CN105991351A - IPSec (Internet Protocol Security) configuration method and IPSec (Internet Protocol Security) configuration device - Google Patents
IPSec (Internet Protocol Security) configuration method and IPSec (Internet Protocol Security) configuration device Download PDFInfo
- Publication number
- CN105991351A CN105991351A CN201510432076.6A CN201510432076A CN105991351A CN 105991351 A CN105991351 A CN 105991351A CN 201510432076 A CN201510432076 A CN 201510432076A CN 105991351 A CN105991351 A CN 105991351A
- Authority
- CN
- China
- Prior art keywords
- stage
- configuration
- server
- configuration information
- consulted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides an IPSec (Internet Protocol Security) configuration method and an IPSec (Internet Protocol Security) configuration device. The method includes the following steps that: in 1.5-stage negotiation of IKE negotiation, a configuration request message sent by a client device is received, wherein the IKE negotiation includes 1-stage negotiation, the 1.5-stage negotiation and 2-stage negotiation; and a configuration response message which is generated by responding to the configuration request message is sent to the client device, wherein the configuration response message carries server configuration information, so that the client device can update local network configuration according to the server configuration information, and perform the 2-stage negotiation. With the PSec (Internet Protocol Security) configuration method and the IPSec (Internet Protocol Security) configuration device of the present invention adopted, the complexity of the configuration of the client device can be greatly decreased, and at the same time, the flexibility of the configuration for a server can be improved for a network administrator.
Description
Technical field
The application relates to network communication technology field, particularly relates to a kind of IPSec collocation method and device.
Background technology
More universal with network application, network security also becomes particularly important.IPSec(Internet
Protocol Security, procotol security) VPN (Virtual Private Network, virtual specially
With net) it is a kind of VPN technologies using ipsec protocol realization to remotely access, it is often used in enterprise total
Special IPSec is set up between the IPSec vpn gateway in portion and the IPSec vpn gateway of each branch
Tunnel, it is achieved the secure communication between each branch and general headquarters.
But, for the individual (the abbreviation person of remotely accessing) remotely accessing owing to there is no corresponding IPSec
Vpn gateway, accordingly, it would be desirable to the person of remotely accessing configuration of IP Sec VPN voluntarily service and general headquarters' gateway foundation
Tunnel.This requires that the person of remotely accessing understands the configuration of IPSec VPN keeper, and IPSec VPN pipe
Reason person cannot be more newly configured flexibly, is required for the notice person of remotely accessing after updating each time, in order to remote
Journey connector re-starts configuration and accesses IPSec VPN.This IPSec configuration mode underaction,
And add the configuration complexity of the person of remotely accessing.
Content of the invention
In view of this, the application provides a kind of IPSec collocation method and device.
Specifically, the application is achieved by the following technical solution:
The application provides a kind of internet key exchange IPSec collocation method, is applied on server,
The method includes:
When the 1.5th stage of the Internet Key Exchange ike negotiation consults, receive client device and send
Configuring request message, described ike negotiation includes that the 1st stage consulted, the 1.5th stage consulted and the
2 stages consulted;
Send the configuration response message responded according to described configuring request message, institute to described client device
State in configuration response message and carry server configuration information, so that described client device is according to described service
Device configuration information update local network configures and carries out the negotiation of the 2nd stage.
The application also provides a kind of internet key exchange IPSec collocation method, is applied to client
On equipment, the method includes:
When the 1.5th stage of the Internet Key Exchange ike negotiation consults, sending configuration to server please
Seeking message, described ike negotiation includes that the 1st stage consulted, the 1.5th stage consulted and the 2nd stage association
Business;
Receive the configuration response message that described server is responded, described configuration according to described configuring request message
Response message carries server configuration information;
Update local network according to described server configuration information configure and carry out the negotiation of the 2nd stage.
The application also provides a kind of internet key exchange IPSec configuration device, is applied to server
On, this device includes:
Receiving unit, for when the 1.5th stage of the Internet Key Exchange ike negotiation consults, receiving
Client device send configuring request message, described ike negotiation include the 1st the stage consult, the 1.5th
Stage consults and the 2nd stage consulted;
Transmitting element, for sending according to joining that described configuring request message is responded to described client device
Put response message, described configuration response message carries server configuration information, so that described client sets
Configure for updating local network according to described server configuration information and carry out the negotiation of the 2nd stage.
The application also provides a kind of internet key exchange IPSec configuration device, is applied to client
On equipment, this device includes:
Transmitting element, for when the 1.5th stage of the Internet Key Exchange ike negotiation consults, to clothes
Business device sends configuring request message, and described ike negotiation includes that the 1st stage consulted, the 1.5th stage consulted
And the negotiation of the 2nd stage;
Receiving unit, for receiving the configuration response that described server is responded according to described configuring request message
Message, carries server configuration information in described configuration response message;
Updating block, configures for updating local network according to described server configuration information and carries out the
2 stages consulted.
By above description it can be seen that the application is when the 1.5th stage of ike negotiation consults, by servicing
Configuration information is pushed to client device by device, and client device is according to the net of this configuration information update this locality
Network configures and performs later negotiations.The application can be greatly reduced the complexity of client device configuration,
Meanwhile, improve the flexibility that server is configured by network manager.
Brief description
Fig. 1 is a kind of IPSec collocation method flow chart shown in the application one exemplary embodiment;
Fig. 2 is a kind of IPSec collocation method flow chart shown in the application another exemplary embodiment;
Fig. 3 is the base of a kind of IPSec configuration device place equipment shown in the application one exemplary embodiment
Plinth hardware architecture diagram;
Fig. 4 is the structural representation of a kind of IPSec configuration device shown in the application one exemplary embodiment;
Fig. 5 is the structural representation of a kind of IPSec configuration device shown in the application another exemplary embodiment
Figure.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following
When description relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous
Key element.Embodiment described in following exemplary embodiment does not represent the institute consistent with the application
There is embodiment.On the contrary, they only with as appended claims describes in detail, the one of the application
The example of the consistent apparatus and method of a little aspects.
It is only merely for the purpose describing specific embodiment at term used in this application, and be not intended to be limiting
The application." a kind of " of singulative used in the application and appended claims, " institute
State " and " being somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.Also should
Work as understanding, term "and/or" used herein refer to and comprise one or more be associated list item
Any or all possible combination of purpose.
Although it should be appreciated that and term first, second, third, etc. may being used to describe various in the application
Information, but these information should not necessarily be limited by these terms.These terms only be used for by same type of information that
This distinguishes.For example, in the case of without departing from the application scope, the first information also can be referred to as
Two information, similarly, the second information also can be referred to as the first information.Depend on linguistic context, as in this institute
Use word " if " can be construed to " and ... when " or " when ... when " or " response
In determination ".
More universal with network application, network security also becomes particularly important.IPSec VPN is one
Plant and use ipsec protocol to realize the VPN technologies remotely accessing, be often used in the IPSec of enterprise headquarters
Special IPSec vpn tunneling is set up between the IPSec vpn gateway of vpn gateway and each branch,
Realize the secure communication between each branch and general headquarters.But, for there is no IPSec vpn gateway
The person of remotely accessing needs configuration of IP Sec VPN service voluntarily to set up tunnel with general headquarters' gateway, and this requires far
Journey connector understands the configuration of IPSec VPN keeper.
Existing IPSec configuration mode specifically includes that easy configuration and complex configurations two ways.
Easy configuration refers to use as default some configurations, and for example, ipsec security is proposed, protection
The network segment is all put logical etc., and the person of remotely accessing only need to provide some simple configuration informations, for example, shares close
Key, user name, password etc..But the flexibility ratio of this configuration mode is relatively low, it is impossible to choose at random encryption,
Identifying algorithm, and if all putting the protected network segment and logical the person of remotely accessing can be made can only to pass through IPSec
Vpn tunneling communicates.
Complex configurations refers to that network manager provides the configuration of the protection network segment.Network manager is remote for each
Journey connector provides security suggestion and the configuration of the detailed protection network segment.The person of remotely accessing is detailed according to provide
Thin configuration information carries out locally configured, in order to set up IPSec vpn tunneling with general headquarters gateways.But should
The configuration complexities of configuration mode is high, and network manager cannot be more newly configured flexibly, changes each time
It is required for after configuration notifying that all persons of remotely accessing change configuration.
At present, IPSec configuration process mainly passes through IKE (Internet Key Exchange, internet key
Exchange) auto negotiation completes.IKE provides for IPSec and consults exchange key, the clothes setting up Security Association
Business, can simplify use, management, configuration and the maintenance work of IPSec.Therefore, for the problems referred to above,
The embodiment of the present application proposes a kind of IPSec collocation method, and the method was assisted in the 1.5th stage of ike negotiation
Configuration information is pushed to client device by server by Shang Shi, and client device is according to this configuration information
Update local network configuration and perform later negotiations.
See Fig. 1, be the application IPSec collocation method an embodiment flow chart, this embodiment from
IPSec configuration process is described by server side.
Step 101, when the 1.5th stage of the Internet Key Exchange ike negotiation consults, receives client
The configuring request message that end equipment sends, described ike negotiation includes the negotiation of the 1st stage, the 1.5th stage
Consult and the 2nd stage consulted.
The application still follows existing ike negotiation process, realizes that IPSec configures by ike negotiation.First
First, the 1st stage that configured on a client device consults information needed, for example, server address, shares
Key, user name, password and IKE security suggestion.After completing the 1st stage negotiation information configuration,
Client device can be initiated for the 1st stage to server and be consulted.Unlike the prior art, above-mentioned join
Process of putting only has carried out the configuration of the 1st stage negotiation information needed, and later negotiations information needed is not
There is configuration.
After the 1st stage that completed consults, enter the 1.5th stage negotiations process (also referred to as configuration mode).
In this stage consults, server performs follow-up behaviour after receiving the configuring request message that client device sends
Make.
Step 102, sends to described client device and rings according to the configuration that described configuring request message is responded
Answer message, described configuration response message carries server configuration information, so that described client device root
Update local network according to described server configuration information configure and carry out the negotiation of the 2nd stage.
After received the configuring request message that client device sends by step 101, server is to visitor
Family end equipment carries out identity validation (for example, carrying out authentication by username and password), and is visitor
End equipment distribution IP (Internet Protocol, Internet protocol) address, family, DNS (Domain Name
System, domain name system) server, WINS (Windows Internet Name Service, Windows
Network name services) server etc..
In addition to above-mentioned configurations information, the application also provides more server for client device
Configuration information, this server configuration information includes that (for example, subsequent execution the 2nd stage consults required information
Ipsec security is proposed) and network configuration information is (for example, if allow user to connect outside VPN access
Net;The protection network segment that configuration user can access;Whether require that client device carries out secure accessing inspection
Deng).
After determining above-mentioned configuration information, server sends configuration response message to client device, and
Carry above-mentioned configuration information in this configuration response message, (include the server configuration letter of extension in the application
Breath).
Exist it can be seen from the above description that client device consults information needed in the 2nd stage by server
1.5th stage was pushed to client device, it is not necessary to by the person of remotely accessing in client before ike negotiation
Configure on equipment, simplify configuration workload and the difficulty of the person of remotely accessing.Meanwhile, by
1.5 stages pushed network configuration information, can realize the flexible control to client device for the server, and can
Realize the complex configurations to client device.
The configuration response message that server sends still uses existing message structure, and each configuration information is to belong to
Property load form encapsulate in messages.Attribute load is made up of 3 parts: attribute format, attribute type,
Property value (or data length+attribute data).
In below illustrating, AF represents attribute format, and type represents attribute type, and value represents property value,
Length represents data length, and data represents attribute data.
In the application, the corresponding attribute type of each configuration information, for example, the following is to configurations
The definition of the attribute type of information.
#define INTERNAL_IP4_ADDRESS 1
#define INTERNAL_IP4_NETMASK 2
#define INTERNAL_IP4_DNS 3
#define INTERNAL_IP4_NBNS 4
#define INTERNAL_ADDRESS_EXPIRY 5
#define INTERNAL_IP4_DHCP 6
#define APPLICATION_VERSION 7
#define INTERNAL_IP6_ADDRESS 8
#define INTERNAL_IP6_NETMASK 9
#define INTERNAL_IP6_DNS 10
#define INTERNAL_IP6_NBNS 11
#define INTERNAL_IP6_DHCP 12
#define INTERNAL_IP4_SUBNET 13
#define SUPPORTED_ATTRIBUTES 14
#define INTERNAL_IP6_SUBNET 15
The definition of the attribute type of the server configuration information below extending for the application.
#define INTERNAL_IP4_ALLOW_SUBNET 17/* server sends to client and allows to visit
The network segment * asking/
#define INTERNAL_IS_ALLOW_OUTNET 18/* whether allow user access outer net */
Whether #define INTERNAL_RADIUS_SAFE_CHECK 20/* client carries out safety inspection
*/
The IPSec in the 2nd stage of #define INTERNAL_IPSEC_ALG_INFO 23/* server configuration
Security suggestion */
Example one: server is intended accessing outer net, then at configuration response report when configuration forbids that user connects VPN
Carrying such as properties load in Wen: AF=1 | type=18 | value=0, wherein, AF=1 represents attribute load
Third portion be property value;Type=18 represents aforementioned definitions
Whether INTERNAL_IS_ALLOW_OUTNET, i.e. allow user to access outer net;Value=0 represents
Outer net is accessed, whereas if value=1 represents that permission user connects VPN when forbidding that user connects VPN
When access outer net.
Example two: server configuration user allows the protection network segment accessing, and carries in configuration response message
Such as properties load: AF=0 | type=17 | length=21 | data=1.1.1.1/32,2.2.2.0/24, wherein, AF=0
The third portion of expression attribute load is data length+attribute data;Type=17 represents aforementioned definitions
INTERNAL_IP4_ALLOW_SUBNET, i.e. server configuration user allows the protection network segment accessing;
Length=21 represents the length of attribute data;Data=1.1.1.1/32,2.2.2.0/24, represent server configuration
Allow user access Internet resources be the network that IP address is 1.1.1.1 and the network segment is 2.2.2.0/24
Resource.Client device determines the concrete power limit of customer access network resource according to this configuration.Prior art
In this configuration carry out in client device this locality, and the application decreases client by server push and sets
Standby configuration operation.
Example three: the ipsec security that the 2nd stage of server configuration ike negotiation consults is proposed, is joining
Put and response message carry such as properties load: AF=0 | type=23 | length=11 |
Data=AES-128:MD5, AF=0 represent that the third portion of attribute load is data length+attribute data;
Type=23 represents aforementioned definitions | the of INTERNAL_IPSEC_ALG_INFO, i.e. server configuration
The ipsec security in 2 stages is proposed;Length=11 represents the length of attribute data;Data=AES-128:MD5
Represent AES and the MD5 algorithm of the 2nd stage AES-128 to be used.This configuration usual be also
Carry out on client device, and the application decreases the configuration behaviour of client device by server push
Make.
Example four: server is intended configuration client device and carried out safety inspection, takes in configuration response message
Band such as properties load: AF=1 | type=20 | value=1, wherein, AF=1 represents the 3rd of attribute load
Part is property value;Type=20 represents the INTERNAL_RADIUS_SAFE_CHECK of aforementioned definitions,
Whether i.e. client device carries out safety inspection;Value=1 represents and requires that client device carries out safety inspection,
For example, check whether user opens fire wall, if there is Shared Folders, whether virus base is up-to-date
Virus bases etc., whereas if value=0 represents does not requires that client device carries out safety inspection.
The example of the above-mentioned server configuration information giving the application primary expansion, joining by the application
The method of putting can realize the configuration more complicated to client device.Client device receives and comprises server
After the configuration response message of configuration information, update local network according to server configuration information and configure and enter
Row the 2nd stage consults.
See Fig. 2, be another embodiment flow chart of the application IPSec collocation method, this embodiment
From client device side, IPSec configuration process is described.
Step 201, when the 1.5th stage of the Internet Key Exchange ike negotiation consults, to server
Send configuring request message, described ike negotiation include the 1st the stage consult, the 1.5th the stage consult and
2nd stage consulted.
Client device configured the 1st stage negotiation information needed before carrying out ike negotiation, after not carrying out
The continuous configuration consulting information needed.Client device was initiated for the 1st stage to server and is consulted, and completed
After 1st stage consulted, enter the negotiations process of the 1.5th stage.In the negotiations process of the 1.5th stage, visitor
Family end device-to-server sends configuring request message, provides configuration information with request server.Concrete ginseng
See the description of step 101, do not repeat them here.
Step 202, receives the configuration response message that described server is responded according to described configuring request message,
Described configuration response message carries server configuration information.
Step 203, updates local network according to described server configuration information and configures and carry out the 2nd rank
Section is consulted.
After server receives the configuring request message that client device sends, will set for this client device
The configuration information (including the server configuration information that the application extends) put carries in configuration response message
It is sent to client device.Wherein, this server configuration information include the 2nd the stage consult information needed and
Network configuration information, referring specifically to the description of step 102, does not repeats them here.
After client device receives configuration response message, from configuration response message, obtain server configuration letter
Breath, i.e. network configuration information and the 2nd stage consult information needed.Client device is believed according to network configuration
Breath updates local network configuration, for example, updates the Internet resources that self can access.Meanwhile, client
Equipment is consulted information needed (for example, ipsec security is proposed) according to the 2nd stage and is carried out the 2nd with server
Stage consults, to complete the foundation of whole IPSec VPN.
By foregoing description it can be seen that have only to enter on a client device by the application person of remotely accessing
The simple configuration of row (configuration of the 1st stage negotiation information needed), other configurations are being consulted by server
During be pushed to client device, therefore, the application simplify the person of remotely accessing configuration operation, with
When, more more complicated configuration can be provided by server to client device, improve the flexibility of configuration.
Corresponding with the embodiment of aforementioned IPSec collocation method, present invention also provides IPSec configuration dress
The embodiment put.
The embodiment of the application IPSec configuration device can be applied on server or client device.Dress
Put embodiment to be realized by software, it is also possible to realize by way of hardware or software and hardware combining.
It as a example by implemented in software, as the device on a logical meaning, is the processor by its place equipment
In run memory, corresponding computer program instructions is formed.For hardware view, as it is shown on figure 3,
Configure a kind of hardware structure diagram of device place equipment for the application IPSec, except the process shown in Fig. 3
Outside device, network interface and memory, in embodiment, the equipment at device place is generally according to this equipment
Actual functional capability, other hardware can also be included, this is repeated no more.
Refer to Fig. 4, be the structural representation that the IPSec in one embodiment of the application configures device.
This IPSec configuration device includes receiving unit 401 and transmitting element 402, wherein:
Receiving unit 401, is used for when the 1.5th stage of the Internet Key Exchange ike negotiation consults,
Receive the configuring request message that client device sends, described ike negotiation include the 1st stage consult, the
1.5 stages consulted and the 2nd stage consulted;
Transmitting element 402, responds according to described configuring request message for sending to described client device
Configuration response message, described configuration response message carries server configuration information, so that described client
End equipment updates local network according to described server configuration information and configures and carry out the negotiation of the 2nd stage.
Further,
Described server configuration information includes that the 2nd stage consulted information needed and network configuration information.
Refer to Fig. 5, be the structural representation that the IPSec in another embodiment of the application configures device.
This IPSec configuration device includes transmitting element the 501st, receiving unit 502 and updating block 503, wherein:
Transmitting element 501, is used for when the 1.5th stage of the Internet Key Exchange ike negotiation consults,
Sending configuring request message to server, described ike negotiation includes the negotiation of the 1st stage, the 1.5th stage
Consult and the 2nd stage consulted;
Receiving unit 502, for receiving the configuration that described server is responded according to described configuring request message
Response message, carries server configuration information in described configuration response message;
Updating block 503, configures for updating local network according to described server configuration information and enters
Row the 2nd stage consults.
Further,
Described server configuration information includes that the 2nd stage consulted information needed and network configuration information.
Described updating block 503, specifically for updating local network configuration according to described network configuration information;
Consult information needed according to described 2nd stage and carry out the negotiation of the 2nd stage with described server.
Further, described IPSec configuration device, also includes:
Dispensing unit, before consulting in the 1st stage, configuration the 1st stage consults information needed.
In said apparatus the function of unit and effect to realize that process specifically refers in said method corresponding
Step realize process, do not repeat them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so related part ginseng
See that the part of embodiment of the method illustrates.Device embodiment described above is only schematically,
The wherein said unit illustrating as separating component can be or may not be physically separate, makees
Can be for the parts that unit shows or may not be physical location, i.e. may be located at a place,
Or also can be distributed on multiple NE.Can select according to the actual needs part therein or
The whole module of person realizes the purpose of the application scheme.Those of ordinary skill in the art are not paying creativeness
It in the case of work, is i.e. appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all at this
Within the spirit of application and principle, any modification, equivalent substitution and improvement etc. done, should be included in
Within the scope of the application protects.
Claims (10)
1. an internet key exchange IPSec collocation method, is applied on server, and its feature exists
In the method includes:
When the 1.5th stage of the Internet Key Exchange ike negotiation consults, receive client device and send
Configuring request message, described ike negotiation includes that the 1st stage consulted, the 1.5th stage consulted and the
2 stages consulted;
Send the configuration response message responded according to described configuring request message, institute to described client device
State in configuration response message and carry server configuration information, so that described client device is according to described service
Device configuration information update local network configures and carries out the negotiation of the 2nd stage.
2. the method for claim 1, it is characterised in that:
Described server configuration information includes that the 2nd stage consulted information needed and network configuration information.
3. an internet key exchange IPSec collocation method, is applied on client device, and it is special
Levying and being, the method includes:
When the 1.5th stage of the Internet Key Exchange ike negotiation consults, sending configuration to server please
Seeking message, described ike negotiation includes that the 1st stage consulted, the 1.5th stage consulted and the 2nd stage association
Business;
Receive the configuration response message that described server is responded, described configuration according to described configuring request message
Response message carries server configuration information;
Update local network according to described server configuration information configure and carry out the negotiation of the 2nd stage.
4. method as claimed in claim 3, it is characterised in that:
Described server configuration information includes that the 2nd stage consulted information needed and network configuration information.
Described according to described server configuration information update local network configure and carry out the 2nd the stage consult,
Including:
Update local network configuration according to described network configuration information;
Consult information needed according to described 2nd stage and carry out the negotiation of the 2nd stage with described server.
5. the method as described in as arbitrary in claim 3 or 4, it is characterised in that described method also includes:
Before the 1st stage consulted, configuration the 1st stage consults information needed.
6. an internet key exchange IPSec configuration device, is applied on server, and its feature exists
In this device includes:
Receiving unit, for when the 1.5th stage of the Internet Key Exchange ike negotiation consults, receiving
Client device send configuring request message, described ike negotiation include the 1st the stage consult, the 1.5th
Stage consults and the 2nd stage consulted;
Transmitting element, for sending according to joining that described configuring request message is responded to described client device
Put response message, described configuration response message carries server configuration information, so that described client sets
Configure for updating local network according to described server configuration information and carry out the negotiation of the 2nd stage.
7. device as claimed in claim 6, it is characterised in that:
Described server configuration information includes that the 2nd stage consulted information needed and network configuration information.
8. an internet key exchange IPSec configuration device, is applied on client device, and it is special
Levying and being, this device includes:
Transmitting element, for when the 1.5th stage of the Internet Key Exchange ike negotiation consults, to clothes
Business device sends configuring request message, and described ike negotiation includes that the 1st stage consulted, the 1.5th stage consulted
And the negotiation of the 2nd stage;
Receiving unit, for receiving the configuration response that described server is responded according to described configuring request message
Message, carries server configuration information in described configuration response message;
Updating block, configures for updating local network according to described server configuration information and carries out the
2 stages consulted.
9. device as claimed in claim 8, it is characterised in that:
Described server configuration information includes that the 2nd stage consulted information needed and network configuration information.
Described updating block, specifically for updating local network configuration according to described network configuration information;Root
Consult information needed according to described 2nd stage and carry out the negotiation of the 2nd stage with described server.
10. the device as described in as arbitrary in claim 8 or 9, it is characterised in that described device also includes:
Dispensing unit, before consulting in the 1st stage, configuration the 1st stage consults information needed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510432076.6A CN105991351B (en) | 2015-07-21 | 2015-07-21 | A kind of IPSec configuration method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510432076.6A CN105991351B (en) | 2015-07-21 | 2015-07-21 | A kind of IPSec configuration method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105991351A true CN105991351A (en) | 2016-10-05 |
| CN105991351B CN105991351B (en) | 2019-06-04 |
Family
ID=57039922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510432076.6A Active CN105991351B (en) | 2015-07-21 | 2015-07-21 | A kind of IPSec configuration method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105991351B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110875835A (en) * | 2018-08-31 | 2020-03-10 | 北京意锐新创科技有限公司 | Network distribution method and device based on mobile payment equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197664A (en) * | 2008-01-03 | 2008-06-11 | 杭州华三通信技术有限公司 | Method, system and device for key management protocol negotiation |
| CN101299665A (en) * | 2008-05-19 | 2008-11-05 | 华为技术有限公司 | Message processing method, system and apparatus |
| CN101640607A (en) * | 2009-04-13 | 2010-02-03 | 山石网科通信技术(北京)有限公司 | Collocation method of virtual private network based on internet security protocol and system therefor |
| CN101742491A (en) * | 2009-12-04 | 2010-06-16 | 同济大学 | Method for exchanging and consulting secret keys between mobile device and safe access gateway |
-
2015
- 2015-07-21 CN CN201510432076.6A patent/CN105991351B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197664A (en) * | 2008-01-03 | 2008-06-11 | 杭州华三通信技术有限公司 | Method, system and device for key management protocol negotiation |
| CN101299665A (en) * | 2008-05-19 | 2008-11-05 | 华为技术有限公司 | Message processing method, system and apparatus |
| CN101640607A (en) * | 2009-04-13 | 2010-02-03 | 山石网科通信技术(北京)有限公司 | Collocation method of virtual private network based on internet security protocol and system therefor |
| CN101742491A (en) * | 2009-12-04 | 2010-06-16 | 同济大学 | Method for exchanging and consulting secret keys between mobile device and safe access gateway |
Non-Patent Citations (1)
| Title |
|---|
| 百度文库: "《EzVPN(Easy VPN)第一部分》", 《百度文库》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110875835A (en) * | 2018-08-31 | 2020-03-10 | 北京意锐新创科技有限公司 | Network distribution method and device based on mobile payment equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105991351B (en) | 2019-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10938800B2 (en) | System and method for secure access of a remote system | |
| US10326801B2 (en) | Cloud-based security policy configuration | |
| US8745722B2 (en) | Managing remote network addresses in communications | |
| JP4829554B2 (en) | Firewall that protects a group of devices, device that participates in the system, and method for updating firewall rules in the system | |
| US9331998B2 (en) | Dynamic secured network in a cloud environment | |
| US20070186099A1 (en) | Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method | |
| US11546311B2 (en) | Systems and methods using a network interface controller (NIC) to broker a secure remote connection at the hardware layer | |
| US20180198786A1 (en) | Associating layer 2 and layer 3 sessions for access control | |
| CN104247486A (en) | Establishing connectivity between an enterprise security perimeter of a device and an enterprise | |
| EP3794777A1 (en) | Facilitating residential wireless roaming via vpn connectivity over public service provider networks | |
| US11991086B2 (en) | Device-enabled access control in a mesh network | |
| CN116155649A (en) | Construction method of industrial Internet based on two-layer tunnel protocol | |
| CN106878302B (en) | Cloud platform system and setting method | |
| US20200364351A1 (en) | System and method for enforcing context-based data transfer and access | |
| CN105991351A (en) | IPSec (Internet Protocol Security) configuration method and IPSec (Internet Protocol Security) configuration device | |
| EP3206423A1 (en) | Device and method for connecting devices to a network | |
| US11824649B2 (en) | Status management in a mesh network | |
| US11805100B2 (en) | Access control in a mesh network | |
| KR101449512B1 (en) | Method and system for splitting hybrid network based on dynamic vlan | |
| US12010099B1 (en) | Identity-based distributed cloud firewall for access and network segmentation | |
| WO2018179448A1 (en) | Control program, control method and control device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |