CN106888145B - A kind of VPN resource access method and device - Google Patents

A kind of VPN resource access method and device Download PDF

Info

Publication number
CN106888145B
CN106888145B CN201710161590.XA CN201710161590A CN106888145B CN 106888145 B CN106888145 B CN 106888145B CN 201710161590 A CN201710161590 A CN 201710161590A CN 106888145 B CN106888145 B CN 106888145B
Authority
CN
China
Prior art keywords
resource
address
vpn
accessed
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710161590.XA
Other languages
Chinese (zh)
Other versions
CN106888145A (en
Inventor
宋小恒
赵海平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201710161590.XA priority Critical patent/CN106888145B/en
Publication of CN106888145A publication Critical patent/CN106888145A/en
Application granted granted Critical
Publication of CN106888145B publication Critical patent/CN106888145B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer

Abstract

The present invention provides a kind of VPN resource access method and device, applied to SSL vpn gateway equipment, method includes: that Xiang Yuben equipment establishes the Terminal Server Client of SSL vpn tunneling and sends the resource information for licensing to the resource in multiple VPN of Terminal Server Client, and multiple VPN are the VPN of the binding of SSL VPN instance belonging to the SSL vpn tunneling;The request message that Terminal Server Client is sent by SSL vpn tunneling is received, request message carries the access information for the resource to be accessed that Terminal Server Client is determined according to the resource information of resource;The matched forwarding-table item of access information with resource to be accessed is searched, and request message is forwarded according to the forwarding information in the forwarding-table item being matched to.

Description

A kind of VPN resource access method and device
Technical field
The present invention relates to network communication technology field more particularly to a kind of VPN resource access methods and device.
Background technique
SSL VPN is with the VPN (Virtual based on SSL (Secure Sockets Layer, security socket layer) Private Network, Virtual Private Network) technology.SSL VPN takes full advantage of authentication of the ssl protocol based on certificate, number It, being capable of connection setup secure connection between application layer according to encryption and message integrity verification mechanism.
In the SSL VPN accessed with IP connected mode, SSL vpn gateway equipment supports more VPN accesses.Gateway is logical It crosses and creates more SSL VPN instance, bind respective VPN in each SSL VPN instance, when user accesses the money in multiple VPN When source, needing to start multiple SSL VPN clients, each SSL VPN client logs in different SSL VPN instance, with SSL vpn gateway establishes SSL vpn tunneling, transmits respective VPN data.When VPN quantity is more, gateway will be largely consumed SSL vpn tunneling resource.
Summary of the invention
The purpose of the present invention is to provide a kind of VPN resource access method and devices, to reduce SSL in gateway The occupancy of vpn tunneling resource.
For achieving the above object, the present invention provides the following technical scheme that
The present invention provides a kind of VPN resource access method, applied to the gateway for supporting SSL VPN, the method packet It includes:
The Terminal Server Client transmission that Xiang Yuben equipment establishes SSL vpn tunneling licenses to the multiple of the Terminal Server Client The resource information of resource in VPN, the multiple VPN are the VPN of the binding of SSL VPN instance belonging to the SSL vpn tunneling;
It receives the Terminal Server Client and passes through the request message that the SSL vpn tunneling is sent, the request message carries The access information for the resource to be accessed that the Terminal Server Client is determined according to the resource information of the resource;
The matched forwarding-table item of access information with the resource to be accessed is searched, and according in the forwarding-table item being matched to Forwarding information forward the request message.
The present invention also provides a kind of VPN resource access devices, applied to the gateway for supporting SSL VPN, described device Include:
Transmission unit, the Terminal Server Client transmission for establishing SSL vpn tunneling for Xiang Yuben equipment license to described long-range The resource information of resource in multiple VPN of client, the multiple VPN are that SSL VPN belonging to the SSL vpn tunneling is real The VPN of example binding;
Receiving unit passes through the request message that the SSL vpn tunneling is sent for receiving the Terminal Server Client, described Request message carries the access information for the resource to be accessed that the Terminal Server Client is determined according to the resource information of the resource;
Retransmission unit, for search with the matched forwarding-table item of access information of the resource to be accessed, and according to matching To forwarding-table item in forwarding information forward the request message.
In the present invention it can be seen from above description, gateway passes through the SSL vpn tunneling established with Terminal Server Client The resource information of the resource in the multiple VPN for licensing to the Terminal Server Client, Terminal Server Client root are sent to the Terminal Server Client The access information of the resource currently to be accessed (resource to be accessed) is determined according to the resource information of the resource in multiple VPN of authorization, The request message for carrying the access information of resource to be accessed is sent to gateway, gateway is locally searched and the money to be accessed The matched forwarding-table item of the access information in source forwards request message according to the forwarding information in the forwarding-table item being matched to.This hair A Terminal Server Client can correspond to multiple VPN in bright, and therefore, user is more without starting when accessing the resource in different VPN A Terminal Server Client, user can use the SSL vpn tunneling established between the Terminal Server Client and gateway and realize to more The SSL vpn tunneling resource of gateway has been saved in the access of resource in a VPN.
Detailed description of the invention
Fig. 1 is a kind of VPN resource access method flow chart shown in the embodiment of the present invention;
Fig. 2 is a kind of more VPN networking schematic diagrams shown in the embodiment of the present invention;
Fig. 3 is a kind of SSL VPN protocol interaction flow diagram shown in the embodiment of the present invention;
Fig. 4 is another SSL VPN protocol interaction flow diagram shown in the embodiment of the present invention;
Fig. 5 is the structural schematic diagram of the SSL vpn gateway equipment shown in the embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of VPN resource access device shown in the embodiment of the present invention.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistented with the present invention.On the contrary, they be only with it is such as appended The example of device and method being described in detail in claims, some aspects of the invention are consistent.
It is only to be not intended to limit the invention merely for for the purpose of describing particular embodiments in terminology used in the present invention. It is also intended in the present invention and the "an" of singular used in the attached claims, " described " and "the" including majority Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the present invention A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from In the case where the scope of the invention, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination ".
The embodiment of the present invention proposes a kind of VPN resource access method, and it is (following that this method is applied to SSL vpn gateway equipment Abbreviation gateway), it is one embodiment flow chart of VPN resource access method of the present invention, the embodiment is to VPN referring to Fig. 1 Resource access process is described.
Step 101, the Terminal Server Client transmission that Xiang Yuben equipment establishes SSL vpn tunneling licenses to the Terminal Server Client Multiple VPN in resource resource information.
Gateway and Terminal Server Client are by SSL VPN agreement progress information exchange, in interactive process, according to long-range The permission of client sends the resource information of the resource in the multiple VPN for licensing to the Terminal Server Client.Specifically, gateway SSL VPN instance is created first, and multiple VPN are bound in SSL VPN instance, pass through the SSL VPN agreement with Terminal Server Client Interaction, is sent to Terminal Server Client for the resource information of the resource in the multiple VPN for licensing to the remote client access.This hair Bright middle gateway establishes SSL vpn tunneling by the SSL VPN instance for being bundled with multiple VPN and Terminal Server Client of creation.
Step 102, it receives the Terminal Server Client and passes through the request message that the SSL vpn tunneling is sent.
Terminal Server Client can get the resource information of the resource in multiple VPN of gateway authorization by step 101. Terminal Server Client selected from the resource information of the resource in multiple VPN of authorization the resource currently to be accessed (alternatively referred to as to Access-in resource) resource information, and the access information of the resource to be accessed is determined according to the resource information of resource to be accessed, by this The access information carrying of resource to be accessed is sent to gateway in request message.
The present invention is directed to different types of Terminal Server Client, licenses to the specific of the resource information of the resource of Terminal Server Client Content is different, meanwhile, the content of the access information for the resource to be accessed that Terminal Server Client is determined according to the resource information of resource Difference can hereinafter specifically describe, and wouldn't repeat here.
Step 103, the matched forwarding-table item of access information with the resource to be accessed is searched, and is turned according to what is be matched to Forwarding information in forwarding list item forwards the request message.
Specifically, gateway determines the affiliated VPN of request message according to the access information of resource to be accessed, determining Matched forwarding-table item (for example, route table items) is searched in VPN forwards request message.It hereinafter can be remotely objective for different type Family end, elaborates to this step, wouldn't repeat here.
It should be added that the multiple VPN for licensing to Terminal Server Client can share same IP address in the present invention Pond.When any resource of remote client access authorization, gateway can be Terminal Server Client based on shared IP address pond Identical IP address is distributed, so that Terminal Server Client can send the request report of any resource of access mandate based on same IP address Text, convenient for being directed to the monitoring and management of Terminal Server Client.
From foregoing description, it can be concluded that, a Terminal Server Client of the invention can correspond to multiple VPN, and therefore, user is visiting When asking the resource in different VPN, without starting multiple Terminal Server Clients, user can use the Terminal Server Client and gateway Between the SSL vpn tunneling established realize the access to the resource in multiple VPN, saved the SSL vpn tunneling of gateway Resource.
Below for different types of Terminal Server Client, VPN resource access process is described.
As one embodiment, when Terminal Server Client supports the resource authorization based on VPN (i.e. in the resource of the resource of authorization Include the mark of the affiliated VPN of resource in information, Terminal Server Client can recognize the mark of the VPN) when, gateway in step 101 The resource information of the resource of authorization includes the mark of VPN belonging to resource and the IP address of the corresponding Resource Server of resource (IP address in the affiliated VPN of resource), for example, VPN's belonging to resource is identified as VPN1, the corresponding money of the resource in VPN1 The IP address of source server is 20.1.1.254.Gateway passes through step 101 to the Terminal Server Client authorization Terminal Server Client The resource information of resource in extent of competence in accessible multiple VPN.
After completing resource authorization, gateway is sent in the multiple VPN for licensing to Terminal Server Client to Terminal Server Client Resource VPN information, the VPN information include VPN belonging to resource mark and with VPN belonging to the resource binding MAC The corresponding relationship of address.It is connect what needs to be explained here is that gateway is bundled with one for each VPN in SSL VPN instance Enter (AC) interface, and is assigned with different MAC Address for each access interface, it can be one by MAC Address unique identification VPN。
When Terminal Server Client selects the resource to be accessed currently to be accessed from the resource of multiple VPN of authorization, according to Mark (mark of VPN belonging to resource to be accessed) the matching local record of VPN in the resource information of the resource to be accessed VPN information, the MAC Address (MAC of the binding of VPN belonging to resource to be accessed of VPN binding in the VPN information that will match to Location) and Resource Server in the resource information of resource to be accessed IP address (the corresponding Resource Server of resource to be accessed IP address), as resource to be accessed access information carrying gateway is sent in request message.Wherein, to be accessed The MAC Address of the binding of VPN belonging to resource carries the target MAC (Media Access Control) address field in request message, the corresponding money of resource to be accessed The IP address of source server carries the purpose IP address field in request message.
Gateway receives request message by step 102.By step 103 search with carried in request message it is waiting Enter the matched forwarding-table item of access information of resource, and according to the forwarding information forwarding request report in the forwarding-table item being matched to Text.Specifically, which includes: that mark of the gateway in the VPN being locally stored is corresponding with the VPN MAC Address bound In relationship, the mark of VPN corresponding with the MAC Address that VPN belonging to resource to be accessed is bound is searched;With the VPN that finds The corresponding forwarding table of mark in search the matched forwarding information of IP address of Resource Server corresponding with resource to be accessed, and Request message is forwarded according to the forwarding information found.I.e. according to the corresponding relationship of VPN mark and MAC Address, request report is determined VPN belonging to text, then the Resource Server into the VPN forwards request message.
The corresponding Resource Server of resource to be accessed handles the request message received, and answers for request message reply Message is answered, the purpose IP address of the response message is to send the IP address of the Terminal Server Client of request message.
When the response message reaches gateway, gateway determines resource to be accessed according to the affiliated VPN of the response message The mark of affiliated VPN, the VPN being locally stored mark with VPN binding MAC Address corresponding relationship in, search with to The MAC Address of the corresponding VPN binding of the mark of VPN belonging to access-in resource, replaces with lookup for the source MAC of response message The MAC Address for the VPN binding arrived;In the corresponding relationship (also known as ARP entry) for the IP address and MAC Address being locally stored, MAC Address (MAC Address of Terminal Server Client) corresponding with the IP address of Terminal Server Client is searched, by the purpose of response message MAC Address replaces with the MAC Address of Terminal Server Client;It is looked into forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed Look for the matched forwarding information of the IP address of Terminal Server Client, according to find forwarding information forwarding replacement MAC Address after Response message.The response message is finally reached Terminal Server Client, completes entire resource access process.
As it can be seen that gateway is being connect using the corresponding relationship of VPN mark and the MAC Address of VPN binding in the present embodiment When receiving request message, according to the MAC Address that VPN belonging to the resource to be accessed carried in request message is bound, request report is determined VPN belonging to text, and then the corresponding Resource Server of resource to be accessed forwards request message into the VPN;Receiving resource clothes When the response message that business device returns, VPN mark is inquired according to the affiliated VPN of response message (the affiliated VPN of resource to be accessed) and is tied up with VPN The corresponding relationship of fixed MAC Address finds the MAC Address with the affiliated VPN binding of resource to be accessed, carries in response message, So that Terminal Server Client can identify the affiliated VPN of the response message.Realize that a Terminal Server Client can correspond to multiple VPN, because This, for user when accessing the resource in different VPN, without starting multiple Terminal Server Clients, user can use the remote client The SSL vpn tunneling established between end and gateway realizes the access to the resource in multiple VPN, has saved gateway SSL vpn tunneling resource.
As another embodiment, when Terminal Server Client does not support the resource authorization based on VPN, (i.e. Terminal Server Client can not Identify the mark of the VPN carried during resource authorization) when, the IP of the mark of VPN, Resource Server is locally stored in gateway The corresponding relationship of IP address after the mapping of the IP address of address and Resource Server, referring to table 1.
Table 1
By taking Server1 as an example, Server1 belongs to VPN1, and the IP address in VPN1 is 20.1.1.254, gateway pair Server1 carries out address of cache, and the IP address after mapping is 120.1.1.254;Similarly, gateway carries out ground to Server2 Location mapping, the IP address after mapping are 121.1.1.254.As shown in Table 1, the IP address before each Resource Server mapping may phase Together, the IP address but after mapping is different.
The resource information for the resource that gateway is authorized by step 101 includes the IP of the corresponding Resource Server of resource IP address after the mapping of location, Terminal Server Client select the resource to be accessed currently to be accessed from the resource of multiple VPN of authorization, IP address after the IP address of the corresponding Resource Server of resource to be accessed is mapped, the access information as resource to be accessed are taken Band is sent to gateway in request message.Wherein, after the IP address mapping of the corresponding Resource Server of resource to be accessed IP address carries the purpose IP address field in request message.
Gateway receives request message by step 102.The access information with resource to be accessed is searched by step 103 Matched forwarding-table item, and request message is forwarded according to the forwarding information in the forwarding-table item being matched to.Specifically, step 103 It include: that gateway is mapped in the IP address of the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server IP address in the corresponding relationship of IP address afterwards, after searching the IP address mapping of Resource Server corresponding with resource to be accessed The mark of corresponding VPN and the IP address of Resource Server;In forwarding table corresponding with the mark of the VPN found search with The matched forwarding information of the IP address of the Resource Server found carries request message purpose IP address field to be accessed IP address after the IP address mapping of the corresponding Resource Server of resource, replaces with the corresponding resource of resource to be accessed found The IP address of server, and according to the request message after the forwarding information forwarding replacement purpose IP address field found.
The corresponding Resource Server of resource to be accessed handles the request message received, and answers for request message reply Message is answered, the source IP address of the response message is the IP address of the Resource Server of resource to be accessed, the destination IP of response message Address is the IP address of Terminal Server Client.
When the response message reaches gateway, gateway determines resource to be accessed according to the affiliated VPN of the response message The mark of affiliated VPN, in the mark for the VPN being locally stored, the IP address of the IP address of Resource Server and Resource Server In the corresponding relationship of IP address after mapping, search and the mark of the affiliated VPN of resource to be accessed and the IP address of Resource Server IP address after the IP address mapping of the corresponding Resource Server of corresponding resource to be accessed;The source IP address of response message is replaced IP address after being changed to the IP address mapping of the corresponding Resource Server of resource to be accessed found;With resource institute to be accessed Belong to the matched forwarding information of IP address searched in the corresponding forwarding table of mark of VPN with Terminal Server Client, according to what is found Forwarding information forwards the replaced response message of IP address.The response message is finally reached Terminal Server Client, completes entire resource Access process.
As it can be seen that gateway is mapped by the IP address to the corresponding Resource Server of resource in the present embodiment, reflect The IP address obtained after mapping can be sent to far by the IP address obtained after penetrating with the corresponding Resource Server of unique identification resource Journey client, so as to realize to the access of the resource of more VPN, subtract in the presence of Terminal Server Client perception is less than more VPN The occupancy to SSL vpn tunneling resource in gateway is lacked.
Now in conjunction with more VPN network shown in Fig. 2, lifts two specific embodiments and illustrate VPN resource access process.It is more shown in Fig. 2 VPN network includes: terminal device PC, SSL vpn gateway equipment GW, Resource Server Server1 and Server2, wherein Server1 belongs to VPN1, and the IP address that Server2 belongs to VPN2, Server1 and Server2 is identical, is 20.1.1.254. R1, R2 represent data transmission institute through intermediary network device.User (is denoted as by the Terminal Server Client started on PC Client) SSL vpn tunneling is established with GW.
Embodiment one: Client supports the resource authorization based on VPN
GW binds VPN1 and VPN2 in the SSL VPN instance belonging to SSL vpn tunneling, and binds access interface for VPN1 AC1 binds access interface AC2 for VPN2, and specifying the MAC Address of AC1 is MAC1, and the MAC Address of AC2 is MAC2, establishes VPN's The corresponding relationship of mark and the MAC Address of VPN binding, referring to table 2.
The mark of VPN The MAC Address of VPN binding
VPN1 MAC1
VPN2 MAC2
Table 2
Client and GW carries out information exchange using the protocol interaction process of SSL VPN shown in Fig. 3.Wherein, step 301, step Rapid 302, step 304, step 306 and step 307 follow existing SSL VPN agreement, and which is not described herein again;In step 303 Using authorization stages, GW by the mark (VPN1) of the affiliated VPN of Server1 and the IP address (20.1.1.254) of Server1, The mark (VPN2) of the affiliated VPN of Server2 and the IP address (20.1.1.254) of Server2 are sent to Client.In step In 304, virtual ip address 10.1.1.1 is distributed for Client in GW secondary IP address pond (10.1.1.1/24).In step 305, The corresponding relationship of MAC1 and VPN1, MAC2 and VPN2 are advertised to Client by GW.
When Client sends request message (being denoted as Packet1) access Server1, the source IP address of Packet1 is The virtual ip address 10.1.1.1 of Client, purpose IP address are the IP address 20.1.1.254 of Server1, and source MAC is The MAC Address of Client, target MAC (Media Access Control) address are the corresponding MAC Address MAC1 of the affiliated VPN1 of Server1.The request message is being sent out The encapsulation of SSL vpn tunneling is carried out before sending, the source IP address of SSL vpn tunneling is the public network IP address (100.1.1.1) of PC, mesh IP address be GW IP address (1.1.1.254), GW is sent to by SSL vpn tunneling.
After GW receives SSL VPN message, the encapsulation of SSL vpn tunneling is released, according to the target MAC (Media Access Control) address of Packet1 MAC1, inquiry table 2 determine that the affiliated VPN of Packet1 is VPN1, are inquired according to the purpose IP address 20.1.1.254 of Packet1 Packet1 is transmitted to Server1 by the routing table in VPN1.
After Server1 receives Packet1, response message is replied for Packet1, is denoted as Packet2.Packet2's Source IP address is the IP address 20.1.1.254 of Server1, and purpose IP address is the virtual ip address 10.1.1.1 of Client, source MAC Address is the MAC Address of Server1, and target MAC (Media Access Control) address is the MAC of Server1 corresponding gateway equipment (not shown) Location, Server1 corresponding gateway equipment and other intermediary network devices are based on routing forwarding, and Packet2 is transmitted to GW.
GW is according to the purpose IP address of Packet2, VPN (VPN1) interior table of query and routing belonging to Packet2, thus really Determining next-hop is Client, and outgoing interface is SSL vpn tunneling;The VPN according to belonging to Packet2 (VPN1) inquiry table 2, thus really The MAC for determining VPN1 binding is MAC1, and the source MAC of Packet2 is replaced with the MAC1 with VPN1 binding;According to Packet2 Purpose IP address (the virtual ip address 10.1.1.1 of Client), inquiry and the matched ARP table of virtual ip address of Client Item (list item of record IP address and MAC Address corresponding relationship), so that it is determined that the corresponding MAC of the virtual ip address of Client The target MAC (Media Access Control) address of Packet2 is replaced with the MAC Address of Client by location;To replacement MAC Address after Packet2 message into The encapsulation of row SSL vpn tunneling, the source IP address of SSL vpn tunneling are the IP address (1.1.1.254) of GW, purpose IP address PC Public network IP address (100.1.1.1), Client is sent to by SSL vpn tunneling.
After Client receives message by SSL vpn tunneling, tunnel encapsulation is released, according to the source MAC of Packet2 MAC1 determines that the message from VPN1, determines that the message comes from Server1 according to the source IP address 20.1.1.254 of Packet2, The message is parsed to be handled.
Similarly, the process flow of Client access Server2 is identical, can pass through same SSL vpn tunneling transmitting message, base Belong to the message of VPN2 in MAC2 identification.
Embodiment two: Client does not support the resource authorization based on VPN
GW binds VPN1 and VPN2 in the SSL VPN instance belonging to SSL vpn tunneling, establish correspondence as shown in Table 1 Relationship.
Client and GW carries out information exchange using the protocol interaction process of SSL VPN shown in Fig. 4.Wherein, step 401, step Rapid 402, step 404, step 405 and step 406 follow existing SSL VPN agreement, and which is not described herein again;In step 403 Using authorization stages, GW is according to the IP of the mark of the VPN recorded in table 1, the IP address of Resource Server and Resource Server Location mapping after IP address corresponding relationship, by according to Server1 in affiliated VPN1 IP address 20.1.1.254 mapping after It obtained IP address 120.1.1.254 and is obtained after the IP address 20.1.1.254 mapping in affiliated VPN2 according to Server2 IP address 121.1.1.254 be sent to Client.In step 404, it is in GW secondary IP address pond (10.1.1.1/24) Client distributes virtual ip address 10.1.1.1.
When Client sends request message (being denoted as Packet3) access Server1, the source IP address of Packet3 is The virtual ip address 10.1.1.1 of Client, purpose IP address is the IP address 120.1.1.254 after Server1 mapping, right Packet3 carries out the encapsulation of SSL vpn tunneling, and the source IP address of SSL vpn tunneling is the public network IP address 100.1.1.1 of PC, mesh IP address be GW IP address 1.1.1.254, GW is sent to by SSL vpn tunneling.
After GW receives SSL VPN message, the encapsulation of SSL vpn tunneling is released, according to the purpose IP address of Packet3 120.1.1.254 inquiry table 1 determines that the affiliated VPN of Packet3 is VPN1, and determines that IP address of the Server1 in VPN1 is 20.1.1.254, the purpose IP address 120.1.1.254 of Packet3 is replaced with into IP address of the Server1 in VPN1 20.1.1.254;It is the routing table that 20.1.1.254 is inquired in VPN1 according to IP address of the Server1 in VPN1, and according to looking into Packet3 is sent to Server1 by the routing table found.
After Server1 receives Packet3, response message is replied for Packet3, is denoted as Packet4.Packet4's Source IP address is IP address 20.1.1.254 of the Server1 in VPN1, and purpose IP address is the virtual ip address of Client 10.1.1.1, source MAC be Server1 MAC Address, target MAC (Media Access Control) address be Server1 corresponding gateway equipment (in figure not Show) MAC Address, Server1 corresponding gateway equipment and other intermediary network devices are based on routing forwarding, Packet4 are turned Issue GW.
GW is according to the purpose IP address of Packet4, VPN (VPN1) interior table of query and routing belonging to Packet4, thus really Determining next-hop is Client, and outgoing interface is SSL vpn tunneling;The VPN according to belonging to Packet4 (VPN1) and source IP address 20.1.1.254 inquiry table 1, so that it is determined that the IP address after IP address mapping of the Server1 in VPN1 is 120.1.1.254, The source IP address 20.1.1.254 of Packet4 is replaced with into the IP address 120.1.1.254 after mapping, then carries out SSL VPN Tunnel encapsulation, the source IP address of SSL vpn tunneling are the IP address (1.1.1.254) of GW, and purpose IP address is the public network IP of PC Address (100.1.1.1) is sent to Client by SSL vpn tunneling.
After Client receives SSL VPN message by SSL vpn tunneling, tunnel encapsulation is released, at Packet4 Reason.
Similarly, the process flow of Client access Server2 is identical, can pass through same SSL vpn tunneling transmitting message.
Corresponding with the embodiment of aforementioned VPN resource access method, the present invention also provides the realities of VPN resource access device Apply example.
The embodiment of VPN resource access device of the present invention can be applied in SSL vpn gateway equipment.Installation practice can Can also be realized by way of hardware or software and hardware combining by software realization.Taking software implementation as an example, as one Device on logical meaning is that corresponding computer program instructions are formed in the processor run memory by equipment where it 's.For hardware view, as shown in figure 5, for a kind of hardware structure diagram of equipment where VPN resource access device of the present invention, Other than processor shown in fig. 5 and nonvolatile memory, the equipment in embodiment where device is set generally according to this Standby actual functional capability can also include other hardware, repeat no more to this.
Referring to FIG. 6, for the structural schematic diagram of the VPN resource access device in one embodiment of the invention.The VPN resource Access mechanism includes transmission unit 601, receiving unit 602 and retransmission unit 603, in which:
Transmission unit 601, the Terminal Server Client transmission for establishing SSL vpn tunneling for Xiang Yuben equipment license to described remote The resource information of resource in multiple VPN of journey client, the multiple VPN are SSL VPN belonging to the SSL vpn tunneling The VPN of example binding;
Receiving unit 602 passes through the request message that the SSL vpn tunneling is sent for receiving the Terminal Server Client, The access that the request message carries the resource to be accessed that the Terminal Server Client is determined according to the resource information of the resource is believed Breath;
Retransmission unit 603, for search with the matched forwarding-table item of access information of the resource to be accessed, and according to Forwarding information in the forwarding-table item being fitted on forwards the request message.
Further, the resource information of the resource includes that the mark of VPN belonging to the resource, the resource are corresponding The IP address of Resource Server;
The transmission unit 601 licenses to described in the Terminal Server Client transmission that Xiang Yuben equipment establishes SSL vpn tunneling After the resource information of resource in multiple VPN of Terminal Server Client, it is also used to send to the Terminal Server Client the multiple The VPN information of resource in VPN, the VPN information include VPN belonging to the resource mark and with belonging to the resource The corresponding relationship of the MAC Address of VPN binding, so that the Terminal Server Client determines the access information of the resource to be accessed, institute The access information for stating resource to be accessed includes the MAC Address of the binding of VPN belonging to the resource to be accessed, the resource to be accessed The IP address of corresponding Resource Server;
The retransmission unit 603, it is corresponding with the VPN MAC Address bound specifically for the mark in the VPN being locally stored In relationship, the mark of VPN corresponding with the MAC Address that VPN belonging to the resource to be accessed is bound is searched;With find The matched forwarding of IP address of Resource Server corresponding with the resource to be accessed is searched in the corresponding forwarding table of mark of VPN Information, and the request message is forwarded according to the forwarding information found.
Further, the request message carries VPN belonging to the resource to be accessed by target MAC (Media Access Control) address field and ties up Fixed MAC Address carries the IP address of the corresponding Resource Server of the resource to be accessed by purpose IP address field.
Further, the resource information of the resource include the corresponding Resource Server of the resource IP address mapping after IP address;Wherein, the IP address after the IP address mapping of each Resource Server is different;The access of the resource to be accessed Information includes: the IP address after the IP address mapping of the corresponding Resource Server of the resource to be accessed;
The retransmission unit 603, specifically in the mark for the VPN being locally stored, the IP address of Resource Server and money In the corresponding relationship of IP address after the IP address mapping of source server, resource service corresponding with the resource to be accessed is searched The mark of the corresponding VPN of IP address after the IP address mapping of device and the IP address of Resource Server;With the VPN's that finds The matched forwarding information of IP address for identifying the Resource Server searched and found in corresponding forwarding table, according to what is found Forwarding information forwards the request message.
Further, the request message carries the corresponding resource clothes of the resource to be accessed by purpose IP address field IP address after the IP address mapping of business device;
The retransmission unit 603 forwards the request message according to the forwarding information found, comprising:
The IP for the corresponding Resource Server of the resource to be accessed that the request message purpose IP address field is carried IP address after address of cache replaces with the IP address of the Resource Server found, and is believed according to the forwarding found Request message after breath forwarding replacement purpose IP address field.
Further, the multiple VPN shares same IP address pond, described device further include:
Allocation unit, when any resource for the remote client access authorization, the gateway is based on sharing IP address pond be that the Terminal Server Client distributes identical IP address so that the Terminal Server Client is sent out using same IP address Send the request message of any resource of access mandate.
Further,
The receiving unit 602 is also used to receive the corresponding Resource Server of the resource to be accessed for the request The response message that message returns, the purpose IP address of the response message are the IP address of the Terminal Server Client;
The retransmission unit 603 is also used in the mark for the VPN being locally stored pass corresponding with the VPN MAC Address bound In system, the MAC Address of VPN binding corresponding with the mark of VPN belonging to the resource to be accessed is searched;By the response message Source MAC replace with the MAC Address of the VPN binding found, the target MAC (Media Access Control) address of the response message replaces with described The MAC Address of Terminal Server Client;It is searched in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed and described remote The matched forwarding information of the IP address of journey client, according to the response report after the forwarding information forwarding replacement MAC Address found Text.
Further,
The receiving unit 602 is also used to receive the corresponding Resource Server of the resource to be accessed for the request The response message that message returns, the source IP address of the response message are the IP of the corresponding Resource Server of the resource to be accessed Address, the purpose IP address of the response message are the IP address of the Terminal Server Client;
The retransmission unit 603 is also used in the mark for the VPN being locally stored, the IP address of Resource Server and resource In the corresponding relationship of IP address after the IP address mapping of server, search with the mark of the affiliated VPN of resource to be accessed and IP address after the IP address mapping of the corresponding Resource Server of the corresponding resource to be accessed of the IP address of Resource Server; The source IP address of the response message is replaced with to the IP address of the corresponding Resource Server of find described resource to be accessed IP address after mapping;It is searched and the long-range visitor in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed The matched forwarding information of the IP address at family end forwards the replaced response message of IP address according to the forwarding information found.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize the present invention program.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the present invention.

Claims (16)

1. a kind of virtual private network resource access method, applied to the gateway for supporting security socket layer SSL VPN, It is characterized in that, which comprises
The Terminal Server Client that Xiang Yuben equipment establishes SSL vpn tunneling is sent in the multiple VPN for licensing to the Terminal Server Client Resource resource information, the multiple VPN be the SSL vpn tunneling belonging to SSL VPN instance binding VPN;
It receives the Terminal Server Client and passes through the request message that the SSL vpn tunneling is sent, described in the request message carries The access information for the resource to be accessed that Terminal Server Client is determined according to the resource information of the resource;
The matched forwarding-table item of access information with the resource to be accessed is searched, and is turned according in the forwarding-table item being matched to Photos and sending messages forward the request message.
2. the method as described in claim 1, which is characterized in that the resource information of the resource includes belonging to the resource The IP address of the mark of VPN, the corresponding Resource Server of the resource;
The Terminal Server Client transmission that the Xiang Yuben equipment establishes SSL vpn tunneling licenses to the multiple of the Terminal Server Client After the resource information of resource in VPN, the method also includes:
The VPN information of the resource in the multiple VPN is sent to the Terminal Server Client, the VPN information includes the resource The mark of affiliated VPN and with VPN belonging to the resource binding MAC Address corresponding relationship so that the remote client End determines the access information of the resource to be accessed, and the access information of the resource to be accessed includes belonging to the resource to be accessed The MAC Address of VPN binding, the corresponding Resource Server of the resource to be accessed IP address;
The matched forwarding-table item of access information of the lookup and the resource to be accessed, and according in the forwarding-table item being matched to Forwarding information forward the request message, comprising:
In the mark for the VPN being locally stored with the corresponding relationship of the MAC Address of VPN binding, search and the resource to be accessed The mark of the corresponding VPN of MAC Address of affiliated VPN binding;
And the corresponding forwarding table of the mark of VPN that finds in search Resource Server corresponding with the resource to be accessed The matched forwarding information of IP address, and the request message is forwarded according to the forwarding information found.
3. method according to claim 2, which is characterized in that
The request message carries the MAC Address of the binding of VPN belonging to the resource to be accessed by target MAC (Media Access Control) address field, The IP address of the corresponding Resource Server of the resource to be accessed is carried by purpose IP address field.
4. the method as described in claim 1, which is characterized in that the resource information of the resource includes the corresponding money of the resource IP address after the IP address mapping of source server;Wherein, each not phase of the IP address after the IP address mapping of each Resource Server Together;
The access information of the resource to be accessed includes: after the IP address of the corresponding Resource Server of the resource to be accessed maps IP address;
The matched forwarding-table item of access information of the lookup and the resource to be accessed, and according in the forwarding-table item being matched to Forwarding information forward the request message, comprising:
IP after the IP address mapping of the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server In the corresponding relationship of location, search Resource Server corresponding with the resource to be accessed IP address map after IP address it is corresponding VPN mark and Resource Server IP address;
The IP address for the Resource Server searched and found in forwarding table corresponding with the mark of VPN found is matched Forwarding information forwards the request message according to the forwarding information found.
5. method as claimed in claim 4, which is characterized in that
The request message carries the IP address of the corresponding Resource Server of the resource to be accessed by purpose IP address field IP address after mapping;
The forwarding information that the basis is found forwards the request message, comprising:
The IP address for the corresponding Resource Server of the resource to be accessed that the request message purpose IP address field is carried IP address after mapping replaces with the IP address of the Resource Server found, and is turned according to the forwarding information found Request message after hair replacement purpose IP address field.
6. the method as described in claim 1, which is characterized in that the multiple VPN shares same IP address pond;
When any resource of the remote client access authorization, the gateway is described remote based on shared IP address pond Journey client distributes identical IP address, so that the Terminal Server Client sends any money of access mandate using same IP address The request message in source.
7. method as claimed in claim 3, which is characterized in that the method also includes:
It receives the corresponding Resource Server of the resource to be accessed and is directed to the response message that the request message returns, the response The purpose IP address of message is the IP address of the Terminal Server Client;
In the mark for the VPN being locally stored with the corresponding relationship of the MAC Address of VPN binding, search and the resource to be accessed The MAC Address of the corresponding VPN binding of the mark of affiliated VPN;
The source MAC of the response message is replaced with to the MAC Address of the VPN binding found, the mesh of the response message MAC Address replace with the MAC Address of the Terminal Server Client;
The IP address with the Terminal Server Client is searched in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed Matched forwarding information, according to the response message after the forwarding information forwarding replacement MAC Address found.
8. method as claimed in claim 5, which is characterized in that the method also includes:
It receives the corresponding Resource Server of the resource to be accessed and is directed to the response message that the request message returns, the response The source IP address of message is the IP address of the corresponding Resource Server of the resource to be accessed, the destination IP of the response message Location is the IP address of the Terminal Server Client;
IP after the IP address mapping of the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server In the corresponding relationship of location, institute corresponding with the IP address of mark and Resource Server of the affiliated VPN of resource to be accessed is searched IP address after stating the IP address mapping of the corresponding Resource Server of resource to be accessed;
The source IP address of the response message is replaced with to the IP of the corresponding Resource Server of find described resource to be accessed IP address after address of cache;
The IP address with the Terminal Server Client is searched in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed Matched forwarding information forwards the replaced response message of IP address according to the forwarding information found.
9. a kind of virtual private network resource access device, applied to the gateway for supporting security socket layer SSL VPN, It is characterized in that, described device includes:
Transmission unit, the Terminal Server Client transmission for establishing SSL vpn tunneling for Xiang Yuben equipment license to the remote client The resource information of resource in multiple VPN at end, the multiple VPN are that SSL VPN instance belonging to the SSL vpn tunneling is tied up Fixed VPN;
Receiving unit passes through the request message that the SSL vpn tunneling is sent, the request for receiving the Terminal Server Client Message carries the access information for the resource to be accessed that the Terminal Server Client is determined according to the resource information of the resource;
Retransmission unit, for search with the matched forwarding-table item of access information of the resource to be accessed, and according to being matched to Forwarding information in forwarding-table item forwards the request message.
10. device as claimed in claim 9, which is characterized in that the resource information of the resource includes belonging to the resource The IP address of the mark of VPN, the corresponding Resource Server of the resource;
The transmission unit licenses to the long-range visitor in the Terminal Server Client transmission that Xiang Yuben equipment establishes SSL vpn tunneling After the resource information of resource in multiple VPN at family end, it is also used to send in the multiple VPN to the Terminal Server Client The VPN information of resource, the VPN information include the mark of VPN belonging to the resource and bind with VPN belonging to the resource MAC Address corresponding relationship it is described to be accessed so that the Terminal Server Client determines the access information of the resource to be accessed The access information of resource includes the MAC Address of the binding of VPN belonging to the resource to be accessed, the corresponding money of the resource to be accessed The IP address of source server;
The retransmission unit, specifically for the VPN being locally stored mark with VPN binding MAC Address corresponding relationship in, Search the mark of VPN corresponding with the MAC Address that VPN belonging to the resource to be accessed is bound;In the mark with the VPN found Know the matched forwarding information of IP address that Resource Server corresponding with the resource to be accessed is searched in corresponding forwarding table, and The request message is forwarded according to the forwarding information found.
11. device as claimed in claim 10, which is characterized in that the request message is carried by target MAC (Media Access Control) address field It is corresponding to carry the resource to be accessed by purpose IP address field for the MAC Address of the binding of VPN belonging to the resource to be accessed Resource Server IP address.
12. device as claimed in claim 9, which is characterized in that the resource information of the resource includes that the resource is corresponding IP address after the IP address mapping of Resource Server;Wherein, the IP address after the IP address mapping of each Resource Server is not respectively It is identical;The access information of the resource to be accessed includes: the IP address mapping of the corresponding Resource Server of the resource to be accessed IP address afterwards;
The retransmission unit, specifically in the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server IP address mapping after IP address corresponding relationship in, with searching the IP of Resource Server corresponding with the resource to be accessed The mark of the corresponding VPN of IP address after the mapping of location and the IP address of Resource Server;Corresponding with the mark of the VPN found Forwarding table in the matched forwarding information of IP address of Resource Server searching and find, according to the forwarding information found Forward the request message.
13. device as claimed in claim 12, which is characterized in that the request message carries institute by purpose IP address field IP address after stating the IP address mapping of the corresponding Resource Server of resource to be accessed;
The retransmission unit forwards the request message according to the forwarding information found, comprising:
The IP address for the corresponding Resource Server of the resource to be accessed that the request message purpose IP address field is carried IP address after mapping replaces with the IP address of the Resource Server found, and is turned according to the forwarding information found Request message after hair replacement purpose IP address field.
14. device as claimed in claim 9, which is characterized in that the multiple VPN shares same IP address pond, described device Further include:
Allocation unit, when any resource for the remote client access authorization, the gateway is based on shared IP Address pool is that the Terminal Server Client distributes identical IP address, is visited so that the Terminal Server Client is sent using same IP address Ask the request message of any resource of authorization.
15. device as claimed in claim 11, it is characterised in that:
The receiving unit is also used to receive the corresponding Resource Server of the resource to be accessed and returns for the request message Response message, the purpose IP address of the response message is the IP address of the Terminal Server Client;
The retransmission unit is also used to look into the mark for the VPN being locally stored with the corresponding relationship of the MAC Address of VPN binding Look for the MAC Address of VPN binding corresponding with the mark of VPN belonging to the resource to be accessed;By the source MAC of the response message Address replaces with the MAC Address of the VPN binding found, and the target MAC (Media Access Control) address of the response message replaces with the long-range visitor The MAC Address at family end;It is searched and the remote client in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed The matched forwarding information of the IP address at end, according to the response message after the forwarding information forwarding replacement MAC Address found.
16. device as claimed in claim 13, it is characterised in that:
The receiving unit is also used to receive the corresponding Resource Server of the resource to be accessed and returns for the request message Response message, the source IP address of the response message is the IP address of the corresponding Resource Server of the resource to be accessed, institute The purpose IP address for stating response message is the IP address of the Terminal Server Client;
The retransmission unit is also used in the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server In the corresponding relationship of IP address after IP address mapping, the mark and resource service with the affiliated VPN of resource to be accessed are searched IP address after the IP address mapping of the corresponding Resource Server of the corresponding resource to be accessed of the IP address of device;It is answered by described in After the source IP address for answering message replaces with the IP address mapping of the corresponding Resource Server of find described resource to be accessed IP address;The IP with the Terminal Server Client is searched in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed The forwarding information of address matching forwards the replaced response message of IP address according to the forwarding information found.
CN201710161590.XA 2017-03-17 2017-03-17 A kind of VPN resource access method and device Active CN106888145B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710161590.XA CN106888145B (en) 2017-03-17 2017-03-17 A kind of VPN resource access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710161590.XA CN106888145B (en) 2017-03-17 2017-03-17 A kind of VPN resource access method and device

Publications (2)

Publication Number Publication Date
CN106888145A CN106888145A (en) 2017-06-23
CN106888145B true CN106888145B (en) 2019-11-12

Family

ID=59181024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710161590.XA Active CN106888145B (en) 2017-03-17 2017-03-17 A kind of VPN resource access method and device

Country Status (1)

Country Link
CN (1) CN106888145B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547509B (en) * 2017-06-27 2020-10-13 新华三技术有限公司 Message forwarding method and device
CN107659485B (en) * 2017-10-31 2021-02-05 新华三技术有限公司 Method and device for communication between equipment and server in Virtual Private Network (VPN)
CN108337148B (en) * 2018-02-07 2019-10-18 北京百度网讯科技有限公司 For obtaining the method and device of information
CN109981640B (en) * 2019-03-25 2021-07-23 新华三技术有限公司 Connection establishment method and device
CN111786867B (en) * 2019-04-04 2021-11-16 厦门网宿有限公司 Data transmission method and server
CN110505244B (en) * 2019-09-19 2020-06-02 南方电网数字电网研究院有限公司 Remote tunnel access technology gateway and server
CN111740893B (en) * 2020-06-30 2022-02-11 成都卫士通信息产业股份有限公司 Method, device, system, medium and equipment for realizing software-defined VPN
CN113923149B (en) * 2020-07-09 2023-12-19 阿里巴巴集团控股有限公司 Network access method, device, network system, electronic equipment and storage medium
CN114157485A (en) * 2021-12-03 2022-03-08 北京天融信网络安全技术有限公司 Resource access method and device and electronic equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101534302A (en) * 2009-04-16 2009-09-16 杭州华三通信技术有限公司 Method for providing TCP service, system and relevant device thereof
CN101599901A (en) * 2009-07-15 2009-12-09 杭州华三通信技术有限公司 The method of remotely accessing MPLS VPN, system and gateway
CN101902400A (en) * 2010-07-21 2010-12-01 成都市华为赛门铁克科技有限公司 Gateway load balancing method, system and client device
CN101951378A (en) * 2010-09-26 2011-01-19 北京品源亚安科技有限公司 Protocol stack system structure for SSL VPN and data processing method
US8117325B1 (en) * 2008-04-29 2012-02-14 Juniper Networks, Inc. Policy-based cross-domain access control for SSL VPN
CN104753752A (en) * 2013-12-30 2015-07-01 上海格尔软件股份有限公司 As-needed connecting method suitable for VPN
CN105812218A (en) * 2014-12-31 2016-07-27 中国电信股份有限公司 Method for realizing multi-VPN-protocol application access, middleware and mobile terminal
CN105939312A (en) * 2015-08-26 2016-09-14 杭州迪普科技有限公司 Data transmission method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8117325B1 (en) * 2008-04-29 2012-02-14 Juniper Networks, Inc. Policy-based cross-domain access control for SSL VPN
CN101534302A (en) * 2009-04-16 2009-09-16 杭州华三通信技术有限公司 Method for providing TCP service, system and relevant device thereof
CN101599901A (en) * 2009-07-15 2009-12-09 杭州华三通信技术有限公司 The method of remotely accessing MPLS VPN, system and gateway
CN101902400A (en) * 2010-07-21 2010-12-01 成都市华为赛门铁克科技有限公司 Gateway load balancing method, system and client device
CN101951378A (en) * 2010-09-26 2011-01-19 北京品源亚安科技有限公司 Protocol stack system structure for SSL VPN and data processing method
CN104753752A (en) * 2013-12-30 2015-07-01 上海格尔软件股份有限公司 As-needed connecting method suitable for VPN
CN105812218A (en) * 2014-12-31 2016-07-27 中国电信股份有限公司 Method for realizing multi-VPN-protocol application access, middleware and mobile terminal
CN105939312A (en) * 2015-08-26 2016-09-14 杭州迪普科技有限公司 Data transmission method and device

Also Published As

Publication number Publication date
CN106888145A (en) 2017-06-23

Similar Documents

Publication Publication Date Title
CN106888145B (en) A kind of VPN resource access method and device
CN110191031B (en) Network resource access method and device and electronic equipment
TWI376132B (en) Method and system of providing ip-based packet communications with in-premise devices in a utility network
US8274986B2 (en) Packet communication method using node identifier and locator
ES2287697T3 (en) ADDRESS AND APPLIANCE METHOD FOR ESTABLISHING HOST IDENTITY PROTOCOL (HIP) CONNECTIONS BETWEEN LEGACY AND HIP NODES.
CN101572643B (en) Method and system for realizing data transmission among private networks
RU2005108655A (en) METHOD, GATEWAY AND SYSTEM FOR DATA TRANSFER BETWEEN THE DEVICE ON THE GENERAL USE NETWORK AND THE DEVICE ON THE INTERNAL NETWORK
CN106878483A (en) A kind of IP address distribution method and device
CN100463452C (en) VPN data forwarding method and VPN device for data forwarding
CN102055816A (en) Communication method, business server, intermediate equipment, terminal and communication system
CN105245629B (en) Host communication method based on DHCP and device
US8265084B2 (en) Local network connecting system local network connecting method and mobile terminal
CA2462448A1 (en) Access and control system for network-enabled devices
CN105487517B (en) A kind of automatic network-building method of household WIFI network system
CN101461198A (en) Relay network system and terminal adapter
KR101743559B1 (en) Virtual private network, internet cafe network using the same, and manager apparatus for the same
US20020199015A1 (en) Communications system managing server, routing server, mobile unit managing server, and area managing server
CN108683645A (en) A kind of information-distribution type domain name and data transacting system based on block chain
KR101240552B1 (en) System and method for managing media keys and for transmitting/receiving peer-to-peer messages using the media keys
CN102546428A (en) System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception
CN101232500A (en) Network system which performs peer-to-peer communication
CN110460641A (en) Data transmission method, apparatus and system
CN109412927A (en) A kind of more VPN data transmission methods, device and the network equipment
CN102447626A (en) Backbone network with policy driven routing
CN105897542A (en) Tunnel building method and video monitoring system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant