CN106506354A - A kind of message transmitting method and device - Google Patents
A kind of message transmitting method and device Download PDFInfo
- Publication number
- CN106506354A CN106506354A CN201610971698.0A CN201610971698A CN106506354A CN 106506354 A CN106506354 A CN 106506354A CN 201610971698 A CN201610971698 A CN 201610971698A CN 106506354 A CN106506354 A CN 106506354A
- Authority
- CN
- China
- Prior art keywords
- message
- ssl vpn
- vpn gateways
- address
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/28—Routing or path finding of packets in data switching networks using route fault recovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
Abstract
The application provides a kind of message transmitting method and device, and the method includes:The route for carrying group address is issued to the neighboring net-work device of this SSL vpn gateways, so that the neighboring net-work device is by the message that purpose IP address are the group address, the SSL vpn gateways being sent in gateway group;Receive the message that the neighboring net-work device sends;If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways, server and the corresponding encrypted authentication information of the first terminal equipment that then determination first terminal equipment is able to access that, and described for the carrying IP address of server and the response message of the encrypted authentication information are sent to the first terminal equipment, the authenticated encryption information is sent to each for SSL vpn gateways.By the technical scheme of the application, the process performance of SSL vpn gateways is improved, improve user experience, it is to avoid service disconnection.
Description
Technical field
The application is related to communication technical field, more particularly to a kind of message transmitting method and device.
Background technology
SSL (Secure Sockets Layer, security socket layer) VPN (Virtual Private Network, empty
Intend dedicated network) be VPN technologies based on SSL, authentication that ssl protocol can be made full use of to provide, data encryption,
The mechanism such as message integrity verification, are the connection setup secure connection of application layer.
In the network for deploying SSL vpn gateways, terminal device sends session negotiation request report to SSL vpn gateways
Text, SSL vpn gateways are that terminal device distributes authenticated encryption information, and authenticated encryption information is sent to terminal device.Terminal
Equipment is encrypted to data message etc. using authenticated encryption information and is processed when sending datagram, and SSL vpn gateways are connecing
After receiving data message, data message is decrypted etc. and to be processed, and data message is sent to server.Aforesaid way can be with
Ensure the transmission security of data message.
At present, if disposing plural SSL vpn gateways in network, different SSL vpn gateways are different terminals
Equipment provides service.When certain SSL vpn gateway is offline, access the SSL vpn gateways terminal device can be forced offline,
Other SSL vpn gateways are linked into afterwards again, so as to have impact on user experience, and during the business of terminal device can occur
Disconnected.
Content of the invention
The application provides a kind of message transmitting method, the safe socket character layer virtual private network being applied in gateway group
SSL vpn gateways, the gateway group include a main SSL vpn gateway and at least one for SSL vpn gateways, the gateway group
Interior each SSL vpn gateways use same group address, the method to include:
The route for carrying the group address is issued to the neighboring net-work device of this SSL vpn gateways, so that neighbours' net
Network equipment is by the message that purpose IP address are the group address, the SSL vpn gateways being sent in the gateway group;
Receive the message that the neighboring net-work device sends;
If the message is for session negotiation request message and this SSL vpn gateways are standby SSL vpn gateways, by the meeting
Words message of negotiation request is sent to main SSL vpn gateways;
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways, it is determined that described
The server and the first terminal that the corresponding first terminal equipment of the source IP address of session negotiation request message is able to access that sets
Standby corresponding encrypted authentication information, and the response message of the IP address and the encrypted authentication information that carry the server is sent out
The first terminal equipment is given, the authenticated encryption information is sent to each for SSL vpn gateways.
The application provides a kind of message transmitting device, the safe socket character layer virtual private network being applied in gateway group
SSL vpn gateways, the gateway group include a main SSL vpn gateway and at least one for SSL vpn gateways, the gateway group
Interior each SSL vpn gateways use same group address, described device to include:
Sending module, issues the route for carrying the group address for the neighboring net-work device to this SSL vpn gateways, with
The neighboring net-work device is made by the message that purpose IP address are the group address, the SSL VPN being sent in the gateway group
Gateway;
Receiver module, for receiving the message that the neighboring net-work device sends;
The sending module, is additionally operable to when the message is for session negotiation request message and this SSL vpn gateways are standby SSL
During vpn gateway, then the session negotiation request message is sent to main SSL vpn gateways;
Determining module, for when the message is for session negotiation request message and this SSL vpn gateways are main SSL VPN nets
Guan Shi, it is determined that server that the corresponding first terminal equipment of the source IP address of the session negotiation request message is able to access that and
The corresponding encrypted authentication information of the first terminal equipment;
The sending module, is additionally operable to, when this SSL vpn gateways are main SSL vpn gateways, to carry the server
IP address and the response message of the encrypted authentication information be sent to the first terminal equipment, and the authenticated encryption is believed
Breath is sent to each for SSL vpn gateways.
Based on above-mentioned technical proposal, in the embodiment of the present application, at least two SSL vpn gateways can be disposed in a network,
And load balancing is carried out between this at least two SSL vpn gateway, so as to avoid a SSL vpn gateway from setting great amount of terminals
Standby offer service, improves the process performance of SSL vpn gateways, and SSL vpn gateways will not become performance bottleneck.And, gateway group
Interior main SSL vpn gateways and standby SSL vpn gateways can issue carrying group ground to the neighboring net-work device of this SSL vpn gateways
The route of location, so, on neighboring net-work device, will form the equal-cost route for reaching the group address.In addition, main SSL VPN
Gateway and standby SSL vpn gateways are stored with the corresponding encrypted authentication information of terminal device.This is based on, neighboring net-work device is connecing
Receive after the message of terminal device, if the purpose IP address of the message are the group address, neighboring net-work device just can be with
The equal-cost route is based on, any one the SSL vpn gateway message being sent in gateway group, so that a terminal sets
Standby message can be shared on different SSL vpn gateways, rather than the message of terminal device is entered by a SSL vpn gateway
Row is processed.So, when certain SSL vpn gateway is offline, message is sent to remaining by the convergence that can be route automatically
On SSL vpn gateways, i.e., terminal device can seamlessly switch to other SSL vpn gateways, and timely business can be protected
Shield, will not have any impact to user, improve user experience, it is to avoid business is interrupted, and improve user's access
Reliability and stability, and achieve the timely traffic protection between SSL vpn gateways.
Description of the drawings
In order to the embodiment of the present application or technical scheme of the prior art are clearly described, below will be to the application
Needed for embodiment or description of the prior art, accompanying drawing to be used is briefly described, it should be apparent that, in describing below
Accompanying drawing is only some embodiments described in the application, for those of ordinary skill in the art, can be with according to these
Accompanying drawing obtains other accompanying drawings.
Fig. 1 is the flow chart of the message transmitting method in a kind of embodiment of the application;
Fig. 2 is the application scenarios schematic diagram in a kind of embodiment of the application;
Fig. 3 is the hardware structure diagram of the SSL vpn gateways in a kind of embodiment of the application;
Fig. 4 is the structure chart of the message transmitting device in a kind of embodiment of the application.
Specific embodiment
In term used in this application merely for the sake of the purpose for describing specific embodiment, and unrestricted the application.This Shen
Please it is also intended to include most forms with " one kind ", " described " and " being somebody's turn to do " of the singulative used in claims, unless
Context clearly shows that other implications.It is also understood that term "and/or" used herein is referred to comprising one or more
Associated any or all possible combination for listing project.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.For example, without departing from
In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depend on linguistic context, additionally, used word " if " can be construed to " and ... when " or " when ... when "
Or " in response to determining ".
A kind of message transmitting method is proposed in the embodiment of the present application, and the method can apply to the SSL VPN in gateway group
Gateway.The gateway group can include a main SSL vpn gateway and at least one for SSL vpn gateways, each in the gateway group
SSL vpn gateways use identical group address (i.e. IP address).
In one example, for each SSL vpn gateways in gateway group, can configure based on a SSL vpn gateway
SSL vpn gateways, and to configure other SSL vpn gateways remaining be standby SSL vpn gateways.Main SSL vpn gateways are responsible for process
From the session negotiation request message of terminal device, it is that terminal device executes the operation such as certification and mandate.Standby SSL vpn gateways are not
It is responsible for terminal device and executes the operation such as certification and mandate, but the session negotiation request message for directly receiving itself is transmitted to
Main SSL vpn gateways.Main SSL vpn gateways and standby SSL vpn gateways can process the data message from terminal device.Its
In, when main SSL vpn gateways normal work, standby SSL vpn gateways do not execute the operation such as certification and mandate for terminal device, when
When main SSL vpn gateways are abnormal, standby SSL vpn gateways become new main SSL vpn gateways, and are responsible for processing from terminal device
Session negotiation request message, to terminal device execute certification and mandate etc. operation.
Shown in Figure 1, it is the flow chart of message transmitting method, the method can apply to the SSL VPN in gateway group
Gateway (main SSL vpn gateways or standby SSL vpn gateways), the method may comprise steps of:
Step 101, issues the route for carrying the group address, so that neighbours to the neighboring net-work device of this SSL vpn gateways
The message that purpose IP address are the group address, the SSL vpn gateways being sent in gateway group are sent to gateway by the network equipment
Main SSL vpn gateways or arbitrary standby SSL vpn gateways in group.
In one example, when there is multiple SSL vpn gateways, these SSL vpn gateways can be constituted a net
Pass group, each SSL vpn gateways in the gateway group use identical group address.And, terminal device need not pay close attention to gateway group
The real ip address of interior each SSL vpn gateways, it is only necessary to know that the group address (as user can know the group address, and is incited somebody to action
The group address is configured on terminal device), it is possible to send session negotiation request message that purpose IP address are the group address or
Person's data message.
Each SSL vpn gateways in gateway group can be issued to the neighboring net-work device of this SSL vpn gateways and carry the group
The route of address, so, on the neighboring net-work device, will form the equal-cost route for reaching the group address.Neighbor networks set
Standby receiving after the message (such as session negotiation request message or data message) of terminal device, if purpose IP of message
Address is the group address, then any one the SSL vpn gateway that can be sent to the message in gateway group, such as main SSL VPN
Gateway or standby SSL vpn gateways.
Step 102, receives the message that neighboring net-work device sends, and the message can be session negotiation request message or number
According to message.If the message is session negotiation request message, execution step 103.
Session message of negotiation request, if this SSL vpn gateways are standby SSL vpn gateways, is sent to master by step 103
SSL vpn gateways.If this SSL vpn gateways are main SSL vpn gateways, it is determined that the server that first terminal equipment is able to access that
And the corresponding encrypted authentication information of first terminal equipment.Wherein, the first terminal equipment is referred to:The session negotiation request message
The corresponding terminal device of source IP address.
In one example, main SSL vpn gateways session negotiation request message is received, (directly send out by first terminal equipment
The session negotiation request message of main SSL vpn gateways is given, or standby SSL vpn gateways are transmitted to the meeting of main SSL vpn gateways
Words message of negotiation request) after, identity information (such as user name, password etc.) is parsed from session negotiation request message, and is utilized
Identity information is authenticated to first terminal equipment.If certification success, determine server that first terminal equipment is able to access that and
The corresponding encrypted authentication information of first terminal equipment.If authentification failure, to the response that first terminal equipment sends authentification failure
Message.
In one example, for the process of " determining the server that first terminal equipment is able to access that ", can be in main SSL
The mapping relations of configuration identity information and resource on vpn gateway, and on main SSL vpn gateways each resource of configuration provides service
The information (such as the IP address of server) of device.This is based on, main SSL vpn gateways parse identity from session negotiation request message
After information, it is possible to obtain the corresponding resource of the identity information, it is possible to determine the IP address of the server that the resource is provided.
The resource can be FTP (File Transfer Protocol, FTP) resource, WEB resources, file storage resource
Deng.
In one example, for the authenticated encryption information for determining, including but not limited to:AES, exchange encryption are close
The information such as key, message integrity verification algorithm, are not limited to this authenticated encryption information.
Step 104, main SSL vpn gateways will carry the IP address of the server and the response message of the encrypted authentication information
First terminal equipment is sent to, and the authenticated encryption information is sent to each for SSL vpn gateways, such as can will be carried this and recognize
The notice message of card encryption information is sent to each for SSL vpn gateways.
First terminal equipment can parse the IP ground of server from the response message after the response message is received
Location and encrypted authentication information, and sent datagram using the IP address and the encrypted authentication information.
In one example, the data message for sending for each terminal device, can be sent to gateway by neighboring net-work device
Main SSL vpn gateways or standby SSL vpn gateways in group.This is based on, main SSL vpn gateways or standby SSL vpn gateways exist
After receiving the message of neighboring net-work device transmission, if the message is data message, using the corresponding certification of second terminal equipment
Encryption information is decrypted process to the internal layer message that the data message includes, and by decryption processing after internal layer message be sent to
The corresponding server of the purpose IP address of the internal layer message.Second terminal equipment is that the outer layer source IP address of the data message is corresponding
Terminal device.
In one example, if message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways,
Before the response message of the IP address and encrypted authentication information that carry server is sent to first terminal equipment, can also be
First terminal equipment distributes UDP (User Datagram Protocol, UDP) port-mark, and by the UDP
Port-mark is sent to each for SSL vpn gateways.And, above-mentioned response message also carries the udp port mark, the UDP ends
Mouth is identified for making first terminal equipment when sending datagram, and adds the udp port mark in outer layer heading.
In one example, main SSL vpn gateways or standby SSL vpn gateways are rung in the data for receiving server transmission
After answering message, it is possible to use the corresponding authenticated encryption information of third terminal equipment is encrypted to the data response message,
Obtain encryption data message.Wherein, third terminal equipment is the corresponding terminal device of purpose IP address of the data response message.
Afterwards, encryption data message is packaged, the outer layer source IP address of the encryption data message after encapsulation is group address, source port
For the corresponding udp port mark of third terminal equipment.Afterwards, by encapsulation after encryption data message be sent to third terminal and set
Standby.
Based on above-mentioned technical proposal, in the embodiment of the present application, at least two SSL vpn gateways can be disposed in a network,
And load balancing is carried out between this at least two SSL vpn gateway, so as to avoid a SSL vpn gateway from setting great amount of terminals
Standby offer service, improves the process performance of SSL vpn gateways, and SSL vpn gateways will not become performance bottleneck.And, gateway group
Interior main SSL vpn gateways and standby SSL vpn gateways can issue carrying group ground to the neighboring net-work device of this SSL vpn gateways
The route of location, so, on neighboring net-work device, will form the equal-cost route for reaching the group address.In addition, main SSL VPN
Gateway and standby SSL vpn gateways are stored with the corresponding encrypted authentication information of terminal device.This is based on, neighboring net-work device is connecing
Receive after the message of terminal device, if the purpose IP address of the message are the group address, neighboring net-work device just can be with
The equal-cost route is based on, any one the SSL vpn gateway message being sent in gateway group, so that a terminal sets
Standby message can be shared on different SSL vpn gateways, rather than the message of terminal device is entered by a SSL vpn gateway
Row is processed.So, when certain SSL vpn gateway is offline, message is sent to remaining by the convergence that can be route automatically
On SSL vpn gateways, i.e., terminal device can seamlessly switch to other SSL vpn gateways, and timely business can be protected
Shield, will not have any impact to user, improve user experience, it is to avoid business is interrupted, and improve user's access
Reliability and stability, and achieve the timely traffic protection between SSL vpn gateways.
Below in conjunction with the application scenarios shown in Fig. 2, the said process of the embodiment of the present application is described in detail.
In fig. 2 it is possible to set including terminal device, the network equipment R1, SSL vpn gateway 1, SSL vpn gateways 2, network
The equipment such as standby R2, server 1 and server 2.Wherein, the IP address of terminal device be 100.1.1.1, the IP address of server 1
For 20.1.1.254, the IP address of server 2 is 30.1.1.254.SSL vpn gateways 1 and SSL vpn gateways 2 are located at same
Gateway group, SSL vpn gateways based on SSL vpn gateways 1, SSL vpn gateways 2 are standby SSL vpn gateways, the group ground of the gateway group
Location is 1.1.1.254, and the tcp port of the gateway group is designated tcp port 443 (acquiescence TCP SSL ports).
Under above-mentioned application scenarios, the message transmitting method may comprise steps of:
Step 1, SSL vpn gateways 1 are external to issue the route for carrying IP address 1.1.1.254 and tcp port 443;Network
Equipment R1, network equipment R2 may learn the route for carrying IP address 1.1.1.254 and tcp port 443.SSL vpn gateways 2
The route that carry IP address 1.1.1.254 and tcp port 443 is externally issued;Network equipment R1, network equipment R2 can learn
To the route for carrying IP address 1.1.1.254 and tcp port 443.Network equipment R1, network equipment R2 may learn IP address
1.1.1.254 two routes, this two routes form equal-cost route on network equipment R1, network equipment R2.
Step 2, user log in the SSL VPN pages, and input the identity informations such as user name, password, and are input into SSL VPN nets
The information such as group address 1.1.1.254 of pass and tcp port 443.Terminal device utilizes the identity information, the group address
1.1.1.254, the tcp port 443 generates session negotiation request message, and sends the session negotiation request message.Wherein, the meeting
Words message of negotiation request source IP address can be 100.1.1.1, purpose IP address can be 1.1.1.254, purpose tcp port
Can be 443.
Step 3, network equipment R1 after the session negotiation request message is received, due to locally there are purpose IP address
1.1.1.254 two routes, SSL vpn gateways 1 and VPN SSL gateways 2 be all purpose IP address 1.1.1.254 corresponding under
One jumps, and therefore, it can for the session negotiation request message to be sent to SSL vpn gateways 1 or SSL vpn gateways 2, to be sent to
Illustrate as a example by SSL vpn gateways 2.
Step 4, SSL vpn gateways 2 after session negotiation request message is received, as this SSL vpn gateways 2 are standby
Therefore the session negotiation request message is sent to SSL vpn gateways 1 by SSL vpn gateways.
Step 5, SSL vpn gateways 1 are parsed after session negotiation request message is received from session negotiation request message
Go out identity information, and terminal device is authenticated using the identity information.If certification success, execution step 6.If certification is lost
Lose, then the response message of authentification failure is sent to terminal device, terminate flow process.
Step 6, SSL vpn gateways 1 (such as randomly select a UDP end for the terminal device distribution udp port mark 4430
Mouth mark), and distribute virtual access IP address 10.1.1.1 and virtual access MAC (Media Access for the terminal device
Control, medium access control) address (such as Virtual MAC 1).
In one example, empty IP network section, such as 10.1.1.0/24, SSL can be pre-configured with SSL vpn gateways 1
Vpn gateway 1, can directly from the empty IP network section, selection one be available when IP address is accessed for terminal device distribution is virtual
IP address 10.1.1.1, and mark the IP address unavailable.In the same manner, virtual MAC model can be pre-configured with SSL vpn gateways 1
Enclose, and SSL vpn gateways 1 directly can be selected from the range of virtual MAC when MAC Address being accessed for terminal device distribution is virtual
One available MAC Address (such as Virtual MAC 1), and mark the MAC Address unavailable.And, also can match somebody with somebody in advance on the server
The empty IP network section and the virtual MAC scope is put, and the server only can belong to the empty IP network section, source MAC category to source IP address
Processed in the data message of the virtual MAC scope.
Step 7, SSL vpn gateways 1 determine that the terminal device is able to access that server 1 and server 2, and determine server
1 IP address 20.1.1.254 and IP address 30.1.1.254 of server 2, and determine the corresponding authenticated encryption of the terminal device
Information.The authenticated encryption information can be included but is not limited to:AES, exchange encryption key, message integrity verification algorithm
Etc. information, this authenticated encryption information is not limited.
Step 8, SSL vpn gateways 1 will carry udp port mark 4430, virtual access IP address 10.1.1.1, virtuality
MAC1, IP address 20.1.1.254 of server 1, IP address 30.1.1.254 of server 2, the response report of authenticated encryption information
Text is sent to terminal device, and will carry the notice of authenticated encryption information, udp port mark 4430 and IP address 100.1.1.1
Message is sent to SSL vpn gateways 2.
Step 9, SSL vpn gateways 1 and SSL vpn gateways 2 in local storage medium, preserve the authenticated encryption information,
The udp port mark 4430 and IP address 100.1.1.1.
Step 10, terminal device are being received after the response message of SSL vpn gateways 1, from the response message
In parse udp port mark 4430, virtual access IP address 10.1.1.1, Virtual MAC 1, the IP address of server 1
20.1.1.254, IP address 30.1.1.254 of server 2 and authenticated encryption information, and using above- mentioned information to server 1
Or server 2 sends datagram.
In one example, terminal device is in the mistake sent datagram to server 1 (IP address is 20.1.1.254)
Cheng Zhong, can first generate an internal layer message, and the source IP address of the internal layer message accesses IP address 10.1.1.1, purpose for virtual
IP address 20.1.1.254 of the IP address for server 1, source MAC are Virtual MAC 1, and target MAC (Media Access Control) address is any MAC.It
Afterwards, terminal device is encrypted to the internal layer message etc. using the authenticated encryption information and is processed, and obtains an encryption data message.
Afterwards, terminal device encapsulated outer layer heading before the encryption data message, obtained a data message.Wherein, the outer layer
The source IP address of heading is 100.1.1.1, and purpose IP address are group address 1.1.1.254 of SSL vpn gateways.
It should be noted that from unlike traditional approach, the data message is not the datagram of a TCP type
Text, but the data message of a UDP type.Therefore, source tcp port and purpose tcp port are not carried in the data message, and
It is carrying source udp port and purpose udp port.Wherein, the source udp port can be arbitrary port-mark, purpose udp port
For above-mentioned udp port mark 4430.
In the same manner, the process for sending datagram to server 2 (IP address is 30.1.1.254) for terminal device, with end
End equipment is similar to the process that server 1 sends datagram, and it is no longer repeated for here.
In one example, for data message adopt UDP types, rather than using TCP types the reason for, will be in this Shen
Please illustrate in the subsequent process of embodiment, here is no longer referred to and repeated.
Step 11, network equipment R1 after data message is received, due to locally there are purpose IP address 1.1.1.254
Two routes, SSL vpn gateways 1 and VPN SSL gateways 2 are all the corresponding next-hops of purpose IP address 1.1.1.254, because
The data message can be sent to SSL vpn gateways 1 or SSL vpn gateways 2, data message is sent to SSL by this
Illustrate as a example by vpn gateway 1.
In one example, if SSL vpn gateways 1 break down, i.e. SSL vpn gateways 1 not after line, then the network equipment
SSL vpn gateways 1 can be deleted from the corresponding next-hops of 1.1.1.254 by R1 when SSL 1 failures of vpn gateway are detected, this
The data message of purpose IP address 1.1.1.254 only can be sent to SSL vpn gateways 2 by sample, network equipment R1.In the same manner, if SSL
Vpn gateway 2 breaks down, i.e. not after line, then network equipment R1 is detecting 2 failure of SSL vpn gateways to SSL vpn gateways 2
When, SSL vpn gateways 2 can be deleted from the corresponding next-hops of 1.1.1.254, so, network equipment R1 only can be by purpose IP
The data message of address 1.1.1.254 is sent to SSL vpn gateways 1.
Step 12, SSL vpn gateways 1 determine the outer layer source IP address of data message after data message is received
100.1.1.1 corresponding authenticated encryption information, and the internal layer message that the data message includes is entered using the authenticated encryption information
Row decryption processing.
Step 13, SSL vpn gateways 1 by decryption processing after internal layer message be sent to server 1.The source of the internal layer message
IP address accesses IP address 10.1.1.1, IP address 20.1.1.254 of the purpose IP address for server 1, source MAC ground for virtual
Location is Virtual MAC 1, and target MAC (Media Access Control) address is any MAC.
Step 14, server 1 after the internal layer message is received, to terminal device returned data response message.Wherein, should
The source IP address of data response message can be connect for virtuality for IP address 20.1.1.254 of server 1, purpose IP address
Enter IP address 10.1.1.1, source MAC can be the MAC Address of server 1, and target MAC (Media Access Control) address can be Virtual MAC 1.
Step 15, network equipment R2 carry out load balancing after the data response message is received, by the data response
Message is transmitted to SSL vpn gateways 1 or SSL vpn gateways 2.Describe for convenience, the data are responded with network equipment R2
Message is illustrated as a example by being transmitted to SSL vpn gateways 2.
In one example, empty IP network section can be pre-configured with SSL vpn gateways 1 and SSL vpn gateways 2, such as
10.1.1.0/24.And, SSL vpn gateways 1 can externally issue the route for carrying IP network section 10.1.1.0/24, and network sets
Standby R2 may learn the route for carrying IP network section 10.1.1.0/24.SSL vpn gateways 2 can externally be issued and carry the IP
The route of network segment 10.1.1.0/24, network equipment R2 may learn the route for carrying IP network section 10.1.1.0/24.Therefore,
Network equipment R2 may learn two of IP network section 10.1.1.0/24 routes, and this two routes, can be with network equipment R2
Form equal-cost route.In sum, network equipment R2 is after data response message is received, as purpose IP address are IP address
10.1.1.1, IP address 10.1.1.1 can match two routes of IP network section 10.1.1.0/24, therefore, it can this
Data response message is transmitted to SSL vpn gateways 1 or SSL vpn gateways 2.
After step 16, SSL vpn gateways 2 receive the data response message, the data are rung using authenticated encryption information
Answer message to be encrypted, obtain encryption data message.Encryption data message is packaged, the encryption data report after encapsulation
The outer layer source IP address of text is group address 1.1.1.254, and source udp port is udp port mark 4430, and purpose IP address are the end
IP address 100.1.1.1 of end equipment, purpose udp port are arbitrary port-mark.Send the encryption data message after encapsulation.
Wherein, SSL vpn gateways 2 can first be based on purpose IP address after the data response message is received
(10.1.1.1) IP address 100.1.1.1 of terminal device is determined with target MAC (Media Access Control) address (Virtual MAC 1), then finds IP ground
The corresponding authenticated encryption information of location 100.1.1.1 and udp port mark 4430, then using the authenticated encryption information to the data
Response message is encrypted, and when process is packaged to encryption data message, encryption data message after packaging
Outer layer source udp port in record udp port mark 4430.
It should be noted that from unlike traditional approach, the encryption data message after encapsulation is not a TCP type
Message, but the message of a UDP type.Therefore, source tcp port and purpose tcp port is not carried in the message, but take
Band source udp port and purpose udp port.Wherein, the source udp port can be that above-mentioned udp port identifies 4430, purpose UDP end
Mouth is arbitrary port-mark.
In one example, for encapsulation after encryption data message adopt UDP types, rather than using TCP types
Reason, will illustrate in the subsequent process of the embodiment of the present application, will not be described here.
Step 17, network equipment R1 receive encapsulation after encryption data message after, by encapsulation after encryption data report
Text is sent to terminal device.Terminal device peels outer layer heading off in the encryption data message from after encapsulation, obtains an encryption
Data message, and the encryption data message is decrypted etc. using authenticated encryption information and processes, data response message is obtained, i.e.,
The data response message that server is returned.
So far, the process that terminal device accesses the server resource in VPN is completed.
The reason for below to message using UDP types, is described in detail.
If terminal device is to the data message of the transmission TCP types of SSL vpn gateways 1, and (that i.e. outer layer heading is carried is TCP
The information of port), the response message that only SSL vpn gateways 1 are returned, terminal device are just considered the response of above-mentioned data message
Message, can continue to send datagram, and for the response message that SSL vpn gateways 2 are returned, terminal device is not considered as
The response message of data message is stated, therefore the response message can be abandoned, be continued waiting for response message, so as to cause transmission abnormality.
In fact, either network equipment R1 sends datagram to SSL vpn gateways 1 or SSL vpn gateways 2, also
It is that network equipment R2 sends response message to SSL vpn gateways 1 or SSL vpn gateways 2, in order to realize load balancing function,
Data message/response message can be sent to SSL vpn gateways 1 or SSL vpn gateways 2, therefore can there is above-mentioned transmission
Abnormal problem.
In contrast to this, if terminal device sends data message (the i.e. outer layer message of UDP types to SSL vpn gateways 1
What head was carried is the information of udp port), then the response message that either SSL vpn gateways 1 are returned, or SSL vpn gateways 2
The response message of return, terminal device are considered that the response message of above-mentioned data message, terminal device can continue to send number
According to message, it is to avoid transmission abnormality.This is based on, in the embodiment of the present application, terminal device sends UDP types to SSL vpn gateways
Data message (i.e. outer layer heading carries udp port mark 4430), SSL vpn gateways send UDP types to terminal device
Response message (i.e. outer layer heading carries udp port mark 4430).
Conceived based on the application same with said method, in the embodiment of the present application, additionally provide a kind of message transmitting device,
The SSL vpn gateways being applied in gateway group, the gateway group include a main SSL vpn gateway and at least one for SSL
Vpn gateway, each SSL vpn gateways in the gateway group use same group address.Wherein, the message transmitting device can pass through
Software is realized, it is also possible to realized by way of hardware or software and hardware combining.As a example by implemented in software, as a logic meaning
Device in justice, is the processor by its SSL vpn gateway being located, corresponding computer in reading non-volatile storage
Programmed instruction is formed.From for hardware view, as shown in figure 3, the SSL that the message transmitting device proposed for the application is located
A kind of hardware structure diagram of vpn gateway, in addition to the processor shown in Fig. 3, nonvolatile memory, the SSL vpn gateways are also
Other hardware can be included, be such as responsible for processing the forwarding chip of message, network interface, internal memory etc.;For from hardware configuration, should
SSL vpn gateways are also possible to be distributed apparatus, potentially include multiple interface cards, to carry out Message processing in hardware view
Extension.
As shown in figure 4, the structure chart of the message transmitting device proposed for the application, including:
Sending module 11, issues the route for carrying the group address for the neighboring net-work device to this SSL vpn gateways,
So that the neighboring net-work device is by the message that purpose IP address are the group address, the SSL being sent in the gateway group
Vpn gateway;
Receiver module 12, for receiving the message that the neighboring net-work device sends;
The sending module 11, is additionally operable to when the message is for session negotiation request message and this SSL vpn gateways are standby
During SSL vpn gateways, the session negotiation request message is sent to main SSL vpn gateways;
Determining module 13, for when the message is for session negotiation request message and this SSL vpn gateways are main SSL VPN
During gateway, it is determined that the server that the corresponding first terminal equipment of the source IP address of the session negotiation request message is able to access that
And the corresponding encrypted authentication information of the first terminal equipment;
The sending module 11, is additionally operable to, when this SSL vpn gateways are main SSL vpn gateways, to carry the service
The response message of the IP address of device and the encrypted authentication information is sent to the first terminal equipment, and by the authenticated encryption
Information is sent to each for SSL vpn gateways.
After the message that the receiver module 12 receives that the neighboring net-work device sends;
The sending module 11, is additionally operable to when the message is data message, then corresponding using second terminal equipment
Authenticated encryption information is decrypted process to the internal layer message that the data message includes;Wherein, the second terminal equipment is
The corresponding terminal device of the outer layer source IP address of the data message;Internal layer message after by decryption processing is sent to the internal layer
The corresponding server of the purpose IP address of message.
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways;The determination mould
Block 13, is additionally operable to parse identity information from the session negotiation request message, and using the identity information to described the
One terminal device is authenticated;If certification success, it is determined that the server and described that the first terminal equipment is able to access that
The corresponding encrypted authentication information of one terminal device.
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways;The determination mould
Block 13, is additionally operable to identify for the first terminal equipment distributing user Datagram Protocol UDP port;The sending module 12, also
For udp port mark is sent to each for SSL vpn gateways;The response message also carries the udp port mark
Know, the udp port is identified for making the first terminal equipment when sending datagram, and adds institute in outer layer heading
State udp port mark.
The sending module 11, is additionally operable to after the data response message for receiving server transmission, using third terminal
The corresponding authenticated encryption information of equipment is encrypted to the data response message, obtains encryption data message;Wherein, institute
State the corresponding terminal device of purpose IP address that third terminal equipment is the data response message;To the encryption data message
It is packaged, the outer layer source IP address of the encryption data message after encapsulation is the group address, and source port is the third terminal
The corresponding udp port mark of equipment;Encryption data message after by encapsulation is sent to the third terminal equipment.
Wherein, the modules of the application device can be integrated in one, it is also possible to be deployed separately.Above-mentioned module can be closed
And be a module, it is also possible to it is further split into multiple submodule.
Through the above description of the embodiments, those skilled in the art can be understood that the application can be by
Software adds the mode of required general hardware platform to realize, naturally it is also possible to which by hardware, but the former is more in many cases
Good embodiment.Such understanding is based on, the technical scheme of the application is substantially contributed to prior art in other words
Part can be embodied in the form of software product, and the computer software product is stored in a storage medium, if including
Dry instruction is used so that a computer equipment (can be personal computer, server, or network equipment etc.) executes this Shen
Method that please be described in each embodiment.It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment,
Module or flow process in accompanying drawing is not necessarily implemented necessary to the application.
It will be appreciated by those skilled in the art that module in device in embodiment can be carried out point according to embodiment description
It is distributed in the device of embodiment, it is also possible to carry out respective change and be disposed other than in one or more devices of the present embodiment.On
The module for stating embodiment can merge into a module, can also be further split into multiple submodule.Above-mentioned the embodiment of the present application
Sequence number is for illustration only, does not represent the quality of embodiment.
Several specific embodiments of only the application disclosed above, but, the application is not limited to this, any ability
What the technical staff in domain can think change should all fall into the protection domain of the application.
Claims (10)
1. a kind of message transmitting method, it is characterised in that the safe socket character layer virtual private network SSL being applied in gateway group
Vpn gateway, the gateway group include a main SSL vpn gateway and at least one for SSL vpn gateways, in the gateway group
Each SSL vpn gateways use same group address, the method to include:
The route for carrying the group address is issued to the neighboring net-work device of this SSL vpn gateways, so that the neighbor networks set
Standby by the message that purpose IP address are the group address, the SSL vpn gateways being sent in the gateway group;
Receive the message that the neighboring net-work device sends;
If the message is for session negotiation request message and this SSL vpn gateways are standby SSL vpn gateways, the session is assisted
Business's request message is sent to main SSL vpn gateways;
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways, it is determined that the session
Server and the first terminal equipment pair that the corresponding first terminal equipment of the source IP address of message of negotiation request is able to access that
The encrypted authentication information that answers, and described for the carrying IP address of server and the response message of the encrypted authentication information are sent to
The authenticated encryption information is sent to each for SSL vpn gateways by the first terminal equipment.
2. method according to claim 1, it is characterised in that receive message that the neighboring net-work device sends it
Afterwards, methods described also includes:
If the message is data message, using the corresponding authenticated encryption information of second terminal equipment to the data message bag
The internal layer message for including is decrypted process;Wherein, the second terminal equipment is the outer layer source IP address pair of the data message
The terminal device that answers;
Internal layer message after by decryption processing is sent to the corresponding server of purpose IP address of the internal layer message.
3. method according to claim 1, it is characterised in that if the message is session negotiation request message and this SSL
Vpn gateway is main SSL vpn gateways, in the corresponding first terminal equipment of the source IP address of the determination session negotiation request message
Before the server being able to access that and the corresponding encrypted authentication information of the first terminal equipment, methods described also includes:
Identity information is parsed from the session negotiation request message, and the first terminal is set using the identity information
Standby it is authenticated;
If certification success, the server and the first terminal equipment pair for determining that the first terminal equipment is able to access that is executed
The process of the encrypted authentication information that answers.
4. method according to claim 1, it is characterised in that if the message is session negotiation request message and this SSL
Vpn gateway is main SSL vpn gateways, will carry the IP address of the server and the response message of the encrypted authentication information
Before being sent to the first terminal equipment, methods described also includes:
Identify for the first terminal equipment distributing user Datagram Protocol UDP port;
Udp port mark is sent to each for SSL vpn gateways;
The response message also carries udp port mark, and the udp port is identified for making the first terminal equipment exist
When sending datagram, add the udp port mark in outer layer heading.
5. method according to claim 4, it is characterised in that methods described is further included:
After the data response message for receiving server transmission, using the corresponding authenticated encryption information of third terminal equipment to institute
State data response message to be encrypted, obtain encryption data message;Wherein, the third terminal equipment is rung for the data
Answer the corresponding terminal device of purpose IP address of message;
The encryption data message is packaged, the outer layer source IP address of the encryption data message after encapsulation is described group of ground
Location, source port are the corresponding udp port mark of the third terminal equipment;
Encryption data message after by encapsulation is sent to the third terminal equipment.
6. a kind of message transmitting device, it is characterised in that the safe socket character layer virtual private network SSL being applied in gateway group
Vpn gateway, the gateway group include a main SSL vpn gateway and at least one for SSL vpn gateways, in the gateway group
Each SSL vpn gateways use same group address, described device to include:
Sending module, issues the route for carrying the group address, so that institute for the neighboring net-work device to this SSL vpn gateways
Neighboring net-work device is stated by the message that purpose IP address are the group address, the SSL vpn gateways being sent in the gateway group;
Receiver module, for receiving the message that the neighboring net-work device sends;
The sending module, is additionally operable to when the message is for session negotiation request message and this SSL vpn gateways are standby SSL VPN
During gateway, then the session negotiation request message is sent to main SSL vpn gateways;
Determining module, for when the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways
When, it is determined that server and institute that the corresponding first terminal equipment of the source IP address of the session negotiation request message is able to access that
State the corresponding encrypted authentication information of first terminal equipment;
The sending module, is additionally operable to, when this SSL vpn gateways are main SSL vpn gateways, to carry the IP of the server
The response message of address and the encrypted authentication information is sent to the first terminal equipment, and the authenticated encryption information is sent out
Each is given for SSL vpn gateways.
7. device according to claim 6, it is characterised in that
After the message that the receiver module receives that the neighboring net-work device sends;
The sending module, is additionally operable to when the message is data message, then add using the corresponding certification of second terminal equipment
Confidential information is decrypted process to the internal layer message that the data message includes;Wherein, the second terminal equipment is the number
According to the corresponding terminal device of the outer layer source IP address of message;Internal layer message after by decryption processing is sent to the internal layer message
The corresponding server of purpose IP address.
8. device according to claim 6, it is characterised in that
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways;
The determining module, is additionally operable to parse identity information from the session negotiation request message, and utilizes the identity
Information is authenticated to the first terminal equipment;If certification success, it is determined that the clothes that the first terminal equipment is able to access that
Business device and the corresponding encrypted authentication information of the first terminal equipment.
9. device according to claim 6, it is characterised in that
If the message is for session negotiation request message and this SSL vpn gateways are main SSL vpn gateways;
The determining module, is additionally operable to identify for the first terminal equipment distributing user Datagram Protocol UDP port;
The sending module, is additionally operable to for udp port mark to be sent to each for SSL vpn gateways;
The response message also carries udp port mark, and the udp port is identified for making the first terminal equipment exist
When sending datagram, add the udp port mark in outer layer heading.
10. device according to claim 9, it is characterised in that
The sending module, is additionally operable to after the data response message for receiving server transmission, using third terminal equipment pair
The authenticated encryption information that answers is encrypted to the data response message, obtains encryption data message;Wherein, the described 3rd
Terminal device is the corresponding terminal device of purpose IP address of the data response message;The encryption data message is sealed
Dress, the outer layer source IP address of the encryption data message after encapsulation is the group address, and source port is the third terminal equipment pair
The udp port mark that answers;Encryption data message after by encapsulation is sent to the third terminal equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610971698.0A CN106506354B (en) | 2016-10-31 | 2016-10-31 | Message transmission method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610971698.0A CN106506354B (en) | 2016-10-31 | 2016-10-31 | Message transmission method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106506354A true CN106506354A (en) | 2017-03-15 |
CN106506354B CN106506354B (en) | 2021-02-26 |
Family
ID=58323126
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610971698.0A Active CN106506354B (en) | 2016-10-31 | 2016-10-31 | Message transmission method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106506354B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108401262A (en) * | 2018-02-06 | 2018-08-14 | 武汉斗鱼网络科技有限公司 | A kind of method and device that terminal applies communication data is obtained and analyzed |
CN110995564A (en) * | 2019-12-31 | 2020-04-10 | 北京天融信网络安全技术有限公司 | Message transmission method, device and secure network system |
CN110505244B (en) * | 2019-09-19 | 2020-06-02 | 南方电网数字电网研究院有限公司 | Remote tunnel access technology gateway and server |
CN112995120A (en) * | 2019-12-18 | 2021-06-18 | 北京国双科技有限公司 | Data monitoring method and device |
CN113766434A (en) * | 2021-10-08 | 2021-12-07 | 亿次网联(杭州)科技有限公司 | File sharing method and device, home cloud server and storage medium |
CN116781428A (en) * | 2023-08-24 | 2023-09-19 | 湖南马栏山视频先进技术研究院有限公司 | Forwarding system based on VPN flow |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101286884A (en) * | 2008-05-15 | 2008-10-15 | 杭州华三通信技术有限公司 | Method for implementing non-status multi-host backup and proxy gateway |
CN101902400A (en) * | 2010-07-21 | 2010-12-01 | 成都市华为赛门铁克科技有限公司 | Gateway load balancing method, system and client device |
CN102223365A (en) * | 2011-06-03 | 2011-10-19 | 杭州华三通信技术有限公司 | User access method and device based on SSL (Secure Socket Layer) VPN (Virtual Private Network) gateway cluster |
CN102334311A (en) * | 2009-02-26 | 2012-01-25 | 微软公司 | Redirection of secure data connection requests |
US20140304413A1 (en) * | 2013-04-06 | 2014-10-09 | Citrix Systems, Inc. | Systems and methods for startup round robin enhancement |
CN104702476A (en) * | 2013-12-05 | 2015-06-10 | 华为技术有限公司 | Distributed gateway, message processing method and message processing device based on distributed gateway |
US9219781B2 (en) * | 2013-04-06 | 2015-12-22 | Citrix Systems, Inc. | Systems and methods for GSLB preferred backup list |
CN105393220A (en) * | 2013-05-15 | 2016-03-09 | 思杰系统有限公司 | Systems and methods for deploying a spotted virtual server in a cluster system |
US9438701B2 (en) * | 2012-05-05 | 2016-09-06 | Citrix Systems, Inc. | Systems and methods for a SPDY to HTTP gateway |
-
2016
- 2016-10-31 CN CN201610971698.0A patent/CN106506354B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101286884A (en) * | 2008-05-15 | 2008-10-15 | 杭州华三通信技术有限公司 | Method for implementing non-status multi-host backup and proxy gateway |
CN102334311A (en) * | 2009-02-26 | 2012-01-25 | 微软公司 | Redirection of secure data connection requests |
CN101902400A (en) * | 2010-07-21 | 2010-12-01 | 成都市华为赛门铁克科技有限公司 | Gateway load balancing method, system and client device |
CN102223365A (en) * | 2011-06-03 | 2011-10-19 | 杭州华三通信技术有限公司 | User access method and device based on SSL (Secure Socket Layer) VPN (Virtual Private Network) gateway cluster |
US9438701B2 (en) * | 2012-05-05 | 2016-09-06 | Citrix Systems, Inc. | Systems and methods for a SPDY to HTTP gateway |
US20140304413A1 (en) * | 2013-04-06 | 2014-10-09 | Citrix Systems, Inc. | Systems and methods for startup round robin enhancement |
US9219781B2 (en) * | 2013-04-06 | 2015-12-22 | Citrix Systems, Inc. | Systems and methods for GSLB preferred backup list |
CN105393220A (en) * | 2013-05-15 | 2016-03-09 | 思杰系统有限公司 | Systems and methods for deploying a spotted virtual server in a cluster system |
CN104702476A (en) * | 2013-12-05 | 2015-06-10 | 华为技术有限公司 | Distributed gateway, message processing method and message processing device based on distributed gateway |
Non-Patent Citations (1)
Title |
---|
北京数盾信息科技有限公司: ""数盾SSL VPN网关解决方案"", 《HTTPS://WENKU.BAIDU.COM/VIEW/D30BF0E8102DE2BD96058846.HTML》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108401262A (en) * | 2018-02-06 | 2018-08-14 | 武汉斗鱼网络科技有限公司 | A kind of method and device that terminal applies communication data is obtained and analyzed |
CN110505244B (en) * | 2019-09-19 | 2020-06-02 | 南方电网数字电网研究院有限公司 | Remote tunnel access technology gateway and server |
CN112995120A (en) * | 2019-12-18 | 2021-06-18 | 北京国双科技有限公司 | Data monitoring method and device |
CN110995564A (en) * | 2019-12-31 | 2020-04-10 | 北京天融信网络安全技术有限公司 | Message transmission method, device and secure network system |
CN110995564B (en) * | 2019-12-31 | 2021-11-12 | 北京天融信网络安全技术有限公司 | Message transmission method, device and secure network system |
CN113766434A (en) * | 2021-10-08 | 2021-12-07 | 亿次网联(杭州)科技有限公司 | File sharing method and device, home cloud server and storage medium |
CN113766434B (en) * | 2021-10-08 | 2022-03-04 | 亿次网联(杭州)科技有限公司 | File sharing method and device, home cloud server and storage medium |
CN116781428A (en) * | 2023-08-24 | 2023-09-19 | 湖南马栏山视频先进技术研究院有限公司 | Forwarding system based on VPN flow |
CN116781428B (en) * | 2023-08-24 | 2023-11-07 | 湖南马栏山视频先进技术研究院有限公司 | Forwarding system based on VPN flow |
Also Published As
Publication number | Publication date |
---|---|
CN106506354B (en) | 2021-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106506354A (en) | A kind of message transmitting method and device | |
US11134064B2 (en) | Network guard unit for industrial embedded system and guard method | |
CN102377629B (en) | Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system | |
CN107018134A (en) | A kind of distribution terminal secure accessing platform and its implementation | |
CN105939239B (en) | Data transmission method and device of virtual network card | |
CN110535653A (en) | A kind of safe distribution terminal and its means of communication | |
CN104601550B (en) | Reverse isolation file transmission system and method based on cluster array | |
CN100574237C (en) | Act on behalf of cut-in method, control network devices and act on behalf of connecting system | |
CN104993993B (en) | A kind of message processing method, equipment and system | |
CN104168173A (en) | Method and device for terminal to achieve private network traversal to be in communication with server in IMS core network and network system | |
CN111385259B (en) | Data transmission method, device, related equipment and storage medium | |
CN107306214A (en) | Terminal connects method, system and the relevant device of Virtual Private Network | |
CN108769292A (en) | Message data processing method and processing device | |
CN107579991A (en) | A kind of method that high in the clouds protection certification is carried out to client, server and client side | |
CN104717205A (en) | Industrial control firewall control method based on message reconstitution | |
CN103746815B (en) | Safety communicating method and device | |
CN107040536A (en) | Data ciphering method, device and system | |
CN107104929A (en) | The methods, devices and systems of defending against network attacks | |
CN103780609A (en) | Cloud data processing method and device and cloud data security gateway | |
CN108600404A (en) | Terminal management method, device, computer equipment and storage medium in wireless network | |
CN107018154A (en) | A kind of router and method for routing for being used to connect Intranet and outer net based on application layer | |
CN108737080A (en) | Storage method, device, system and the equipment of password | |
CN106169952A (en) | Authentication method that a kind of internet IKMP is heavily consulted and device | |
CN105471827A (en) | Message transmission method and device | |
CN116055254A (en) | Safe and trusted gateway system, control method, medium, equipment and terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |