CN106506354A - A kind of message transmitting method and device - Google Patents

A kind of message transmitting method and device Download PDF

Info

Publication number
CN106506354A
CN106506354A CN201610971698.0A CN201610971698A CN106506354A CN 106506354 A CN106506354 A CN 106506354A CN 201610971698 A CN201610971698 A CN 201610971698A CN 106506354 A CN106506354 A CN 106506354A
Authority
CN
China
Prior art keywords
message
ssl vpn
vpn gateways
address
terminal equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610971698.0A
Other languages
Chinese (zh)
Other versions
CN106506354B (en
Inventor
宋小恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201610971698.0A priority Critical patent/CN106506354B/en
Publication of CN106506354A publication Critical patent/CN106506354A/en
Application granted granted Critical
Publication of CN106506354B publication Critical patent/CN106506354B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/28Routing or path finding of packets in data switching networks using route fault recovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/40Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection

Abstract

The application provides a kind of message transmitting method and device, and the method includes:The route for carrying group address is issued to the neighboring net-work device of this SSL vpn gateways, so that the neighboring net-work device is by the message that purpose IP address are the group address, the SSL vpn gateways being sent in gateway group;Receive the message that the neighboring net-work device sends;If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways, server and the corresponding encrypted authentication information of the first terminal equipment that then determination first terminal equipment is able to access that, and described for the carrying IP address of server and the response message of the encrypted authentication information are sent to the first terminal equipment, the authenticated encryption information is sent to each for SSL vpn gateways.By the technical scheme of the application, the process performance of SSL vpn gateways is improved, improve user experience, it is to avoid service disconnection.

Description

A kind of message transmitting method and device
Technical field
The application is related to communication technical field, more particularly to a kind of message transmitting method and device.
Background technology
SSL (Secure Sockets Layer, security socket layer) VPN (Virtual Private Network, empty Intend dedicated network) be VPN technologies based on SSL, authentication that ssl protocol can be made full use of to provide, data encryption, The mechanism such as message integrity verification, are the connection setup secure connection of application layer.
In the network for deploying SSL vpn gateways, terminal device sends session negotiation request report to SSL vpn gateways Text, SSL vpn gateways are that terminal device distributes authenticated encryption information, and authenticated encryption information is sent to terminal device.Terminal Equipment is encrypted to data message etc. using authenticated encryption information and is processed when sending datagram, and SSL vpn gateways are connecing After receiving data message, data message is decrypted etc. and to be processed, and data message is sent to server.Aforesaid way can be with Ensure the transmission security of data message.
At present, if disposing plural SSL vpn gateways in network, different SSL vpn gateways are different terminals Equipment provides service.When certain SSL vpn gateway is offline, access the SSL vpn gateways terminal device can be forced offline, Other SSL vpn gateways are linked into afterwards again, so as to have impact on user experience, and during the business of terminal device can occur Disconnected.
Content of the invention
The application provides a kind of message transmitting method, the safe socket character layer virtual private network being applied in gateway group SSL vpn gateways, the gateway group include a main SSL vpn gateway and at least one for SSL vpn gateways, the gateway group Interior each SSL vpn gateways use same group address, the method to include:
The route for carrying the group address is issued to the neighboring net-work device of this SSL vpn gateways, so that neighbours' net Network equipment is by the message that purpose IP address are the group address, the SSL vpn gateways being sent in the gateway group;
Receive the message that the neighboring net-work device sends;
If the message is for session negotiation request message and this SSL vpn gateways are standby SSL vpn gateways, by the meeting Words message of negotiation request is sent to main SSL vpn gateways;
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways, it is determined that described The server and the first terminal that the corresponding first terminal equipment of the source IP address of session negotiation request message is able to access that sets Standby corresponding encrypted authentication information, and the response message of the IP address and the encrypted authentication information that carry the server is sent out The first terminal equipment is given, the authenticated encryption information is sent to each for SSL vpn gateways.
The application provides a kind of message transmitting device, the safe socket character layer virtual private network being applied in gateway group SSL vpn gateways, the gateway group include a main SSL vpn gateway and at least one for SSL vpn gateways, the gateway group Interior each SSL vpn gateways use same group address, described device to include:
Sending module, issues the route for carrying the group address for the neighboring net-work device to this SSL vpn gateways, with The neighboring net-work device is made by the message that purpose IP address are the group address, the SSL VPN being sent in the gateway group Gateway;
Receiver module, for receiving the message that the neighboring net-work device sends;
The sending module, is additionally operable to when the message is for session negotiation request message and this SSL vpn gateways are standby SSL During vpn gateway, then the session negotiation request message is sent to main SSL vpn gateways;
Determining module, for when the message is for session negotiation request message and this SSL vpn gateways are main SSL VPN nets Guan Shi, it is determined that server that the corresponding first terminal equipment of the source IP address of the session negotiation request message is able to access that and The corresponding encrypted authentication information of the first terminal equipment;
The sending module, is additionally operable to, when this SSL vpn gateways are main SSL vpn gateways, to carry the server IP address and the response message of the encrypted authentication information be sent to the first terminal equipment, and the authenticated encryption is believed Breath is sent to each for SSL vpn gateways.
Based on above-mentioned technical proposal, in the embodiment of the present application, at least two SSL vpn gateways can be disposed in a network, And load balancing is carried out between this at least two SSL vpn gateway, so as to avoid a SSL vpn gateway from setting great amount of terminals Standby offer service, improves the process performance of SSL vpn gateways, and SSL vpn gateways will not become performance bottleneck.And, gateway group Interior main SSL vpn gateways and standby SSL vpn gateways can issue carrying group ground to the neighboring net-work device of this SSL vpn gateways The route of location, so, on neighboring net-work device, will form the equal-cost route for reaching the group address.In addition, main SSL VPN Gateway and standby SSL vpn gateways are stored with the corresponding encrypted authentication information of terminal device.This is based on, neighboring net-work device is connecing Receive after the message of terminal device, if the purpose IP address of the message are the group address, neighboring net-work device just can be with The equal-cost route is based on, any one the SSL vpn gateway message being sent in gateway group, so that a terminal sets Standby message can be shared on different SSL vpn gateways, rather than the message of terminal device is entered by a SSL vpn gateway Row is processed.So, when certain SSL vpn gateway is offline, message is sent to remaining by the convergence that can be route automatically On SSL vpn gateways, i.e., terminal device can seamlessly switch to other SSL vpn gateways, and timely business can be protected Shield, will not have any impact to user, improve user experience, it is to avoid business is interrupted, and improve user's access Reliability and stability, and achieve the timely traffic protection between SSL vpn gateways.
Description of the drawings
In order to the embodiment of the present application or technical scheme of the prior art are clearly described, below will be to the application Needed for embodiment or description of the prior art, accompanying drawing to be used is briefly described, it should be apparent that, in describing below Accompanying drawing is only some embodiments described in the application, for those of ordinary skill in the art, can be with according to these Accompanying drawing obtains other accompanying drawings.
Fig. 1 is the flow chart of the message transmitting method in a kind of embodiment of the application;
Fig. 2 is the application scenarios schematic diagram in a kind of embodiment of the application;
Fig. 3 is the hardware structure diagram of the SSL vpn gateways in a kind of embodiment of the application;
Fig. 4 is the structure chart of the message transmitting device in a kind of embodiment of the application.
Specific embodiment
In term used in this application merely for the sake of the purpose for describing specific embodiment, and unrestricted the application.This Shen Please it is also intended to include most forms with " one kind ", " described " and " being somebody's turn to do " of the singulative used in claims, unless Context clearly shows that other implications.It is also understood that term "and/or" used herein is referred to comprising one or more Associated any or all possible combination for listing project.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.For example, without departing from In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depend on linguistic context, additionally, used word " if " can be construed to " and ... when " or " when ... when " Or " in response to determining ".
A kind of message transmitting method is proposed in the embodiment of the present application, and the method can apply to the SSL VPN in gateway group Gateway.The gateway group can include a main SSL vpn gateway and at least one for SSL vpn gateways, each in the gateway group SSL vpn gateways use identical group address (i.e. IP address).
In one example, for each SSL vpn gateways in gateway group, can configure based on a SSL vpn gateway SSL vpn gateways, and to configure other SSL vpn gateways remaining be standby SSL vpn gateways.Main SSL vpn gateways are responsible for process From the session negotiation request message of terminal device, it is that terminal device executes the operation such as certification and mandate.Standby SSL vpn gateways are not It is responsible for terminal device and executes the operation such as certification and mandate, but the session negotiation request message for directly receiving itself is transmitted to Main SSL vpn gateways.Main SSL vpn gateways and standby SSL vpn gateways can process the data message from terminal device.Its In, when main SSL vpn gateways normal work, standby SSL vpn gateways do not execute the operation such as certification and mandate for terminal device, when When main SSL vpn gateways are abnormal, standby SSL vpn gateways become new main SSL vpn gateways, and are responsible for processing from terminal device Session negotiation request message, to terminal device execute certification and mandate etc. operation.
Shown in Figure 1, it is the flow chart of message transmitting method, the method can apply to the SSL VPN in gateway group Gateway (main SSL vpn gateways or standby SSL vpn gateways), the method may comprise steps of:
Step 101, issues the route for carrying the group address, so that neighbours to the neighboring net-work device of this SSL vpn gateways The message that purpose IP address are the group address, the SSL vpn gateways being sent in gateway group are sent to gateway by the network equipment Main SSL vpn gateways or arbitrary standby SSL vpn gateways in group.
In one example, when there is multiple SSL vpn gateways, these SSL vpn gateways can be constituted a net Pass group, each SSL vpn gateways in the gateway group use identical group address.And, terminal device need not pay close attention to gateway group The real ip address of interior each SSL vpn gateways, it is only necessary to know that the group address (as user can know the group address, and is incited somebody to action The group address is configured on terminal device), it is possible to send session negotiation request message that purpose IP address are the group address or Person's data message.
Each SSL vpn gateways in gateway group can be issued to the neighboring net-work device of this SSL vpn gateways and carry the group The route of address, so, on the neighboring net-work device, will form the equal-cost route for reaching the group address.Neighbor networks set Standby receiving after the message (such as session negotiation request message or data message) of terminal device, if purpose IP of message Address is the group address, then any one the SSL vpn gateway that can be sent to the message in gateway group, such as main SSL VPN Gateway or standby SSL vpn gateways.
Step 102, receives the message that neighboring net-work device sends, and the message can be session negotiation request message or number According to message.If the message is session negotiation request message, execution step 103.
Session message of negotiation request, if this SSL vpn gateways are standby SSL vpn gateways, is sent to master by step 103 SSL vpn gateways.If this SSL vpn gateways are main SSL vpn gateways, it is determined that the server that first terminal equipment is able to access that And the corresponding encrypted authentication information of first terminal equipment.Wherein, the first terminal equipment is referred to:The session negotiation request message The corresponding terminal device of source IP address.
In one example, main SSL vpn gateways session negotiation request message is received, (directly send out by first terminal equipment The session negotiation request message of main SSL vpn gateways is given, or standby SSL vpn gateways are transmitted to the meeting of main SSL vpn gateways Words message of negotiation request) after, identity information (such as user name, password etc.) is parsed from session negotiation request message, and is utilized Identity information is authenticated to first terminal equipment.If certification success, determine server that first terminal equipment is able to access that and The corresponding encrypted authentication information of first terminal equipment.If authentification failure, to the response that first terminal equipment sends authentification failure Message.
In one example, for the process of " determining the server that first terminal equipment is able to access that ", can be in main SSL The mapping relations of configuration identity information and resource on vpn gateway, and on main SSL vpn gateways each resource of configuration provides service The information (such as the IP address of server) of device.This is based on, main SSL vpn gateways parse identity from session negotiation request message After information, it is possible to obtain the corresponding resource of the identity information, it is possible to determine the IP address of the server that the resource is provided. The resource can be FTP (File Transfer Protocol, FTP) resource, WEB resources, file storage resource Deng.
In one example, for the authenticated encryption information for determining, including but not limited to:AES, exchange encryption are close The information such as key, message integrity verification algorithm, are not limited to this authenticated encryption information.
Step 104, main SSL vpn gateways will carry the IP address of the server and the response message of the encrypted authentication information First terminal equipment is sent to, and the authenticated encryption information is sent to each for SSL vpn gateways, such as can will be carried this and recognize The notice message of card encryption information is sent to each for SSL vpn gateways.
First terminal equipment can parse the IP ground of server from the response message after the response message is received Location and encrypted authentication information, and sent datagram using the IP address and the encrypted authentication information.
In one example, the data message for sending for each terminal device, can be sent to gateway by neighboring net-work device Main SSL vpn gateways or standby SSL vpn gateways in group.This is based on, main SSL vpn gateways or standby SSL vpn gateways exist After receiving the message of neighboring net-work device transmission, if the message is data message, using the corresponding certification of second terminal equipment Encryption information is decrypted process to the internal layer message that the data message includes, and by decryption processing after internal layer message be sent to The corresponding server of the purpose IP address of the internal layer message.Second terminal equipment is that the outer layer source IP address of the data message is corresponding Terminal device.
In one example, if message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways, Before the response message of the IP address and encrypted authentication information that carry server is sent to first terminal equipment, can also be First terminal equipment distributes UDP (User Datagram Protocol, UDP) port-mark, and by the UDP Port-mark is sent to each for SSL vpn gateways.And, above-mentioned response message also carries the udp port mark, the UDP ends Mouth is identified for making first terminal equipment when sending datagram, and adds the udp port mark in outer layer heading.
In one example, main SSL vpn gateways or standby SSL vpn gateways are rung in the data for receiving server transmission After answering message, it is possible to use the corresponding authenticated encryption information of third terminal equipment is encrypted to the data response message, Obtain encryption data message.Wherein, third terminal equipment is the corresponding terminal device of purpose IP address of the data response message. Afterwards, encryption data message is packaged, the outer layer source IP address of the encryption data message after encapsulation is group address, source port For the corresponding udp port mark of third terminal equipment.Afterwards, by encapsulation after encryption data message be sent to third terminal and set Standby.
Based on above-mentioned technical proposal, in the embodiment of the present application, at least two SSL vpn gateways can be disposed in a network, And load balancing is carried out between this at least two SSL vpn gateway, so as to avoid a SSL vpn gateway from setting great amount of terminals Standby offer service, improves the process performance of SSL vpn gateways, and SSL vpn gateways will not become performance bottleneck.And, gateway group Interior main SSL vpn gateways and standby SSL vpn gateways can issue carrying group ground to the neighboring net-work device of this SSL vpn gateways The route of location, so, on neighboring net-work device, will form the equal-cost route for reaching the group address.In addition, main SSL VPN Gateway and standby SSL vpn gateways are stored with the corresponding encrypted authentication information of terminal device.This is based on, neighboring net-work device is connecing Receive after the message of terminal device, if the purpose IP address of the message are the group address, neighboring net-work device just can be with The equal-cost route is based on, any one the SSL vpn gateway message being sent in gateway group, so that a terminal sets Standby message can be shared on different SSL vpn gateways, rather than the message of terminal device is entered by a SSL vpn gateway Row is processed.So, when certain SSL vpn gateway is offline, message is sent to remaining by the convergence that can be route automatically On SSL vpn gateways, i.e., terminal device can seamlessly switch to other SSL vpn gateways, and timely business can be protected Shield, will not have any impact to user, improve user experience, it is to avoid business is interrupted, and improve user's access Reliability and stability, and achieve the timely traffic protection between SSL vpn gateways.
Below in conjunction with the application scenarios shown in Fig. 2, the said process of the embodiment of the present application is described in detail.
In fig. 2 it is possible to set including terminal device, the network equipment R1, SSL vpn gateway 1, SSL vpn gateways 2, network The equipment such as standby R2, server 1 and server 2.Wherein, the IP address of terminal device be 100.1.1.1, the IP address of server 1 For 20.1.1.254, the IP address of server 2 is 30.1.1.254.SSL vpn gateways 1 and SSL vpn gateways 2 are located at same Gateway group, SSL vpn gateways based on SSL vpn gateways 1, SSL vpn gateways 2 are standby SSL vpn gateways, the group ground of the gateway group Location is 1.1.1.254, and the tcp port of the gateway group is designated tcp port 443 (acquiescence TCP SSL ports).
Under above-mentioned application scenarios, the message transmitting method may comprise steps of:
Step 1, SSL vpn gateways 1 are external to issue the route for carrying IP address 1.1.1.254 and tcp port 443;Network Equipment R1, network equipment R2 may learn the route for carrying IP address 1.1.1.254 and tcp port 443.SSL vpn gateways 2 The route that carry IP address 1.1.1.254 and tcp port 443 is externally issued;Network equipment R1, network equipment R2 can learn To the route for carrying IP address 1.1.1.254 and tcp port 443.Network equipment R1, network equipment R2 may learn IP address 1.1.1.254 two routes, this two routes form equal-cost route on network equipment R1, network equipment R2.
Step 2, user log in the SSL VPN pages, and input the identity informations such as user name, password, and are input into SSL VPN nets The information such as group address 1.1.1.254 of pass and tcp port 443.Terminal device utilizes the identity information, the group address 1.1.1.254, the tcp port 443 generates session negotiation request message, and sends the session negotiation request message.Wherein, the meeting Words message of negotiation request source IP address can be 100.1.1.1, purpose IP address can be 1.1.1.254, purpose tcp port Can be 443.
Step 3, network equipment R1 after the session negotiation request message is received, due to locally there are purpose IP address 1.1.1.254 two routes, SSL vpn gateways 1 and VPN SSL gateways 2 be all purpose IP address 1.1.1.254 corresponding under One jumps, and therefore, it can for the session negotiation request message to be sent to SSL vpn gateways 1 or SSL vpn gateways 2, to be sent to Illustrate as a example by SSL vpn gateways 2.
Step 4, SSL vpn gateways 2 after session negotiation request message is received, as this SSL vpn gateways 2 are standby Therefore the session negotiation request message is sent to SSL vpn gateways 1 by SSL vpn gateways.
Step 5, SSL vpn gateways 1 are parsed after session negotiation request message is received from session negotiation request message Go out identity information, and terminal device is authenticated using the identity information.If certification success, execution step 6.If certification is lost Lose, then the response message of authentification failure is sent to terminal device, terminate flow process.
Step 6, SSL vpn gateways 1 (such as randomly select a UDP end for the terminal device distribution udp port mark 4430 Mouth mark), and distribute virtual access IP address 10.1.1.1 and virtual access MAC (Media Access for the terminal device Control, medium access control) address (such as Virtual MAC 1).
In one example, empty IP network section, such as 10.1.1.0/24, SSL can be pre-configured with SSL vpn gateways 1 Vpn gateway 1, can directly from the empty IP network section, selection one be available when IP address is accessed for terminal device distribution is virtual IP address 10.1.1.1, and mark the IP address unavailable.In the same manner, virtual MAC model can be pre-configured with SSL vpn gateways 1 Enclose, and SSL vpn gateways 1 directly can be selected from the range of virtual MAC when MAC Address being accessed for terminal device distribution is virtual One available MAC Address (such as Virtual MAC 1), and mark the MAC Address unavailable.And, also can match somebody with somebody in advance on the server The empty IP network section and the virtual MAC scope is put, and the server only can belong to the empty IP network section, source MAC category to source IP address Processed in the data message of the virtual MAC scope.
Step 7, SSL vpn gateways 1 determine that the terminal device is able to access that server 1 and server 2, and determine server 1 IP address 20.1.1.254 and IP address 30.1.1.254 of server 2, and determine the corresponding authenticated encryption of the terminal device Information.The authenticated encryption information can be included but is not limited to:AES, exchange encryption key, message integrity verification algorithm Etc. information, this authenticated encryption information is not limited.
Step 8, SSL vpn gateways 1 will carry udp port mark 4430, virtual access IP address 10.1.1.1, virtuality MAC1, IP address 20.1.1.254 of server 1, IP address 30.1.1.254 of server 2, the response report of authenticated encryption information Text is sent to terminal device, and will carry the notice of authenticated encryption information, udp port mark 4430 and IP address 100.1.1.1 Message is sent to SSL vpn gateways 2.
Step 9, SSL vpn gateways 1 and SSL vpn gateways 2 in local storage medium, preserve the authenticated encryption information, The udp port mark 4430 and IP address 100.1.1.1.
Step 10, terminal device are being received after the response message of SSL vpn gateways 1, from the response message In parse udp port mark 4430, virtual access IP address 10.1.1.1, Virtual MAC 1, the IP address of server 1 20.1.1.254, IP address 30.1.1.254 of server 2 and authenticated encryption information, and using above- mentioned information to server 1 Or server 2 sends datagram.
In one example, terminal device is in the mistake sent datagram to server 1 (IP address is 20.1.1.254) Cheng Zhong, can first generate an internal layer message, and the source IP address of the internal layer message accesses IP address 10.1.1.1, purpose for virtual IP address 20.1.1.254 of the IP address for server 1, source MAC are Virtual MAC 1, and target MAC (Media Access Control) address is any MAC.It Afterwards, terminal device is encrypted to the internal layer message etc. using the authenticated encryption information and is processed, and obtains an encryption data message. Afterwards, terminal device encapsulated outer layer heading before the encryption data message, obtained a data message.Wherein, the outer layer The source IP address of heading is 100.1.1.1, and purpose IP address are group address 1.1.1.254 of SSL vpn gateways.
It should be noted that from unlike traditional approach, the data message is not the datagram of a TCP type Text, but the data message of a UDP type.Therefore, source tcp port and purpose tcp port are not carried in the data message, and It is carrying source udp port and purpose udp port.Wherein, the source udp port can be arbitrary port-mark, purpose udp port For above-mentioned udp port mark 4430.
In the same manner, the process for sending datagram to server 2 (IP address is 30.1.1.254) for terminal device, with end End equipment is similar to the process that server 1 sends datagram, and it is no longer repeated for here.
In one example, for data message adopt UDP types, rather than using TCP types the reason for, will be in this Shen Please illustrate in the subsequent process of embodiment, here is no longer referred to and repeated.
Step 11, network equipment R1 after data message is received, due to locally there are purpose IP address 1.1.1.254 Two routes, SSL vpn gateways 1 and VPN SSL gateways 2 are all the corresponding next-hops of purpose IP address 1.1.1.254, because The data message can be sent to SSL vpn gateways 1 or SSL vpn gateways 2, data message is sent to SSL by this Illustrate as a example by vpn gateway 1.
In one example, if SSL vpn gateways 1 break down, i.e. SSL vpn gateways 1 not after line, then the network equipment SSL vpn gateways 1 can be deleted from the corresponding next-hops of 1.1.1.254 by R1 when SSL 1 failures of vpn gateway are detected, this The data message of purpose IP address 1.1.1.254 only can be sent to SSL vpn gateways 2 by sample, network equipment R1.In the same manner, if SSL Vpn gateway 2 breaks down, i.e. not after line, then network equipment R1 is detecting 2 failure of SSL vpn gateways to SSL vpn gateways 2 When, SSL vpn gateways 2 can be deleted from the corresponding next-hops of 1.1.1.254, so, network equipment R1 only can be by purpose IP The data message of address 1.1.1.254 is sent to SSL vpn gateways 1.
Step 12, SSL vpn gateways 1 determine the outer layer source IP address of data message after data message is received 100.1.1.1 corresponding authenticated encryption information, and the internal layer message that the data message includes is entered using the authenticated encryption information Row decryption processing.
Step 13, SSL vpn gateways 1 by decryption processing after internal layer message be sent to server 1.The source of the internal layer message IP address accesses IP address 10.1.1.1, IP address 20.1.1.254 of the purpose IP address for server 1, source MAC ground for virtual Location is Virtual MAC 1, and target MAC (Media Access Control) address is any MAC.
Step 14, server 1 after the internal layer message is received, to terminal device returned data response message.Wherein, should The source IP address of data response message can be connect for virtuality for IP address 20.1.1.254 of server 1, purpose IP address Enter IP address 10.1.1.1, source MAC can be the MAC Address of server 1, and target MAC (Media Access Control) address can be Virtual MAC 1.
Step 15, network equipment R2 carry out load balancing after the data response message is received, by the data response Message is transmitted to SSL vpn gateways 1 or SSL vpn gateways 2.Describe for convenience, the data are responded with network equipment R2 Message is illustrated as a example by being transmitted to SSL vpn gateways 2.
In one example, empty IP network section can be pre-configured with SSL vpn gateways 1 and SSL vpn gateways 2, such as 10.1.1.0/24.And, SSL vpn gateways 1 can externally issue the route for carrying IP network section 10.1.1.0/24, and network sets Standby R2 may learn the route for carrying IP network section 10.1.1.0/24.SSL vpn gateways 2 can externally be issued and carry the IP The route of network segment 10.1.1.0/24, network equipment R2 may learn the route for carrying IP network section 10.1.1.0/24.Therefore, Network equipment R2 may learn two of IP network section 10.1.1.0/24 routes, and this two routes, can be with network equipment R2 Form equal-cost route.In sum, network equipment R2 is after data response message is received, as purpose IP address are IP address 10.1.1.1, IP address 10.1.1.1 can match two routes of IP network section 10.1.1.0/24, therefore, it can this Data response message is transmitted to SSL vpn gateways 1 or SSL vpn gateways 2.
After step 16, SSL vpn gateways 2 receive the data response message, the data are rung using authenticated encryption information Answer message to be encrypted, obtain encryption data message.Encryption data message is packaged, the encryption data report after encapsulation The outer layer source IP address of text is group address 1.1.1.254, and source udp port is udp port mark 4430, and purpose IP address are the end IP address 100.1.1.1 of end equipment, purpose udp port are arbitrary port-mark.Send the encryption data message after encapsulation.
Wherein, SSL vpn gateways 2 can first be based on purpose IP address after the data response message is received (10.1.1.1) IP address 100.1.1.1 of terminal device is determined with target MAC (Media Access Control) address (Virtual MAC 1), then finds IP ground The corresponding authenticated encryption information of location 100.1.1.1 and udp port mark 4430, then using the authenticated encryption information to the data Response message is encrypted, and when process is packaged to encryption data message, encryption data message after packaging Outer layer source udp port in record udp port mark 4430.
It should be noted that from unlike traditional approach, the encryption data message after encapsulation is not a TCP type Message, but the message of a UDP type.Therefore, source tcp port and purpose tcp port is not carried in the message, but take Band source udp port and purpose udp port.Wherein, the source udp port can be that above-mentioned udp port identifies 4430, purpose UDP end Mouth is arbitrary port-mark.
In one example, for encapsulation after encryption data message adopt UDP types, rather than using TCP types Reason, will illustrate in the subsequent process of the embodiment of the present application, will not be described here.
Step 17, network equipment R1 receive encapsulation after encryption data message after, by encapsulation after encryption data report Text is sent to terminal device.Terminal device peels outer layer heading off in the encryption data message from after encapsulation, obtains an encryption Data message, and the encryption data message is decrypted etc. using authenticated encryption information and processes, data response message is obtained, i.e., The data response message that server is returned.
So far, the process that terminal device accesses the server resource in VPN is completed.
The reason for below to message using UDP types, is described in detail.
If terminal device is to the data message of the transmission TCP types of SSL vpn gateways 1, and (that i.e. outer layer heading is carried is TCP The information of port), the response message that only SSL vpn gateways 1 are returned, terminal device are just considered the response of above-mentioned data message Message, can continue to send datagram, and for the response message that SSL vpn gateways 2 are returned, terminal device is not considered as The response message of data message is stated, therefore the response message can be abandoned, be continued waiting for response message, so as to cause transmission abnormality.
In fact, either network equipment R1 sends datagram to SSL vpn gateways 1 or SSL vpn gateways 2, also It is that network equipment R2 sends response message to SSL vpn gateways 1 or SSL vpn gateways 2, in order to realize load balancing function, Data message/response message can be sent to SSL vpn gateways 1 or SSL vpn gateways 2, therefore can there is above-mentioned transmission Abnormal problem.
In contrast to this, if terminal device sends data message (the i.e. outer layer message of UDP types to SSL vpn gateways 1 What head was carried is the information of udp port), then the response message that either SSL vpn gateways 1 are returned, or SSL vpn gateways 2 The response message of return, terminal device are considered that the response message of above-mentioned data message, terminal device can continue to send number According to message, it is to avoid transmission abnormality.This is based on, in the embodiment of the present application, terminal device sends UDP types to SSL vpn gateways Data message (i.e. outer layer heading carries udp port mark 4430), SSL vpn gateways send UDP types to terminal device Response message (i.e. outer layer heading carries udp port mark 4430).
Conceived based on the application same with said method, in the embodiment of the present application, additionally provide a kind of message transmitting device, The SSL vpn gateways being applied in gateway group, the gateway group include a main SSL vpn gateway and at least one for SSL Vpn gateway, each SSL vpn gateways in the gateway group use same group address.Wherein, the message transmitting device can pass through Software is realized, it is also possible to realized by way of hardware or software and hardware combining.As a example by implemented in software, as a logic meaning Device in justice, is the processor by its SSL vpn gateway being located, corresponding computer in reading non-volatile storage Programmed instruction is formed.From for hardware view, as shown in figure 3, the SSL that the message transmitting device proposed for the application is located A kind of hardware structure diagram of vpn gateway, in addition to the processor shown in Fig. 3, nonvolatile memory, the SSL vpn gateways are also Other hardware can be included, be such as responsible for processing the forwarding chip of message, network interface, internal memory etc.;For from hardware configuration, should SSL vpn gateways are also possible to be distributed apparatus, potentially include multiple interface cards, to carry out Message processing in hardware view Extension.
As shown in figure 4, the structure chart of the message transmitting device proposed for the application, including:
Sending module 11, issues the route for carrying the group address for the neighboring net-work device to this SSL vpn gateways, So that the neighboring net-work device is by the message that purpose IP address are the group address, the SSL being sent in the gateway group Vpn gateway;
Receiver module 12, for receiving the message that the neighboring net-work device sends;
The sending module 11, is additionally operable to when the message is for session negotiation request message and this SSL vpn gateways are standby During SSL vpn gateways, the session negotiation request message is sent to main SSL vpn gateways;
Determining module 13, for when the message is for session negotiation request message and this SSL vpn gateways are main SSL VPN During gateway, it is determined that the server that the corresponding first terminal equipment of the source IP address of the session negotiation request message is able to access that And the corresponding encrypted authentication information of the first terminal equipment;
The sending module 11, is additionally operable to, when this SSL vpn gateways are main SSL vpn gateways, to carry the service The response message of the IP address of device and the encrypted authentication information is sent to the first terminal equipment, and by the authenticated encryption Information is sent to each for SSL vpn gateways.
After the message that the receiver module 12 receives that the neighboring net-work device sends;
The sending module 11, is additionally operable to when the message is data message, then corresponding using second terminal equipment Authenticated encryption information is decrypted process to the internal layer message that the data message includes;Wherein, the second terminal equipment is The corresponding terminal device of the outer layer source IP address of the data message;Internal layer message after by decryption processing is sent to the internal layer The corresponding server of the purpose IP address of message.
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways;The determination mould Block 13, is additionally operable to parse identity information from the session negotiation request message, and using the identity information to described the One terminal device is authenticated;If certification success, it is determined that the server and described that the first terminal equipment is able to access that The corresponding encrypted authentication information of one terminal device.
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways;The determination mould Block 13, is additionally operable to identify for the first terminal equipment distributing user Datagram Protocol UDP port;The sending module 12, also For udp port mark is sent to each for SSL vpn gateways;The response message also carries the udp port mark Know, the udp port is identified for making the first terminal equipment when sending datagram, and adds institute in outer layer heading State udp port mark.
The sending module 11, is additionally operable to after the data response message for receiving server transmission, using third terminal The corresponding authenticated encryption information of equipment is encrypted to the data response message, obtains encryption data message;Wherein, institute State the corresponding terminal device of purpose IP address that third terminal equipment is the data response message;To the encryption data message It is packaged, the outer layer source IP address of the encryption data message after encapsulation is the group address, and source port is the third terminal The corresponding udp port mark of equipment;Encryption data message after by encapsulation is sent to the third terminal equipment.
Wherein, the modules of the application device can be integrated in one, it is also possible to be deployed separately.Above-mentioned module can be closed And be a module, it is also possible to it is further split into multiple submodule.
Through the above description of the embodiments, those skilled in the art can be understood that the application can be by Software adds the mode of required general hardware platform to realize, naturally it is also possible to which by hardware, but the former is more in many cases Good embodiment.Such understanding is based on, the technical scheme of the application is substantially contributed to prior art in other words Part can be embodied in the form of software product, and the computer software product is stored in a storage medium, if including Dry instruction is used so that a computer equipment (can be personal computer, server, or network equipment etc.) executes this Shen Method that please be described in each embodiment.It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, Module or flow process in accompanying drawing is not necessarily implemented necessary to the application.
It will be appreciated by those skilled in the art that module in device in embodiment can be carried out point according to embodiment description It is distributed in the device of embodiment, it is also possible to carry out respective change and be disposed other than in one or more devices of the present embodiment.On The module for stating embodiment can merge into a module, can also be further split into multiple submodule.Above-mentioned the embodiment of the present application Sequence number is for illustration only, does not represent the quality of embodiment.
Several specific embodiments of only the application disclosed above, but, the application is not limited to this, any ability What the technical staff in domain can think change should all fall into the protection domain of the application.

Claims (10)

1. a kind of message transmitting method, it is characterised in that the safe socket character layer virtual private network SSL being applied in gateway group Vpn gateway, the gateway group include a main SSL vpn gateway and at least one for SSL vpn gateways, in the gateway group Each SSL vpn gateways use same group address, the method to include:
The route for carrying the group address is issued to the neighboring net-work device of this SSL vpn gateways, so that the neighbor networks set Standby by the message that purpose IP address are the group address, the SSL vpn gateways being sent in the gateway group;
Receive the message that the neighboring net-work device sends;
If the message is for session negotiation request message and this SSL vpn gateways are standby SSL vpn gateways, the session is assisted Business's request message is sent to main SSL vpn gateways;
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways, it is determined that the session Server and the first terminal equipment pair that the corresponding first terminal equipment of the source IP address of message of negotiation request is able to access that The encrypted authentication information that answers, and described for the carrying IP address of server and the response message of the encrypted authentication information are sent to The authenticated encryption information is sent to each for SSL vpn gateways by the first terminal equipment.
2. method according to claim 1, it is characterised in that receive message that the neighboring net-work device sends it Afterwards, methods described also includes:
If the message is data message, using the corresponding authenticated encryption information of second terminal equipment to the data message bag The internal layer message for including is decrypted process;Wherein, the second terminal equipment is the outer layer source IP address pair of the data message The terminal device that answers;
Internal layer message after by decryption processing is sent to the corresponding server of purpose IP address of the internal layer message.
3. method according to claim 1, it is characterised in that if the message is session negotiation request message and this SSL Vpn gateway is main SSL vpn gateways, in the corresponding first terminal equipment of the source IP address of the determination session negotiation request message Before the server being able to access that and the corresponding encrypted authentication information of the first terminal equipment, methods described also includes:
Identity information is parsed from the session negotiation request message, and the first terminal is set using the identity information Standby it is authenticated;
If certification success, the server and the first terminal equipment pair for determining that the first terminal equipment is able to access that is executed The process of the encrypted authentication information that answers.
4. method according to claim 1, it is characterised in that if the message is session negotiation request message and this SSL Vpn gateway is main SSL vpn gateways, will carry the IP address of the server and the response message of the encrypted authentication information Before being sent to the first terminal equipment, methods described also includes:
Identify for the first terminal equipment distributing user Datagram Protocol UDP port;
Udp port mark is sent to each for SSL vpn gateways;
The response message also carries udp port mark, and the udp port is identified for making the first terminal equipment exist When sending datagram, add the udp port mark in outer layer heading.
5. method according to claim 4, it is characterised in that methods described is further included:
After the data response message for receiving server transmission, using the corresponding authenticated encryption information of third terminal equipment to institute State data response message to be encrypted, obtain encryption data message;Wherein, the third terminal equipment is rung for the data Answer the corresponding terminal device of purpose IP address of message;
The encryption data message is packaged, the outer layer source IP address of the encryption data message after encapsulation is described group of ground Location, source port are the corresponding udp port mark of the third terminal equipment;
Encryption data message after by encapsulation is sent to the third terminal equipment.
6. a kind of message transmitting device, it is characterised in that the safe socket character layer virtual private network SSL being applied in gateway group Vpn gateway, the gateway group include a main SSL vpn gateway and at least one for SSL vpn gateways, in the gateway group Each SSL vpn gateways use same group address, described device to include:
Sending module, issues the route for carrying the group address, so that institute for the neighboring net-work device to this SSL vpn gateways Neighboring net-work device is stated by the message that purpose IP address are the group address, the SSL vpn gateways being sent in the gateway group;
Receiver module, for receiving the message that the neighboring net-work device sends;
The sending module, is additionally operable to when the message is for session negotiation request message and this SSL vpn gateways are standby SSL VPN During gateway, then the session negotiation request message is sent to main SSL vpn gateways;
Determining module, for when the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways When, it is determined that server and institute that the corresponding first terminal equipment of the source IP address of the session negotiation request message is able to access that State the corresponding encrypted authentication information of first terminal equipment;
The sending module, is additionally operable to, when this SSL vpn gateways are main SSL vpn gateways, to carry the IP of the server The response message of address and the encrypted authentication information is sent to the first terminal equipment, and the authenticated encryption information is sent out Each is given for SSL vpn gateways.
7. device according to claim 6, it is characterised in that
After the message that the receiver module receives that the neighboring net-work device sends;
The sending module, is additionally operable to when the message is data message, then add using the corresponding certification of second terminal equipment Confidential information is decrypted process to the internal layer message that the data message includes;Wherein, the second terminal equipment is the number According to the corresponding terminal device of the outer layer source IP address of message;Internal layer message after by decryption processing is sent to the internal layer message The corresponding server of purpose IP address.
8. device according to claim 6, it is characterised in that
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways;
The determining module, is additionally operable to parse identity information from the session negotiation request message, and utilizes the identity Information is authenticated to the first terminal equipment;If certification success, it is determined that the clothes that the first terminal equipment is able to access that Business device and the corresponding encrypted authentication information of the first terminal equipment.
9. device according to claim 6, it is characterised in that
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways;
The determining module, is additionally operable to identify for the first terminal equipment distributing user Datagram Protocol UDP port;
The sending module, is additionally operable to for udp port mark to be sent to each for SSL vpn gateways;
The response message also carries udp port mark, and the udp port is identified for making the first terminal equipment exist When sending datagram, add the udp port mark in outer layer heading.
10. device according to claim 9, it is characterised in that
The sending module, is additionally operable to after the data response message for receiving server transmission, using third terminal equipment pair The authenticated encryption information that answers is encrypted to the data response message, obtains encryption data message;Wherein, the described 3rd Terminal device is the corresponding terminal device of purpose IP address of the data response message;The encryption data message is sealed Dress, the outer layer source IP address of the encryption data message after encapsulation is the group address, and source port is the third terminal equipment pair The udp port mark that answers;Encryption data message after by encapsulation is sent to the third terminal equipment.
CN201610971698.0A 2016-10-31 2016-10-31 Message transmission method and device Active CN106506354B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610971698.0A CN106506354B (en) 2016-10-31 2016-10-31 Message transmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610971698.0A CN106506354B (en) 2016-10-31 2016-10-31 Message transmission method and device

Publications (2)

Publication Number Publication Date
CN106506354A true CN106506354A (en) 2017-03-15
CN106506354B CN106506354B (en) 2021-02-26

Family

ID=58323126

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610971698.0A Active CN106506354B (en) 2016-10-31 2016-10-31 Message transmission method and device

Country Status (1)

Country Link
CN (1) CN106506354B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108401262A (en) * 2018-02-06 2018-08-14 武汉斗鱼网络科技有限公司 A kind of method and device that terminal applies communication data is obtained and analyzed
CN110995564A (en) * 2019-12-31 2020-04-10 北京天融信网络安全技术有限公司 Message transmission method, device and secure network system
CN110505244B (en) * 2019-09-19 2020-06-02 南方电网数字电网研究院有限公司 Remote tunnel access technology gateway and server
CN112995120A (en) * 2019-12-18 2021-06-18 北京国双科技有限公司 Data monitoring method and device
CN113766434A (en) * 2021-10-08 2021-12-07 亿次网联(杭州)科技有限公司 File sharing method and device, home cloud server and storage medium
CN116781428A (en) * 2023-08-24 2023-09-19 湖南马栏山视频先进技术研究院有限公司 Forwarding system based on VPN flow

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101286884A (en) * 2008-05-15 2008-10-15 杭州华三通信技术有限公司 Method for implementing non-status multi-host backup and proxy gateway
CN101902400A (en) * 2010-07-21 2010-12-01 成都市华为赛门铁克科技有限公司 Gateway load balancing method, system and client device
CN102223365A (en) * 2011-06-03 2011-10-19 杭州华三通信技术有限公司 User access method and device based on SSL (Secure Socket Layer) VPN (Virtual Private Network) gateway cluster
CN102334311A (en) * 2009-02-26 2012-01-25 微软公司 Redirection of secure data connection requests
US20140304413A1 (en) * 2013-04-06 2014-10-09 Citrix Systems, Inc. Systems and methods for startup round robin enhancement
CN104702476A (en) * 2013-12-05 2015-06-10 华为技术有限公司 Distributed gateway, message processing method and message processing device based on distributed gateway
US9219781B2 (en) * 2013-04-06 2015-12-22 Citrix Systems, Inc. Systems and methods for GSLB preferred backup list
CN105393220A (en) * 2013-05-15 2016-03-09 思杰系统有限公司 Systems and methods for deploying a spotted virtual server in a cluster system
US9438701B2 (en) * 2012-05-05 2016-09-06 Citrix Systems, Inc. Systems and methods for a SPDY to HTTP gateway

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101286884A (en) * 2008-05-15 2008-10-15 杭州华三通信技术有限公司 Method for implementing non-status multi-host backup and proxy gateway
CN102334311A (en) * 2009-02-26 2012-01-25 微软公司 Redirection of secure data connection requests
CN101902400A (en) * 2010-07-21 2010-12-01 成都市华为赛门铁克科技有限公司 Gateway load balancing method, system and client device
CN102223365A (en) * 2011-06-03 2011-10-19 杭州华三通信技术有限公司 User access method and device based on SSL (Secure Socket Layer) VPN (Virtual Private Network) gateway cluster
US9438701B2 (en) * 2012-05-05 2016-09-06 Citrix Systems, Inc. Systems and methods for a SPDY to HTTP gateway
US20140304413A1 (en) * 2013-04-06 2014-10-09 Citrix Systems, Inc. Systems and methods for startup round robin enhancement
US9219781B2 (en) * 2013-04-06 2015-12-22 Citrix Systems, Inc. Systems and methods for GSLB preferred backup list
CN105393220A (en) * 2013-05-15 2016-03-09 思杰系统有限公司 Systems and methods for deploying a spotted virtual server in a cluster system
CN104702476A (en) * 2013-12-05 2015-06-10 华为技术有限公司 Distributed gateway, message processing method and message processing device based on distributed gateway

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
北京数盾信息科技有限公司: ""数盾SSL VPN网关解决方案"", 《HTTPS://WENKU.BAIDU.COM/VIEW/D30BF0E8102DE2BD96058846.HTML》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108401262A (en) * 2018-02-06 2018-08-14 武汉斗鱼网络科技有限公司 A kind of method and device that terminal applies communication data is obtained and analyzed
CN110505244B (en) * 2019-09-19 2020-06-02 南方电网数字电网研究院有限公司 Remote tunnel access technology gateway and server
CN112995120A (en) * 2019-12-18 2021-06-18 北京国双科技有限公司 Data monitoring method and device
CN110995564A (en) * 2019-12-31 2020-04-10 北京天融信网络安全技术有限公司 Message transmission method, device and secure network system
CN110995564B (en) * 2019-12-31 2021-11-12 北京天融信网络安全技术有限公司 Message transmission method, device and secure network system
CN113766434A (en) * 2021-10-08 2021-12-07 亿次网联(杭州)科技有限公司 File sharing method and device, home cloud server and storage medium
CN113766434B (en) * 2021-10-08 2022-03-04 亿次网联(杭州)科技有限公司 File sharing method and device, home cloud server and storage medium
CN116781428A (en) * 2023-08-24 2023-09-19 湖南马栏山视频先进技术研究院有限公司 Forwarding system based on VPN flow
CN116781428B (en) * 2023-08-24 2023-11-07 湖南马栏山视频先进技术研究院有限公司 Forwarding system based on VPN flow

Also Published As

Publication number Publication date
CN106506354B (en) 2021-02-26

Similar Documents

Publication Publication Date Title
CN106506354A (en) A kind of message transmitting method and device
US11134064B2 (en) Network guard unit for industrial embedded system and guard method
CN102377629B (en) Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system
CN107018134A (en) A kind of distribution terminal secure accessing platform and its implementation
CN105939239B (en) Data transmission method and device of virtual network card
CN110535653A (en) A kind of safe distribution terminal and its means of communication
CN104601550B (en) Reverse isolation file transmission system and method based on cluster array
CN100574237C (en) Act on behalf of cut-in method, control network devices and act on behalf of connecting system
CN104993993B (en) A kind of message processing method, equipment and system
CN104168173A (en) Method and device for terminal to achieve private network traversal to be in communication with server in IMS core network and network system
CN111385259B (en) Data transmission method, device, related equipment and storage medium
CN107306214A (en) Terminal connects method, system and the relevant device of Virtual Private Network
CN108769292A (en) Message data processing method and processing device
CN107579991A (en) A kind of method that high in the clouds protection certification is carried out to client, server and client side
CN104717205A (en) Industrial control firewall control method based on message reconstitution
CN103746815B (en) Safety communicating method and device
CN107040536A (en) Data ciphering method, device and system
CN107104929A (en) The methods, devices and systems of defending against network attacks
CN103780609A (en) Cloud data processing method and device and cloud data security gateway
CN108600404A (en) Terminal management method, device, computer equipment and storage medium in wireless network
CN107018154A (en) A kind of router and method for routing for being used to connect Intranet and outer net based on application layer
CN108737080A (en) Storage method, device, system and the equipment of password
CN106169952A (en) Authentication method that a kind of internet IKMP is heavily consulted and device
CN105471827A (en) Message transmission method and device
CN116055254A (en) Safe and trusted gateway system, control method, medium, equipment and terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

CB02 Change of applicant information
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant