socket layer server and the virtual private network said connection between the first gateway and the second access request is obtained by the following route: the first virtual secure socket layer server is connected to receive the private network by 户端发送的所述第一访问请求,所述第一安全套接层连接为所述客户端与所述虚拟专用网服务器之间的连接,所述第一访问请求中包含所述第一网关的标识; 所述虚拟专用网服务器根据安全套接层协议的协议栈得到所述第一安全套接层连接的标识,所述虚拟专用网服务器根据所述第一安全套接层连接的标识以及所述第一访问请求中的所述第一网关的标识生成第一对应关系,所述第一对应关系包括所述第一网关的标识、所述第二安全套接层连接的标识以及所述第一安全套接层连接的标识; 所述虚拟专用网服务器将所述第一安全套接层连接的标识添加到所述第一访问请求,生成所述第二访问请求; 所述第一网关通过第一传输控制协议连接将所述第二访问请求转发至所述应用服务器;所述第一网关根据安全套接层协议栈得到所述第二安全套接层连接的 The client transmitting a first access request, said first secure socket layer connection to the client and the virtual private network connection between the server, the first access gateway comprises the first request identifier; the virtual private network server to obtain the first identifier Secure Sockets layer protocol stack connection according to the Secure Sockets layer protocol, the virtual private network server according to the first Secure Sockets layer connection identification and the first identifying the first access request in the gateway generating a first corresponding relationship, the first correspondence relationship comprises identifying a first gateway, said second identification Secure Sockets layer connected to said first and Secure Sockets layer connection identifier; the virtual private network server, the identifier of the first secure socket layer connection is added to the first access request, generating said second access request; the first gateway via the first transmission control protocol the second access request is forwarded to the application server; the first gateway to obtain the second secure socket layer connection according to the Secure Sockets layer protocol stack 标识,所述第一网关根据所述第二访问请求中的所述第一安全套接层连接的标识生成第二对应关系,所述第二对应关系包括所述第一安全套接层连接的标识、所述第二安全套接层连接的标识以及所述第一传输控制协议连接的标识,所述第一传输控制协议连接为所述第一网关与所述应用服务器之间的连接; 所述第一网关向所述客户端传输所述应用服务器发送的第一访问响应,包括: 所述第一网关通过所述第一传输控制协议连接接收所述应用服务器发送的所述第一访问响应; 所述第一网关根据传输控制协议的协议栈得到所述第一传输控制协议连接,所述第一网关根据所述第一传输控制协议连接的标识查找到所述第二对应关系;所述第一网关根据所述第二对应关系得到所述第一安全套接层连接的标识以及所述第二安全套接层连接的标识; 所述第一网关将 Identifying a first gateway generates a second corresponding relationship according to the identifier of the second access request in the first Secure Sockets Layer connection, the second corresponding relationship includes the first identification Secure Sockets Layer connection, Secure Sockets layer said second identification identifies the first connection and the connection of the transmission control protocol, the first TCP connection to the connection between the first gateway and the application server; the first first access gateway sends a response to the client transmitting the application server, comprising: a first gateway coupled to receive the application server in response to transmitting the first access by the first transmission control protocol; the the first gateway protocol stack to obtain the first transmission control protocol TCP connections, the first gateway connection identifier according to the first transmission control protocol to find the second corresponding relationship; the first gateway the second corresponding relationship between the obtained first Secure Sockets layer identifier and a connection identifier of the second connector according to the Secure Sockets layer; the first gateway 述第一安全套接层连接的标识添加到所述第一访问响应,生成第二访问响应; 所述第一网关通过所述第二安全套接层连接向所述虚拟专用网服务器发送所述第二访问响应,所述第二访问响应用于使所述虚拟专用网服务器根据所述第二访问响应中的所述第一安全套接层连接的标识确定所述第一安全套接层连接为用于通信的连接,并通过所述第一安全套接层连接将所述第二访问响应转发至所述客户端。 Secure Sockets Layer said first connection identifier is added to the first access response, generating a second access response; the first gateway via the second secure socket layer connection to send to the said second virtual private network server access response, the second access response for the virtual private network server determines that said first connection is a Secure Socket layer for communications according to the second to the first access response identification Secure Sockets layer connection connection and the second access connection forwarding the response to the client through the first Secure Sockets layer.
  6. 6.根据权利要求4或5所述方法,其特征在于, 所述第一流量为所述客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问所述应用服务器的流量。 6. The method according to claim 4 or claim 5, wherein the flow rate of the first client to the Web Agent, the conversion application, or a network port forwarding and scalable way traffic of the application server.
  7. 7.一种访问应用服务器的方法,其特征在于,包括: 客户端接收位于公网的虚拟专用网服务器发送的在线网关信息,所述在线网关信息通过如下途径得到:所述虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求,所述第一登录请求包含所述第一网关的标识;所述虚拟专用网服务器根据所述第一登录请求生成在线网关信息,所述在线网关信息包含所述第一网关的标识; 所述客户端向所述虚拟专用网服务器发送请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识,以便于所述虚拟专用网服务器向所述第一网关转发所述第二登录请求,所述第二登录请求用于使所述第一网关对所述第二登录请求进行响应; 所述客户端通过所述第一网关访问所述应用服务器,所述应用服务器位于所述虚拟专用网。 A method of accessing an application server, characterized by comprising: receiving a client virtual private network server on the public network gateway information transmitted online, the information obtained by the online gateway route: the virtual private network server receives the first login request a first virtual private network gateway is transmitted, the first login request containing the identification of the first gateway; the virtual private network gateway server request generating online information according to the first login, the identifying the online gateway information comprises a first gateway; the client sends a request to log in the second login request to a first gateway of the virtual private network server, the second login request to the first gateway comprises identity to the private network server to forward the first gateway to the second virtual login request, the second login request for the first gateway to the second login request to respond; the the first gateway by a client to access the application server, the application server is in the virtual private network.
  8. 8.根据权利要求7所述方法,其特征在于, 所述客户端通过所述第一网关访问所述应用服务器,包括: 所述客户端通过所述第一网关向所述应用服务器发送第一访问请求,并且所述客户端通过所述第一网关接收所述应用服务器发送的第一访问响应,所述第一访问请求用于使所述应用服务器向所述客户端发送所述第一访问响应; 所述客户端通过所述第一网关向所述应用服务器发送第一访问请求,包括: 所述客户端通过第一安全套接层连接向所述虚拟专用网服务器发送所述第一访问请求,所述第一访问请求中包含所述第一网关的标识,所述第一安全套接层连接为所述客户端与所述虚拟专用网服务器之间的连接;所述第一访问请求用于使所述虚拟专用网服务器根据安全套接层协议的协议栈得到所述第一安全套接层连接的标识,所述第一访问请求还用于使所 8. A method according to claim 7, wherein said first through said client to access the application gateway server comprising: a client via the first gateway sending a first application to the server access request, and the client by the first gateway in response to receiving the first access application server sent by the first access request for transmitting the application of the first access server to the client response; the client sends a first request for access to the application server via the first gateway, comprising: a first by the client to send the secure socket layer connection to the server is a first virtual private network access request , the first access request includes the identifier of said first gateway, said first secure socket layer connection to the client and the virtual private network connection between the server; the first access request for the virtual private network server protocol stack according to the Secure Sockets layer protocol to obtain the first identifier Secure Sockets layer connection, the first access request for the further 虚拟专用网服务器根据所述第一访问请求中的所述第一网关的标识以及所述第一安全套接层连接的标识生成第一对应关系,所述第一对应关系包括所述第一网关的标识、第二安全套接层连接的标识以及所述第一安全套接层连接的标识,所述第二安全套接层连接为所述虚拟专用网服务器与所述第一网关之间的连接;所述第一访问请求还用于使所述虚拟专用网服务器将所述第一安全套接层连接的标识添加到所述第一访问请求,生成第二访问请求;所述第一访问请求还用于使所述虚拟专用网服务器通过所述第二安全套接层连接向所述第一网关发送所述第二访问请求;所述第二访问请求用于使所述第一网关通过第一传输控制协议连接将所述第二访问请求转发至所述应用服务器,所述第二访问请求用于使所述第一网关根据安全套接层协议栈得到所述第二安 Generating a first virtual private network server according to the identifier correspondence relationship between the first access request identifying a first gateway and said first secure socket layer connection, the first correspondence relationship comprises said first gateway identifying a second identification Secure Sockets layer identifies the first connection and secure socket layer connection, said second connection is a secure socket layer connection between the virtual private network gateway server and the first; the further first access request for the virtual private network server, the first secure socket layer connection identifier is added to the first access request, generating a second access request; the first access request for further the virtual private network server via said second secure socket layer connection sending the second request to the first access gateway; the second access request for the first gateway via the first transmission control protocol the second access request is forwarded to the application server, said second request for access to obtain the first gateway according to the second security secure Sockets layer protocol stack 套接层连接的标识,并根据所述第二访问请求中的所述第一安全套接层连接的标识生成第二对应关系,所述第二对应关系包括所述第一安全套接层连接的标识、所述第二安全套接层连接的标识以及所述第一传输控制协议连接的标识,所述第一传输控制协议连接为所述第一网关与所述应用服务器之间的连接;所述第二访问请求还用于使所述第一网关通过所述第一传输控制协议连接向所述应用服务器转发所述第二访问请求; 所述客户端通过所述第一网关接收所述应用服务器发送的第一访问响应,包括:所述客户端通过所述第一安全套接层连接接收所述虚拟专用网服务器转发的第二访问响应,所述第二访问响应通过如下途径得到: 所述应用服务器通过所述第一传输控制协议连接发送所述第一访问响应; 所述第一网关根据传输控制协议的协议栈得到所述第一 Socket layer connection identifier, and identifies Layer connection according to generate a second correspondence relationship between the second access request in a first condom, the second corresponding relationship includes the first identification Secure Sockets Layer connection identifying the second Secure Sockets layer connection identification and the first transmission control protocol connection, the first TCP connection to the connection between the first gateway and the application server; the first two further access requests for the first gateway connecting the second access request is forwarded to the application server through the first transmission control protocol; the client received by the server application transmits the first gateway a first access response, comprising: the first client via the secure socket layer coupled to receive the second virtual private network access server forwards the response, the second access response is obtained by the following route: the application server connected by the first transmission control protocol transmission in response to the first access; the first gateway to obtain the first transmission control protocol according to a protocol stack of 传输控制协议连接的标识,所述第一网关根据所述第一传输控制协议连接的标识查找到所述第二对应关系,所述第一网关根据所述第二对应关系得到所述第一安全套接层连接的标识以及所述第二安全套接层连接的标识; 所述第一网关将所述第一安全套接层连接的标识添加到所述第一访问响应,生成所述第二访问响应; 所述第一网关通过所述第二安全套接层连接向所述虚拟专用网服务器发送所述第二访问响应; 所述虚拟专用网服务器根据所述第二访问响应中的所述第一安全套接层连接的标识确定所述第一安全套接层连接为用于通信的连接,并通过所述第一安全套接层连接向所述客户端转发所述第二访问响应。 Transmission Control Protocol connection identifier identifying the first gateway is connected according to the first transmission control protocol to find the second corresponding relationship, the first gateway to obtain the first corresponding relationship according to the second condom layer connection identifier and a second identifier of the secure socket layer connection; the first gateway to the identifier of the first secure socket layer connection is added to the first access response, generating the second access response; the first gateway via the second secure socket layer connection to send the access response to the second virtual private network server; the virtual private network server connected to the second access response according to the first condoms determining the identity of the first layer is connected secure socket layer connection for connecting a communication and is connected to the forward end of the second client by the first access response Secure Sockets layer.
  9. 9.根据权利要求7或8所述方法,其特征在于, 所述客户端通过所述第一网关访问所述应用服务器,包括: 所述客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问所述应用服务器。 Or 9. The method according to claim 78, wherein the client via the first gateway to access the application server, comprising: a web proxy to the client, the conversion application, or port forwarding network extension the access to the application server.
  10. 10.一种访问应用服务器的装置,其特征在于,包括: 第一接收单元,用于接收位于虚拟专用网的第一网关发送的第一登录请求,所述第一登录请求包含所述第一网关的标识; 网关信息生成单元,用于根据所述第一登录请求生成在线网关信息,所述在线网关信息包含所述第一网关的标识; 发送单元,用于向客户端发送所述在线网关信息; 第二接收单元,用于接收所述客户端发送的请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识; 转发单元,用于向所述第一网关转发所述第二登录请求,以便于所述第一网关对所述第二登录请求进行响应; 传输单元,用于传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,所述应用服务器位于所述虚拟专用网。 10. An apparatus for accessing an application server, characterized by comprising: a first receiving means for receiving a login request at the first virtual private network gateway first transmitted the first login request comprising the first identification of the gateway; gateway information generation means for generating a request according to the first online gateway login information, comprising information identifying the online gateway to the first gateway; transmitting means for transmitting to said client online gateway information; a second receiving unit, a second request receiving the login request sent by the client to log in the first gateway, the second login request containing the identification of the first gateway; forwarding unit, configured to forwarding the second request to the first gateway login to respond to the second login request to the first gateway; transmitting means for transmitting the client via the first gateway to access the application a first flow server, the application server is in the virtual private network.
  11. 11.根据权利要求10所述装置,其特征在于, 所述传输单元包括第一子单元以及第二子单元; 所述第一子单元用于向所述应用服务器传输所述客户端发送的第一访问请求; 所述第二子单元用于向所述客户端传输所述应用服务器发送的第一访问响应,所述第一访问请求用于使所述应用服务器向所述客户端发送所述第一访问响应,所述第一流量包括所述第一访问请求以及所述第一访问响应; 所述第一子单元包括: 访问请求接收单元,用于通过第一安全套接层连接接收所述客户端发送的所述第一访问请求,所述第一访问请求中包含所述第一网关的标识,所述第一安全套接层连接为所述客户端与所述虚拟专用网服务器之间的连接; 对应关系生成单元,用于根据安全套接层协议的协议栈得到所述第一安全套接层连接的标识,生成第一对应关系,所述第一对应 11. The apparatus according to claim 10, wherein said transmission unit comprises a first subunit and a second subunit; for the first sub-unit of the transmission to the application server transmitting the client an access request; the second sub-unit for the first access response sent to the client transmitting the application server, the first access request for the application server to the client to send the a first access response, the first flow comprising the first access request and the first access response; said first sub-unit comprising: access request receiving means for receiving a connection through said first Secure Sockets layer the client sends a first access request, the access request comprising a first identifier of said first gateway, said first secure socket layer connection to the client and the virtual private network between server connection; correspondence relation generating means for obtaining the first identification Secure Sockets layer protocol stack connection according to the Secure Sockets layer protocol, generating a first corresponding relationship, the first correspondence 系包括所述第一网关的标识、第二安全套接层连接的标识以及所述第一安全套接层连接的标识,所述第二安全套接层连接为所述虚拟专用网服务器与所述第一网关之间的连接; 访问请求更新单元,用于将所述第一安全套接层连接的标识添加到所述第一访问请求,生成第二访问请求; 访问请求发送单元,用于通过所述第二安全套接层连接向所述第一网关发送所述第二访问请求,以便于所述第一网关通过第一传输控制协议连接将所述第二访问请求发送至所述应用服务器,所述第二访问请求用于使所述第一网关根据安全套接层协议栈得到所述第二安全套接层连接的标识,并根据所述第二访问请求中的所述第一安全套接层连接的标识生成第二对应关系,所述第二对应关系包括所述第一安全套接层连接的标识、所述第二安全套接层连接的标识以及所述第一 Identifying the system comprising a first gateway, a second identification Secure Sockets Layer identifies the first connection and secure socket layer connection, said second connection to the Secure Sockets Layer Virtual Private Network server and the first the connection between the gateway; access request updating means for adding the first identification Secure Sockets layer connection to the first access request, generating a second access request; access request transmitting means for said first through two secure socket layer connection to the first access gateway sends the second request to the first gateway is connected to the second access request to the application server through the first transmission control protocol, the first two for the first access request identifying the second gateway to obtain secure socket layer connection according to the Secure Sockets layer protocol stack, based on said second access request to the first secure socket layer connection identifier generators second correspondence, said second correspondence relationship comprises the first Secure Sockets layer connection identifier identifying the second secure socket layer connection and the first 传输控制协议连接的标识,所述第一传输控制协议连接为所述第一网关与所述应用服务器之间的连接,所述第二访问请求还用于触发所述第一网关通过所述第一传输控制协议连接向所述应用服务器转发所述第二访问请求; 所述第二子单元包括: 访问响应接收单元,用于接收第二访问响应,所述第二访问响应通过如下途径得到: 所述应用服务器通过所述第一传输控制协议连接发送所述第一访问响应; 所述第一网关根据传输控制协议的协议栈得到所述第一传输控制协议连接,所述第一网关根据所述第一传输控制协议连接的标识查找到所述第二对应关系;所述第一网关根据所述第二对应关系得到所述第一安全套接层连接的标识以及所述第二安全套接层连接的标识; 所述第一网关将所述第一安全套接层连接的标识添加到所述第二访问响应,生成所述第一访 Connection identification transmission control protocol, the first TCP connection to the connection between the first gateway and the application server, said second access request is further configured to trigger the first gateway via the first a TCP connection to the application server forwards the second access request; the second sub-unit comprising: access response receiving means for receiving a second access response, the second access response obtained by the following ways: the application server through the first transmission control protocol transmission in response to the first access; the first gateway to obtain the first TCP connection according to the protocol of the transmission control protocol stack, according to the first gateway identifying said first TCP connection to the second lookup corresponding relationship; the first gateway to obtain the first identifier and a secure socket layer connection to the second connector according to the Secure Sockets layer second correspondence identifier; identifying the first gateway to the first secure socket layer connection is added to the second access response, to generate the first access 问响应; 所述第一网关通过所述第二安全套接层连接向所述虚拟专用网服务器发送所述第一访问响应; 访问响应转发单元,用于根据所述第一访问响应中的所述第一安全套接层连接的标识确定所述第一安全套接层连接为用于通信的连接,并通过所述第一安全套接层连接将所述第一访问响应转发至所述客户端。 Q response; the first gateway via the second connection Secure Sockets Layer Virtual Private Network server transmitting the response to the first access; access response forwarding unit, according to the first access response Secure Sockets layer the first identification of the first connection to determine the connection for secure socket layer connection for communication, said first access connection and forwarding the response to the client through the first Secure Sockets layer.
  12. 12.—种访问应用服务器的装置,其特征在于,包括: 发送单元,用于向位于公网的虚拟专用网服务器发送包含位于虚拟专用网的第一网关的标识的第一登录请求,以便于所述虚拟专用网服务器生成用于被客户端接收的包含所述第一网关的标识的在线网关信息; 接收单元,用于接收所述虚拟专用网服务器转发的所述客户端发送的请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识; 响应单元,用于对所述第二登录请求进行响应; 传输单元,用于传输所述客户端通过所述第一网关访问所述应用服务器的第一流量,所述应用服务器位于所述第一网关对应的虚拟专用网。 12.- species device accesses the application server, characterized by comprising: transmitting means for transmitting a first login request containing the identification at the first virtual private network gateway to the public network, the virtual private network server, in order to the virtual private network gateway server generates a line containing the identification information of the first client receiving gateway; a receiving unit for receiving the request from the virtual private network server to forward the client transmits the login said second login request to a first gateway, the second login request containing the identification of the first gateway; response unit configured to respond to the second login request; a transmission unit for transmitting said client a first flow through the first gateway to access the application server, the application server is in a virtual private network gateway corresponding to the first.
  13. 13.根据权利要求12所述装置,其特征在于, 所述传输单元包括第一子单元和第二子单元; 所述第一子单元用于向所述应用服务器传输所述客户端发送的第一访问请求; 所述第二子单元用于向所述客户端传输所述应用服务器发送的第一访问响应,所述第一访问请求用于使所述应用服务器向所述客户端发送所述第一访问响应,所述第一流量包括所述第一访问请求以及所述第一访问响应; 所述第一子单元包括: 访问请求接收单元,用于通过第二安全套接层连接接收所述虚拟专用网服务器发送的第二访问请求,所述第二安全套接层连接为所述虚拟专用网服务器与所述第一网关之间的连接,所述第二访问请求通过如下途径得到: 所述虚拟专用网服务器通过第一安全套接层连接接收所述客户端发送的所述第一访问请求,所述第一安全套接层连接为所述客户端与 13.12 The device according to claim, characterized in that said transfer unit includes a first subunit and a second subunit; for the first sub-unit of the transmission to the application server transmitting the client an access request; the second sub-unit for the first access response sent to the client transmitting the application server, the first access request for the application server to the client to send the a first access response, the first flow comprising the first access request and the first access response; said first sub-unit comprising: access request receiving means for receiving a connection through said second Secure Sockets layer virtual private network access server sends a second request, said second secure socket layer connection with said virtual private network connection between the gateway server and the first, the second access request is obtained by the following ways: a virtual private network server via the first secure socket layer connection by the client receiving a first access request sent by said first secure socket layer connection to the client and 所述虚拟专用网服务器之间的连接,所述第一访问请求中包含所述第一网关的标识; 所述虚拟专用网服务器根据安全套接层协议的协议栈得到所述第一安全套接层连接的标识,所述虚拟专用网服务器根据所述第一安全套接层连接的标识以及所述第一访问请求中的所述第一网关的标识生成第一对应关系,所述第一对应关系包括所述第一网关的标识、所述第二安全套接层连接的标识以及所述第一安全套接层连接的标识; 所述虚拟专用网服务器将所述第一安全套接层连接的标识添加到所述第一访问请求,生成所述第二访问请求; 访问请求转发单元,用于通过第一传输控制协议连接将所述第二访问请求转发至所述应用服务器;所述第一网关根据安全套接层协议栈得到所述第二安全套接层连接的标识,所述第一网关根据所述第二访问请求中的所述第一安全 The virtual private network connection between the server, the first access request includes the identifier of said first gateway; the virtual private network server to obtain the first Secure Sockets Layer protocol stack connection in accordance with the Secure Socket Layer identifier identifying the virtual private network server connection identifier according to the first and the Secure Sockets layer the first access request generating a first gateway a first corresponding relationship, the first correspondence relationship comprises the identifying said first gateway, said second identification Secure Sockets layer identifies the first connection and secure socket layer connection; identifying the virtual private network server, the first secure socket layer connection is added to the a first access request, generating said second access request; access request forwarding unit, for connection to the second access request is forwarded to the application server through the first transmission control protocol; the first gateway according to Secure Sockets layer identifying a protocol stack to obtain said second secure socket layer connection, according to the first gateway to the second access request to the first security 接层连接的标识生成第二对应关系,所述第二对应关系包括所述第一安全套接层连接的标识、所述第二安全套接层连接的标识以及所述第一传输控制协议连接的标识,所述第一传输控制协议连接为所述第一网关与所述应用服务器之间的连接; 所述第二子单元包括: 访问响应接收单元,用于通过所述第一传输控制协议连接接收所述应用服务器发送的所述第一访问响应; 查找单元,用于根据传输控制协议的协议栈得到所述第一传输控制协议连接,所述第一网关根据所述第一传输控制协议连接的标识查找到所述第二对应关系;所述第一网关根据所述第二对应关系得到所述第一安全套接层连接的标识以及所述第二安全套接层连接的标识; 访问响应更新单元,用于将所述第一安全套接层连接的标识添加到所述第一访问响应,生成第二访问响应; 访问响应 Layer connection identifier to generate a second correspondence relationship, the second corresponding relationship includes the first identification Secure Sockets Layer connection, the second connection of the Secure Sockets Layer identification and the first transmission control protocol connection identifier the first transmission control protocol connection between the first gateway is connected to the application server; the second sub-unit comprising: access response receiving means for receiving a connection through said first transmission control protocol the application server transmits a first access response; searching unit for connecting the stack to obtain the transmission control protocol transmission control protocol according to the first, according to the first gateway is connected to the first transmission control protocol to find the second identification corresponding relationship; the first gateway to obtain the first identifier and a secure socket layer connection identification of the second secure socket layer connection according to the second correspondence; access response update unit, means for adding the first identification Secure Sockets layer connection to the first access response, generating a second access response; access response 送单元,用于通过所述第二安全套接层连接向所述虚拟专用网服务器发送所述第二访问响应,所述第二访问响应用于使所述虚拟专用网服务器根据所述第二访问响应中的所述第一安全套接层连接的标识确定所述第一安全套接层连接为用于通信的连接,并通过所述第一安全套接层连接将所述第二访问响应转发至所述客户端。 Feeding means for connecting said second via Secure Sockets Layer Virtual Private Network server to the sending the second access response, the second access response for the virtual private network server in accordance with said second access the first response Secure Sockets layer connection identifier to determine the first connection for secure socket layer connection for communication, and is connected to the second access response is forwarded to the first through the Secure Sockets layer clients.
  14. 14.一种访问应用服务器的装置,其特征在于,包括: 接收单元,用于接收位于公网的虚拟专用网服务器发送的在线网关信息,所述在线网关信息通过如下途径得到:所述虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求,所述第一登录请求包含所述第一网关的标识;所述虚拟专用网服务器根据所述第一登录请求生成在线网关信息,所述在线网关信息包含所述第一网关的标识; 发送单元,用于向所述虚拟专用网服务器发送请求登录所述第一网关的第二登录请求,所述第二登录请求包含所述第一网关的标识,以便于所述虚拟专用网服务器向所述第一网关转发所述第二登录请求,所述第二登录请求用于使所述第一网关对所述第二登录请求进行响应; 访问单元,用于通过所述第一网关访问所述应用服务器,所述应用服务器位于所述虚拟 14. An apparatus for accessing an application server, characterized by comprising: receiving means for receiving the online information of the gateway of the public network sent by the virtual private network server, the information obtained by the online gateway route: the virtual private server receives at a first virtual private network gateway transmits a first login request, login request containing the identification of the first of said first gateway; the virtual private network gateway server request generating online information according to the first login the line containing the identification information of the gateway to the first gateway; transmitting means for transmitting a second private network server login request to the first gateway to the virtual registration request, the second request comprising the login identifying a first gateway to the private network server to forward the first gateway to the second virtual login request, the second login request for the first gateway to the second login request response; access unit, through the first gateway for access to the application server, the application server is in the virtual 用网。 With a net.
  15. 15.根据权利要求14所述装置,其特征在于, 所述访问单元包括第一访问单元和第二访问单元; 所述第一访问单元,用于通过所述第一网关向所述应用服务器发送第一访问请求; 所述第二访问单元,用于通过所述第一网关接收所述应用服务器发送的第一访问响应,所述第一访问请求用于使所述应用服务器向客户端发送所述第一访问响应; 所述第一访问单元包括第一触发单元以及访问请求发送单元: 所述第一触发单元,用于触发所述访问请求发送单元发送所述第一访问请求; 所述访问请求发送单元,用于通过第一安全套接层连接向所述虚拟专用网服务器发送所述第一访问请求,所述第一访问请求中包含所述第一网关的标识,所述第一安全套接层连接为所述客户端与所述虚拟专用网服务器之间的连接;所述第一访问请求用于使所述虚拟专用网服务器根 15. The apparatus according to claim 14, wherein said access unit comprises a first access unit and a second access unit; the first access unit, configured to send to the application server via the first gateway a first access request; the second access unit, a first access response transmitted by the first gateway receives the application server, the first access request for the application server transmits to the client said first access response; the first access unit includes a first unit and a triggering unit access request: the first triggering means for triggering the access request transmitting unit transmits the first access request; the access request transmitting means for connecting the virtual private network server transmitting the first access request to the first through the Secure Sockets layer, the first access request containing the identification of the first gateway, the first Secure Sockets layer connection to the client and the virtual private network connection between the server; the first access request for the virtual private network server root 安全套接层协议的协议栈得到所述第一安全套接层连接的标识,所述第一访问请求还用于使所述虚拟专用网服务器根据所述第一访问请求中的所述第一网关的标识以及所述第一安全套接层连接的标识生成第一对应关系,所述第一对应关系包括所述第一网关的标识、第二安全套接层连接的标识以及所述第一安全套接层连接的标识,所述第二安全套接层连接为所述虚拟专用网服务器与所述第一网关之间的连接;所述第一访问请求还用于使所述虚拟专用网服务器将所述第一安全套接层连接的标识添加到所述第一访问请求,生成第二访问请求;所述第一访问请求还用于使所述虚拟专用网服务器通过所述第二安全套接层连接向所述第一网关发送所述第二访问请求;所述第二访问请求用于使所述第一网关通过第一传输控制协议连接将所述第二访问请求转发至 Socket Layer protocol stack to obtain the first identifier Secure Sockets Layer connection, the first access request for said further virtual private network server according to the first access request to the first gateway and a first identifier identifying the secure socket layer connection generating a first corresponding relationship, the first correspondence relationship comprises identifying a first gateway, a second identification Secure Sockets layer connection and the first connection Secure Sockets layer identification, said second secure socket layer connection to the virtual private network connection between the server and the first gateway; further the first access request for the virtual private network server, the first Secure Sockets layer connection identifier is added to the first access request, generating a second access request; further the first access request for the virtual private network server via said second secure socket layer connection to the first a second gateway sends the access request; said second access request for the first gateway via the first transmission control protocol to forward the request to the second access 述应用服务器,所述第二访问请求用于使所述第一网关根据安全套接层协议栈得到所述第二安全套接层连接的标识,并根据所述第二访问请求中的所述第一安全套接层连接的标识生成第二对应关系,所述第二对应关系包括所述第一安全套接层连接的标识、所述第二安全套接层连接的标识以及所述第一传输控制协议连接的标识,所述第一传输控制协议连接为所述第一网关与所述应用服务器之间的连接;所述第二访问请求还用于使所述第一网关通过所述第一传输控制协议连接向所述应用服务器转发所述第二访问请求; 所述第二访问单元包括第二触发单元以及访问响应接收单元: 所述第二触发单元,用于触发所述访问响应接收单元接收第二访问响应; 所述访问响应接收单元,用于通过所述第一安全套接层连接接收所述虚拟专用网服务器转发的所述第二 Said application server, said second request to the first access gateway to obtain the second identification secure socket layer connection according to the Secure Sockets Layer protocol stack, and the second access request in accordance with a first Secure Sockets layer connection identifier to generate a second correspondence relationship, the second corresponding relationship includes the first identification Secure Sockets layer connection, the second connection of the Secure Sockets layer identification and the first transmission control protocol connection identifying the first transmission control protocol connection for the connection between the first gateway and the application server; the second access request for the first gateway further connected by the first transmission control protocol the application server forwards the second access request; the second trigger unit comprises a second access unit and an access response receiving unit: second trigger means for triggering the access response receiving unit receives the second access response; the access response receiving unit, for receiving the connection of the virtual private network server by forwarding said first second Secure Sockets layer 问响应,所述第二访问响应通过如下途径得到: 所述应用服务器通过所述第一传输控制协议连接发送所述第一访问响应; 所述第一网关根据传输控制协议的协议栈得到所述第一传输控制协议连接的标识,所述第一网关根据所述第一传输控制协议连接的标识查找到所述第二对应关系,所述第一网关根据所述第二对应关系得到所述第一安全套接层连接的标识以及所述第二安全套接层连接的标识; 所述第一网关将所述第一安全套接层连接的标识添加到所述第一访问响应,生成所述第二访问响应; 所述第一网关通过所述第二安全套接层连接向所述虚拟专用网服务器发送所述第二访问响应; 所述虚拟专用网服务器根据所述第二访问响应中的所述第一安全套接层连接的标识确定所述第一安全套接层连接为用于通信的连接,并通过所述第一安全套接层连接向所 Q in response to the second access response is obtained by the following route: the application server is connected to the first access response transmitted by the first transmission control protocol; obtained according to the first gateway a protocol stack of the Transmission Control Protocol first transmission control protocol connection identifier, said first identifier of the gateway according to a first lookup TCP connection to the second corresponding relationship, the first gateway to obtain the first corresponding relationship according to the second a Secure Sockets layer connection identification and said second identification secure socket layer connection; the first gateway identifying said first secure socket layer connection is added to the first access response generating said second access response; the first gateway via the second connection Secure Sockets layer virtual private network server transmitting the access response to the second; the virtual private network server in the second access response according to a first Secure Sockets layer connection identifier determining that the first secure socket layer connection via the first secure socket layer connection for communication, and to the 客户端转发所述第二访问响应。 Forwarding the second client access response.
CN 201210034128 2012-02-15 2012-02-15 Method and device for accessing application server CN102571817B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201210034128 CN102571817B (en) 2012-02-15 2012-02-15 Method and device for accessing application server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201210034128 CN102571817B (en) 2012-02-15 2012-02-15 Method and device for accessing application server

Publications (2)

Publication Number Publication Date
CN102571817A true CN102571817A (en) 2012-07-11
CN102571817B true CN102571817B (en) 2014-12-10

Family

ID=46416291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201210034128 CN102571817B (en) 2012-02-15 2012-02-15 Method and device for accessing application server

Country Status (1)

Country Link
CN (1) CN102571817B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016106560A1 (en) * 2014-12-30 2016-07-07 华为技术有限公司 Remote access implementation method, device and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1802821A (en) * 2003-08-29 2006-07-12 诺基亚公司 Personal remote firewall
CN101410819A (en) * 2005-12-30 2009-04-15 阿卡麦科技公司 Reliable, high-throughput, high-performance transport and routing mechanism for arbitrary data flows
CN101496025A (en) * 2005-12-13 2009-07-29 约吉安全系统公司 System and method for providing network security to mobile devices
WO2009113931A1 (en) * 2008-03-14 2009-09-17 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for remote access to a local network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1802821A (en) * 2003-08-29 2006-07-12 诺基亚公司 Personal remote firewall
CN101496025A (en) * 2005-12-13 2009-07-29 约吉安全系统公司 System and method for providing network security to mobile devices
CN101410819A (en) * 2005-12-30 2009-04-15 阿卡麦科技公司 Reliable, high-throughput, high-performance transport and routing mechanism for arbitrary data flows
WO2009113931A1 (en) * 2008-03-14 2009-09-17 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for remote access to a local network

Also Published As

Publication number Publication date Type
CN102571817A (en) 2012-07-11 application

Similar Documents

Publication Publication Date Title
US20080183853A1 (en) Private virtual lan spanning a public network for connection of arbitrary hosts
US20120167185A1 (en) Registration and network access control
US20120284786A1 (en) System and method for providing access credentials
US20120304245A1 (en) System and method for connecting a communication to a client
US20040221045A1 (en) Method and system for a service process to provide a service to a client
US20080301303A1 (en) Virtual network connection apparatus, system, method for controlling connection of a virtual network and computer-readable storage medium
US20110258432A1 (en) Method and system for reliable protocol tunneling over http
US20110035503A1 (en) System and Method for Anonymous Addressing of Content on Network Peers and for Private Peer-to-Peer File Sharing
US20070233844A1 (en) Relay device and communication system
US20100100950A1 (en) Context-based adaptive authentication for data and services access in a network
US20080276294A1 (en) Legal intercept of communication traffic particularly useful in a mobile environment
US20070124406A1 (en) Using a mobile phone to remotely control a computer via an overlay network
US20070282963A1 (en) Instant Messaging Using Browser
CN101127625A (en) A system and method for authorizing access request
CN101212374A (en) Method and system for remote access to campus network resources
CN101388773A (en) Identity management platform, service server, uniform login system and method
CN101888389A (en) Method and system for realizing uniform authentication of ICP union
CN101394503A (en) Network television capable of on-line chat through network
CN101534302A (en) Method for providing TCP service, system and relevant device thereof
CN101873329A (en) Portal compulsory authentication method and access equipment
CN101572608A (en) Method and device for acquiring once-login parameters
CN1809072A (en) Network architecture of backward compatible authentication, authorization and accounting system and implementation method
CN103701760A (en) Wireless LAN (Local Area Network) Portal authentication method and system and Portal server
US8140647B1 (en) System and method for accelerated data uploading
US20120278854A1 (en) System and method for device addressing

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted