CN106888145B - A kind of VPN resource access method and device - Google Patents
A kind of VPN resource access method and device Download PDFInfo
- Publication number
- CN106888145B CN106888145B CN201710161590.XA CN201710161590A CN106888145B CN 106888145 B CN106888145 B CN 106888145B CN 201710161590 A CN201710161590 A CN 201710161590A CN 106888145 B CN106888145 B CN 106888145B
- Authority
- CN
- China
- Prior art keywords
- resource
- address
- vpn
- accessed
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
Abstract
The present invention provides a kind of VPN resource access method and device, applied to SSL vpn gateway equipment, method includes: that Xiang Yuben equipment establishes the Terminal Server Client of SSL vpn tunneling and sends the resource information for licensing to the resource in multiple VPN of Terminal Server Client, and multiple VPN are the VPN of the binding of SSL VPN instance belonging to the SSL vpn tunneling;The request message that Terminal Server Client is sent by SSL vpn tunneling is received, request message carries the access information for the resource to be accessed that Terminal Server Client is determined according to the resource information of resource;The matched forwarding-table item of access information with resource to be accessed is searched, and request message is forwarded according to the forwarding information in the forwarding-table item being matched to.
Description
Technical field
The present invention relates to network communication technology field more particularly to a kind of VPN resource access methods and device.
Background technique
SSL VPN is with the VPN (Virtual based on SSL (Secure Sockets Layer, security socket layer)
Private Network, Virtual Private Network) technology.SSL VPN takes full advantage of authentication of the ssl protocol based on certificate, number
It, being capable of connection setup secure connection between application layer according to encryption and message integrity verification mechanism.
In the SSL VPN accessed with IP connected mode, SSL vpn gateway equipment supports more VPN accesses.Gateway is logical
It crosses and creates more SSL VPN instance, bind respective VPN in each SSL VPN instance, when user accesses the money in multiple VPN
When source, needing to start multiple SSL VPN clients, each SSL VPN client logs in different SSL VPN instance, with
SSL vpn gateway establishes SSL vpn tunneling, transmits respective VPN data.When VPN quantity is more, gateway will be largely consumed
SSL vpn tunneling resource.
Summary of the invention
The purpose of the present invention is to provide a kind of VPN resource access method and devices, to reduce SSL in gateway
The occupancy of vpn tunneling resource.
For achieving the above object, the present invention provides the following technical scheme that
The present invention provides a kind of VPN resource access method, applied to the gateway for supporting SSL VPN, the method packet
It includes:
The Terminal Server Client transmission that Xiang Yuben equipment establishes SSL vpn tunneling licenses to the multiple of the Terminal Server Client
The resource information of resource in VPN, the multiple VPN are the VPN of the binding of SSL VPN instance belonging to the SSL vpn tunneling;
It receives the Terminal Server Client and passes through the request message that the SSL vpn tunneling is sent, the request message carries
The access information for the resource to be accessed that the Terminal Server Client is determined according to the resource information of the resource;
The matched forwarding-table item of access information with the resource to be accessed is searched, and according in the forwarding-table item being matched to
Forwarding information forward the request message.
The present invention also provides a kind of VPN resource access devices, applied to the gateway for supporting SSL VPN, described device
Include:
Transmission unit, the Terminal Server Client transmission for establishing SSL vpn tunneling for Xiang Yuben equipment license to described long-range
The resource information of resource in multiple VPN of client, the multiple VPN are that SSL VPN belonging to the SSL vpn tunneling is real
The VPN of example binding;
Receiving unit passes through the request message that the SSL vpn tunneling is sent for receiving the Terminal Server Client, described
Request message carries the access information for the resource to be accessed that the Terminal Server Client is determined according to the resource information of the resource;
Retransmission unit, for search with the matched forwarding-table item of access information of the resource to be accessed, and according to matching
To forwarding-table item in forwarding information forward the request message.
In the present invention it can be seen from above description, gateway passes through the SSL vpn tunneling established with Terminal Server Client
The resource information of the resource in the multiple VPN for licensing to the Terminal Server Client, Terminal Server Client root are sent to the Terminal Server Client
The access information of the resource currently to be accessed (resource to be accessed) is determined according to the resource information of the resource in multiple VPN of authorization,
The request message for carrying the access information of resource to be accessed is sent to gateway, gateway is locally searched and the money to be accessed
The matched forwarding-table item of the access information in source forwards request message according to the forwarding information in the forwarding-table item being matched to.This hair
A Terminal Server Client can correspond to multiple VPN in bright, and therefore, user is more without starting when accessing the resource in different VPN
A Terminal Server Client, user can use the SSL vpn tunneling established between the Terminal Server Client and gateway and realize to more
The SSL vpn tunneling resource of gateway has been saved in the access of resource in a VPN.
Detailed description of the invention
Fig. 1 is a kind of VPN resource access method flow chart shown in the embodiment of the present invention;
Fig. 2 is a kind of more VPN networking schematic diagrams shown in the embodiment of the present invention;
Fig. 3 is a kind of SSL VPN protocol interaction flow diagram shown in the embodiment of the present invention;
Fig. 4 is another SSL VPN protocol interaction flow diagram shown in the embodiment of the present invention;
Fig. 5 is the structural schematic diagram of the SSL vpn gateway equipment shown in the embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of VPN resource access device shown in the embodiment of the present invention.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistented with the present invention.On the contrary, they be only with it is such as appended
The example of device and method being described in detail in claims, some aspects of the invention are consistent.
It is only to be not intended to limit the invention merely for for the purpose of describing particular embodiments in terminology used in the present invention.
It is also intended in the present invention and the "an" of singular used in the attached claims, " described " and "the" including majority
Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps
It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the present invention
A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from
In the case where the scope of the invention, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determination ".
The embodiment of the present invention proposes a kind of VPN resource access method, and it is (following that this method is applied to SSL vpn gateway equipment
Abbreviation gateway), it is one embodiment flow chart of VPN resource access method of the present invention, the embodiment is to VPN referring to Fig. 1
Resource access process is described.
Step 101, the Terminal Server Client transmission that Xiang Yuben equipment establishes SSL vpn tunneling licenses to the Terminal Server Client
Multiple VPN in resource resource information.
Gateway and Terminal Server Client are by SSL VPN agreement progress information exchange, in interactive process, according to long-range
The permission of client sends the resource information of the resource in the multiple VPN for licensing to the Terminal Server Client.Specifically, gateway
SSL VPN instance is created first, and multiple VPN are bound in SSL VPN instance, pass through the SSL VPN agreement with Terminal Server Client
Interaction, is sent to Terminal Server Client for the resource information of the resource in the multiple VPN for licensing to the remote client access.This hair
Bright middle gateway establishes SSL vpn tunneling by the SSL VPN instance for being bundled with multiple VPN and Terminal Server Client of creation.
Step 102, it receives the Terminal Server Client and passes through the request message that the SSL vpn tunneling is sent.
Terminal Server Client can get the resource information of the resource in multiple VPN of gateway authorization by step 101.
Terminal Server Client selected from the resource information of the resource in multiple VPN of authorization the resource currently to be accessed (alternatively referred to as to
Access-in resource) resource information, and the access information of the resource to be accessed is determined according to the resource information of resource to be accessed, by this
The access information carrying of resource to be accessed is sent to gateway in request message.
The present invention is directed to different types of Terminal Server Client, licenses to the specific of the resource information of the resource of Terminal Server Client
Content is different, meanwhile, the content of the access information for the resource to be accessed that Terminal Server Client is determined according to the resource information of resource
Difference can hereinafter specifically describe, and wouldn't repeat here.
Step 103, the matched forwarding-table item of access information with the resource to be accessed is searched, and is turned according to what is be matched to
Forwarding information in forwarding list item forwards the request message.
Specifically, gateway determines the affiliated VPN of request message according to the access information of resource to be accessed, determining
Matched forwarding-table item (for example, route table items) is searched in VPN forwards request message.It hereinafter can be remotely objective for different type
Family end, elaborates to this step, wouldn't repeat here.
It should be added that the multiple VPN for licensing to Terminal Server Client can share same IP address in the present invention
Pond.When any resource of remote client access authorization, gateway can be Terminal Server Client based on shared IP address pond
Identical IP address is distributed, so that Terminal Server Client can send the request report of any resource of access mandate based on same IP address
Text, convenient for being directed to the monitoring and management of Terminal Server Client.
From foregoing description, it can be concluded that, a Terminal Server Client of the invention can correspond to multiple VPN, and therefore, user is visiting
When asking the resource in different VPN, without starting multiple Terminal Server Clients, user can use the Terminal Server Client and gateway
Between the SSL vpn tunneling established realize the access to the resource in multiple VPN, saved the SSL vpn tunneling of gateway
Resource.
Below for different types of Terminal Server Client, VPN resource access process is described.
As one embodiment, when Terminal Server Client supports the resource authorization based on VPN (i.e. in the resource of the resource of authorization
Include the mark of the affiliated VPN of resource in information, Terminal Server Client can recognize the mark of the VPN) when, gateway in step 101
The resource information of the resource of authorization includes the mark of VPN belonging to resource and the IP address of the corresponding Resource Server of resource
(IP address in the affiliated VPN of resource), for example, VPN's belonging to resource is identified as VPN1, the corresponding money of the resource in VPN1
The IP address of source server is 20.1.1.254.Gateway passes through step 101 to the Terminal Server Client authorization Terminal Server Client
The resource information of resource in extent of competence in accessible multiple VPN.
After completing resource authorization, gateway is sent in the multiple VPN for licensing to Terminal Server Client to Terminal Server Client
Resource VPN information, the VPN information include VPN belonging to resource mark and with VPN belonging to the resource binding MAC
The corresponding relationship of address.It is connect what needs to be explained here is that gateway is bundled with one for each VPN in SSL VPN instance
Enter (AC) interface, and is assigned with different MAC Address for each access interface, it can be one by MAC Address unique identification
VPN。
When Terminal Server Client selects the resource to be accessed currently to be accessed from the resource of multiple VPN of authorization, according to
Mark (mark of VPN belonging to resource to be accessed) the matching local record of VPN in the resource information of the resource to be accessed
VPN information, the MAC Address (MAC of the binding of VPN belonging to resource to be accessed of VPN binding in the VPN information that will match to
Location) and Resource Server in the resource information of resource to be accessed IP address (the corresponding Resource Server of resource to be accessed
IP address), as resource to be accessed access information carrying gateway is sent in request message.Wherein, to be accessed
The MAC Address of the binding of VPN belonging to resource carries the target MAC (Media Access Control) address field in request message, the corresponding money of resource to be accessed
The IP address of source server carries the purpose IP address field in request message.
Gateway receives request message by step 102.By step 103 search with carried in request message it is waiting
Enter the matched forwarding-table item of access information of resource, and according to the forwarding information forwarding request report in the forwarding-table item being matched to
Text.Specifically, which includes: that mark of the gateway in the VPN being locally stored is corresponding with the VPN MAC Address bound
In relationship, the mark of VPN corresponding with the MAC Address that VPN belonging to resource to be accessed is bound is searched;With the VPN that finds
The corresponding forwarding table of mark in search the matched forwarding information of IP address of Resource Server corresponding with resource to be accessed, and
Request message is forwarded according to the forwarding information found.I.e. according to the corresponding relationship of VPN mark and MAC Address, request report is determined
VPN belonging to text, then the Resource Server into the VPN forwards request message.
The corresponding Resource Server of resource to be accessed handles the request message received, and answers for request message reply
Message is answered, the purpose IP address of the response message is to send the IP address of the Terminal Server Client of request message.
When the response message reaches gateway, gateway determines resource to be accessed according to the affiliated VPN of the response message
The mark of affiliated VPN, the VPN being locally stored mark with VPN binding MAC Address corresponding relationship in, search with to
The MAC Address of the corresponding VPN binding of the mark of VPN belonging to access-in resource, replaces with lookup for the source MAC of response message
The MAC Address for the VPN binding arrived;In the corresponding relationship (also known as ARP entry) for the IP address and MAC Address being locally stored,
MAC Address (MAC Address of Terminal Server Client) corresponding with the IP address of Terminal Server Client is searched, by the purpose of response message
MAC Address replaces with the MAC Address of Terminal Server Client;It is looked into forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed
Look for the matched forwarding information of the IP address of Terminal Server Client, according to find forwarding information forwarding replacement MAC Address after
Response message.The response message is finally reached Terminal Server Client, completes entire resource access process.
As it can be seen that gateway is being connect using the corresponding relationship of VPN mark and the MAC Address of VPN binding in the present embodiment
When receiving request message, according to the MAC Address that VPN belonging to the resource to be accessed carried in request message is bound, request report is determined
VPN belonging to text, and then the corresponding Resource Server of resource to be accessed forwards request message into the VPN;Receiving resource clothes
When the response message that business device returns, VPN mark is inquired according to the affiliated VPN of response message (the affiliated VPN of resource to be accessed) and is tied up with VPN
The corresponding relationship of fixed MAC Address finds the MAC Address with the affiliated VPN binding of resource to be accessed, carries in response message,
So that Terminal Server Client can identify the affiliated VPN of the response message.Realize that a Terminal Server Client can correspond to multiple VPN, because
This, for user when accessing the resource in different VPN, without starting multiple Terminal Server Clients, user can use the remote client
The SSL vpn tunneling established between end and gateway realizes the access to the resource in multiple VPN, has saved gateway
SSL vpn tunneling resource.
As another embodiment, when Terminal Server Client does not support the resource authorization based on VPN, (i.e. Terminal Server Client can not
Identify the mark of the VPN carried during resource authorization) when, the IP of the mark of VPN, Resource Server is locally stored in gateway
The corresponding relationship of IP address after the mapping of the IP address of address and Resource Server, referring to table 1.
Table 1
By taking Server1 as an example, Server1 belongs to VPN1, and the IP address in VPN1 is 20.1.1.254, gateway pair
Server1 carries out address of cache, and the IP address after mapping is 120.1.1.254;Similarly, gateway carries out ground to Server2
Location mapping, the IP address after mapping are 121.1.1.254.As shown in Table 1, the IP address before each Resource Server mapping may phase
Together, the IP address but after mapping is different.
The resource information for the resource that gateway is authorized by step 101 includes the IP of the corresponding Resource Server of resource
IP address after the mapping of location, Terminal Server Client select the resource to be accessed currently to be accessed from the resource of multiple VPN of authorization,
IP address after the IP address of the corresponding Resource Server of resource to be accessed is mapped, the access information as resource to be accessed are taken
Band is sent to gateway in request message.Wherein, after the IP address mapping of the corresponding Resource Server of resource to be accessed
IP address carries the purpose IP address field in request message.
Gateway receives request message by step 102.The access information with resource to be accessed is searched by step 103
Matched forwarding-table item, and request message is forwarded according to the forwarding information in the forwarding-table item being matched to.Specifically, step 103
It include: that gateway is mapped in the IP address of the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server
IP address in the corresponding relationship of IP address afterwards, after searching the IP address mapping of Resource Server corresponding with resource to be accessed
The mark of corresponding VPN and the IP address of Resource Server;In forwarding table corresponding with the mark of the VPN found search with
The matched forwarding information of the IP address of the Resource Server found carries request message purpose IP address field to be accessed
IP address after the IP address mapping of the corresponding Resource Server of resource, replaces with the corresponding resource of resource to be accessed found
The IP address of server, and according to the request message after the forwarding information forwarding replacement purpose IP address field found.
The corresponding Resource Server of resource to be accessed handles the request message received, and answers for request message reply
Message is answered, the source IP address of the response message is the IP address of the Resource Server of resource to be accessed, the destination IP of response message
Address is the IP address of Terminal Server Client.
When the response message reaches gateway, gateway determines resource to be accessed according to the affiliated VPN of the response message
The mark of affiliated VPN, in the mark for the VPN being locally stored, the IP address of the IP address of Resource Server and Resource Server
In the corresponding relationship of IP address after mapping, search and the mark of the affiliated VPN of resource to be accessed and the IP address of Resource Server
IP address after the IP address mapping of the corresponding Resource Server of corresponding resource to be accessed;The source IP address of response message is replaced
IP address after being changed to the IP address mapping of the corresponding Resource Server of resource to be accessed found;With resource institute to be accessed
Belong to the matched forwarding information of IP address searched in the corresponding forwarding table of mark of VPN with Terminal Server Client, according to what is found
Forwarding information forwards the replaced response message of IP address.The response message is finally reached Terminal Server Client, completes entire resource
Access process.
As it can be seen that gateway is mapped by the IP address to the corresponding Resource Server of resource in the present embodiment, reflect
The IP address obtained after mapping can be sent to far by the IP address obtained after penetrating with the corresponding Resource Server of unique identification resource
Journey client, so as to realize to the access of the resource of more VPN, subtract in the presence of Terminal Server Client perception is less than more VPN
The occupancy to SSL vpn tunneling resource in gateway is lacked.
Now in conjunction with more VPN network shown in Fig. 2, lifts two specific embodiments and illustrate VPN resource access process.It is more shown in Fig. 2
VPN network includes: terminal device PC, SSL vpn gateway equipment GW, Resource Server Server1 and Server2, wherein
Server1 belongs to VPN1, and the IP address that Server2 belongs to VPN2, Server1 and Server2 is identical, is 20.1.1.254.
R1, R2 represent data transmission institute through intermediary network device.User (is denoted as by the Terminal Server Client started on PC
Client) SSL vpn tunneling is established with GW.
Embodiment one: Client supports the resource authorization based on VPN
GW binds VPN1 and VPN2 in the SSL VPN instance belonging to SSL vpn tunneling, and binds access interface for VPN1
AC1 binds access interface AC2 for VPN2, and specifying the MAC Address of AC1 is MAC1, and the MAC Address of AC2 is MAC2, establishes VPN's
The corresponding relationship of mark and the MAC Address of VPN binding, referring to table 2.
The mark of VPN | The MAC Address of VPN binding |
VPN1 | MAC1 |
VPN2 | MAC2 |
Table 2
Client and GW carries out information exchange using the protocol interaction process of SSL VPN shown in Fig. 3.Wherein, step 301, step
Rapid 302, step 304, step 306 and step 307 follow existing SSL VPN agreement, and which is not described herein again;In step 303
Using authorization stages, GW by the mark (VPN1) of the affiliated VPN of Server1 and the IP address (20.1.1.254) of Server1,
The mark (VPN2) of the affiliated VPN of Server2 and the IP address (20.1.1.254) of Server2 are sent to Client.In step
In 304, virtual ip address 10.1.1.1 is distributed for Client in GW secondary IP address pond (10.1.1.1/24).In step 305,
The corresponding relationship of MAC1 and VPN1, MAC2 and VPN2 are advertised to Client by GW.
When Client sends request message (being denoted as Packet1) access Server1, the source IP address of Packet1 is
The virtual ip address 10.1.1.1 of Client, purpose IP address are the IP address 20.1.1.254 of Server1, and source MAC is
The MAC Address of Client, target MAC (Media Access Control) address are the corresponding MAC Address MAC1 of the affiliated VPN1 of Server1.The request message is being sent out
The encapsulation of SSL vpn tunneling is carried out before sending, the source IP address of SSL vpn tunneling is the public network IP address (100.1.1.1) of PC, mesh
IP address be GW IP address (1.1.1.254), GW is sent to by SSL vpn tunneling.
After GW receives SSL VPN message, the encapsulation of SSL vpn tunneling is released, according to the target MAC (Media Access Control) address of Packet1
MAC1, inquiry table 2 determine that the affiliated VPN of Packet1 is VPN1, are inquired according to the purpose IP address 20.1.1.254 of Packet1
Packet1 is transmitted to Server1 by the routing table in VPN1.
After Server1 receives Packet1, response message is replied for Packet1, is denoted as Packet2.Packet2's
Source IP address is the IP address 20.1.1.254 of Server1, and purpose IP address is the virtual ip address 10.1.1.1 of Client, source
MAC Address is the MAC Address of Server1, and target MAC (Media Access Control) address is the MAC of Server1 corresponding gateway equipment (not shown)
Location, Server1 corresponding gateway equipment and other intermediary network devices are based on routing forwarding, and Packet2 is transmitted to GW.
GW is according to the purpose IP address of Packet2, VPN (VPN1) interior table of query and routing belonging to Packet2, thus really
Determining next-hop is Client, and outgoing interface is SSL vpn tunneling;The VPN according to belonging to Packet2 (VPN1) inquiry table 2, thus really
The MAC for determining VPN1 binding is MAC1, and the source MAC of Packet2 is replaced with the MAC1 with VPN1 binding;According to Packet2
Purpose IP address (the virtual ip address 10.1.1.1 of Client), inquiry and the matched ARP table of virtual ip address of Client
Item (list item of record IP address and MAC Address corresponding relationship), so that it is determined that the corresponding MAC of the virtual ip address of Client
The target MAC (Media Access Control) address of Packet2 is replaced with the MAC Address of Client by location;To replacement MAC Address after Packet2 message into
The encapsulation of row SSL vpn tunneling, the source IP address of SSL vpn tunneling are the IP address (1.1.1.254) of GW, purpose IP address PC
Public network IP address (100.1.1.1), Client is sent to by SSL vpn tunneling.
After Client receives message by SSL vpn tunneling, tunnel encapsulation is released, according to the source MAC of Packet2
MAC1 determines that the message from VPN1, determines that the message comes from Server1 according to the source IP address 20.1.1.254 of Packet2,
The message is parsed to be handled.
Similarly, the process flow of Client access Server2 is identical, can pass through same SSL vpn tunneling transmitting message, base
Belong to the message of VPN2 in MAC2 identification.
Embodiment two: Client does not support the resource authorization based on VPN
GW binds VPN1 and VPN2 in the SSL VPN instance belonging to SSL vpn tunneling, establish correspondence as shown in Table 1
Relationship.
Client and GW carries out information exchange using the protocol interaction process of SSL VPN shown in Fig. 4.Wherein, step 401, step
Rapid 402, step 404, step 405 and step 406 follow existing SSL VPN agreement, and which is not described herein again;In step 403
Using authorization stages, GW is according to the IP of the mark of the VPN recorded in table 1, the IP address of Resource Server and Resource Server
Location mapping after IP address corresponding relationship, by according to Server1 in affiliated VPN1 IP address 20.1.1.254 mapping after
It obtained IP address 120.1.1.254 and is obtained after the IP address 20.1.1.254 mapping in affiliated VPN2 according to Server2
IP address 121.1.1.254 be sent to Client.In step 404, it is in GW secondary IP address pond (10.1.1.1/24)
Client distributes virtual ip address 10.1.1.1.
When Client sends request message (being denoted as Packet3) access Server1, the source IP address of Packet3 is
The virtual ip address 10.1.1.1 of Client, purpose IP address is the IP address 120.1.1.254 after Server1 mapping, right
Packet3 carries out the encapsulation of SSL vpn tunneling, and the source IP address of SSL vpn tunneling is the public network IP address 100.1.1.1 of PC, mesh
IP address be GW IP address 1.1.1.254, GW is sent to by SSL vpn tunneling.
After GW receives SSL VPN message, the encapsulation of SSL vpn tunneling is released, according to the purpose IP address of Packet3
120.1.1.254 inquiry table 1 determines that the affiliated VPN of Packet3 is VPN1, and determines that IP address of the Server1 in VPN1 is
20.1.1.254, the purpose IP address 120.1.1.254 of Packet3 is replaced with into IP address of the Server1 in VPN1
20.1.1.254;It is the routing table that 20.1.1.254 is inquired in VPN1 according to IP address of the Server1 in VPN1, and according to looking into
Packet3 is sent to Server1 by the routing table found.
After Server1 receives Packet3, response message is replied for Packet3, is denoted as Packet4.Packet4's
Source IP address is IP address 20.1.1.254 of the Server1 in VPN1, and purpose IP address is the virtual ip address of Client
10.1.1.1, source MAC be Server1 MAC Address, target MAC (Media Access Control) address be Server1 corresponding gateway equipment (in figure not
Show) MAC Address, Server1 corresponding gateway equipment and other intermediary network devices are based on routing forwarding, Packet4 are turned
Issue GW.
GW is according to the purpose IP address of Packet4, VPN (VPN1) interior table of query and routing belonging to Packet4, thus really
Determining next-hop is Client, and outgoing interface is SSL vpn tunneling;The VPN according to belonging to Packet4 (VPN1) and source IP address
20.1.1.254 inquiry table 1, so that it is determined that the IP address after IP address mapping of the Server1 in VPN1 is 120.1.1.254,
The source IP address 20.1.1.254 of Packet4 is replaced with into the IP address 120.1.1.254 after mapping, then carries out SSL VPN
Tunnel encapsulation, the source IP address of SSL vpn tunneling are the IP address (1.1.1.254) of GW, and purpose IP address is the public network IP of PC
Address (100.1.1.1) is sent to Client by SSL vpn tunneling.
After Client receives SSL VPN message by SSL vpn tunneling, tunnel encapsulation is released, at Packet4
Reason.
Similarly, the process flow of Client access Server2 is identical, can pass through same SSL vpn tunneling transmitting message.
Corresponding with the embodiment of aforementioned VPN resource access method, the present invention also provides the realities of VPN resource access device
Apply example.
The embodiment of VPN resource access device of the present invention can be applied in SSL vpn gateway equipment.Installation practice can
Can also be realized by way of hardware or software and hardware combining by software realization.Taking software implementation as an example, as one
Device on logical meaning is that corresponding computer program instructions are formed in the processor run memory by equipment where it
's.For hardware view, as shown in figure 5, for a kind of hardware structure diagram of equipment where VPN resource access device of the present invention,
Other than processor shown in fig. 5 and nonvolatile memory, the equipment in embodiment where device is set generally according to this
Standby actual functional capability can also include other hardware, repeat no more to this.
Referring to FIG. 6, for the structural schematic diagram of the VPN resource access device in one embodiment of the invention.The VPN resource
Access mechanism includes transmission unit 601, receiving unit 602 and retransmission unit 603, in which:
Transmission unit 601, the Terminal Server Client transmission for establishing SSL vpn tunneling for Xiang Yuben equipment license to described remote
The resource information of resource in multiple VPN of journey client, the multiple VPN are SSL VPN belonging to the SSL vpn tunneling
The VPN of example binding;
Receiving unit 602 passes through the request message that the SSL vpn tunneling is sent for receiving the Terminal Server Client,
The access that the request message carries the resource to be accessed that the Terminal Server Client is determined according to the resource information of the resource is believed
Breath;
Retransmission unit 603, for search with the matched forwarding-table item of access information of the resource to be accessed, and according to
Forwarding information in the forwarding-table item being fitted on forwards the request message.
Further, the resource information of the resource includes that the mark of VPN belonging to the resource, the resource are corresponding
The IP address of Resource Server;
The transmission unit 601 licenses to described in the Terminal Server Client transmission that Xiang Yuben equipment establishes SSL vpn tunneling
After the resource information of resource in multiple VPN of Terminal Server Client, it is also used to send to the Terminal Server Client the multiple
The VPN information of resource in VPN, the VPN information include VPN belonging to the resource mark and with belonging to the resource
The corresponding relationship of the MAC Address of VPN binding, so that the Terminal Server Client determines the access information of the resource to be accessed, institute
The access information for stating resource to be accessed includes the MAC Address of the binding of VPN belonging to the resource to be accessed, the resource to be accessed
The IP address of corresponding Resource Server;
The retransmission unit 603, it is corresponding with the VPN MAC Address bound specifically for the mark in the VPN being locally stored
In relationship, the mark of VPN corresponding with the MAC Address that VPN belonging to the resource to be accessed is bound is searched;With find
The matched forwarding of IP address of Resource Server corresponding with the resource to be accessed is searched in the corresponding forwarding table of mark of VPN
Information, and the request message is forwarded according to the forwarding information found.
Further, the request message carries VPN belonging to the resource to be accessed by target MAC (Media Access Control) address field and ties up
Fixed MAC Address carries the IP address of the corresponding Resource Server of the resource to be accessed by purpose IP address field.
Further, the resource information of the resource include the corresponding Resource Server of the resource IP address mapping after
IP address;Wherein, the IP address after the IP address mapping of each Resource Server is different;The access of the resource to be accessed
Information includes: the IP address after the IP address mapping of the corresponding Resource Server of the resource to be accessed;
The retransmission unit 603, specifically in the mark for the VPN being locally stored, the IP address of Resource Server and money
In the corresponding relationship of IP address after the IP address mapping of source server, resource service corresponding with the resource to be accessed is searched
The mark of the corresponding VPN of IP address after the IP address mapping of device and the IP address of Resource Server;With the VPN's that finds
The matched forwarding information of IP address for identifying the Resource Server searched and found in corresponding forwarding table, according to what is found
Forwarding information forwards the request message.
Further, the request message carries the corresponding resource clothes of the resource to be accessed by purpose IP address field
IP address after the IP address mapping of business device;
The retransmission unit 603 forwards the request message according to the forwarding information found, comprising:
The IP for the corresponding Resource Server of the resource to be accessed that the request message purpose IP address field is carried
IP address after address of cache replaces with the IP address of the Resource Server found, and is believed according to the forwarding found
Request message after breath forwarding replacement purpose IP address field.
Further, the multiple VPN shares same IP address pond, described device further include:
Allocation unit, when any resource for the remote client access authorization, the gateway is based on sharing
IP address pond be that the Terminal Server Client distributes identical IP address so that the Terminal Server Client is sent out using same IP address
Send the request message of any resource of access mandate.
Further,
The receiving unit 602 is also used to receive the corresponding Resource Server of the resource to be accessed for the request
The response message that message returns, the purpose IP address of the response message are the IP address of the Terminal Server Client;
The retransmission unit 603 is also used in the mark for the VPN being locally stored pass corresponding with the VPN MAC Address bound
In system, the MAC Address of VPN binding corresponding with the mark of VPN belonging to the resource to be accessed is searched;By the response message
Source MAC replace with the MAC Address of the VPN binding found, the target MAC (Media Access Control) address of the response message replaces with described
The MAC Address of Terminal Server Client;It is searched in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed and described remote
The matched forwarding information of the IP address of journey client, according to the response report after the forwarding information forwarding replacement MAC Address found
Text.
Further,
The receiving unit 602 is also used to receive the corresponding Resource Server of the resource to be accessed for the request
The response message that message returns, the source IP address of the response message are the IP of the corresponding Resource Server of the resource to be accessed
Address, the purpose IP address of the response message are the IP address of the Terminal Server Client;
The retransmission unit 603 is also used in the mark for the VPN being locally stored, the IP address of Resource Server and resource
In the corresponding relationship of IP address after the IP address mapping of server, search with the mark of the affiliated VPN of resource to be accessed and
IP address after the IP address mapping of the corresponding Resource Server of the corresponding resource to be accessed of the IP address of Resource Server;
The source IP address of the response message is replaced with to the IP address of the corresponding Resource Server of find described resource to be accessed
IP address after mapping;It is searched and the long-range visitor in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed
The matched forwarding information of the IP address at family end forwards the replaced response message of IP address according to the forwarding information found.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit
The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with
It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual
The purpose for needing to select some or all of the modules therein to realize the present invention program.Those of ordinary skill in the art are not paying
Out in the case where creative work, it can understand and implement.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the present invention.
Claims (16)
1. a kind of virtual private network resource access method, applied to the gateway for supporting security socket layer SSL VPN,
It is characterized in that, which comprises
The Terminal Server Client that Xiang Yuben equipment establishes SSL vpn tunneling is sent in the multiple VPN for licensing to the Terminal Server Client
Resource resource information, the multiple VPN be the SSL vpn tunneling belonging to SSL VPN instance binding VPN;
It receives the Terminal Server Client and passes through the request message that the SSL vpn tunneling is sent, described in the request message carries
The access information for the resource to be accessed that Terminal Server Client is determined according to the resource information of the resource;
The matched forwarding-table item of access information with the resource to be accessed is searched, and is turned according in the forwarding-table item being matched to
Photos and sending messages forward the request message.
2. the method as described in claim 1, which is characterized in that the resource information of the resource includes belonging to the resource
The IP address of the mark of VPN, the corresponding Resource Server of the resource;
The Terminal Server Client transmission that the Xiang Yuben equipment establishes SSL vpn tunneling licenses to the multiple of the Terminal Server Client
After the resource information of resource in VPN, the method also includes:
The VPN information of the resource in the multiple VPN is sent to the Terminal Server Client, the VPN information includes the resource
The mark of affiliated VPN and with VPN belonging to the resource binding MAC Address corresponding relationship so that the remote client
End determines the access information of the resource to be accessed, and the access information of the resource to be accessed includes belonging to the resource to be accessed
The MAC Address of VPN binding, the corresponding Resource Server of the resource to be accessed IP address;
The matched forwarding-table item of access information of the lookup and the resource to be accessed, and according in the forwarding-table item being matched to
Forwarding information forward the request message, comprising:
In the mark for the VPN being locally stored with the corresponding relationship of the MAC Address of VPN binding, search and the resource to be accessed
The mark of the corresponding VPN of MAC Address of affiliated VPN binding;
And the corresponding forwarding table of the mark of VPN that finds in search Resource Server corresponding with the resource to be accessed
The matched forwarding information of IP address, and the request message is forwarded according to the forwarding information found.
3. method according to claim 2, which is characterized in that
The request message carries the MAC Address of the binding of VPN belonging to the resource to be accessed by target MAC (Media Access Control) address field,
The IP address of the corresponding Resource Server of the resource to be accessed is carried by purpose IP address field.
4. the method as described in claim 1, which is characterized in that the resource information of the resource includes the corresponding money of the resource
IP address after the IP address mapping of source server;Wherein, each not phase of the IP address after the IP address mapping of each Resource Server
Together;
The access information of the resource to be accessed includes: after the IP address of the corresponding Resource Server of the resource to be accessed maps
IP address;
The matched forwarding-table item of access information of the lookup and the resource to be accessed, and according in the forwarding-table item being matched to
Forwarding information forward the request message, comprising:
IP after the IP address mapping of the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server
In the corresponding relationship of location, search Resource Server corresponding with the resource to be accessed IP address map after IP address it is corresponding
VPN mark and Resource Server IP address;
The IP address for the Resource Server searched and found in forwarding table corresponding with the mark of VPN found is matched
Forwarding information forwards the request message according to the forwarding information found.
5. method as claimed in claim 4, which is characterized in that
The request message carries the IP address of the corresponding Resource Server of the resource to be accessed by purpose IP address field
IP address after mapping;
The forwarding information that the basis is found forwards the request message, comprising:
The IP address for the corresponding Resource Server of the resource to be accessed that the request message purpose IP address field is carried
IP address after mapping replaces with the IP address of the Resource Server found, and is turned according to the forwarding information found
Request message after hair replacement purpose IP address field.
6. the method as described in claim 1, which is characterized in that the multiple VPN shares same IP address pond;
When any resource of the remote client access authorization, the gateway is described remote based on shared IP address pond
Journey client distributes identical IP address, so that the Terminal Server Client sends any money of access mandate using same IP address
The request message in source.
7. method as claimed in claim 3, which is characterized in that the method also includes:
It receives the corresponding Resource Server of the resource to be accessed and is directed to the response message that the request message returns, the response
The purpose IP address of message is the IP address of the Terminal Server Client;
In the mark for the VPN being locally stored with the corresponding relationship of the MAC Address of VPN binding, search and the resource to be accessed
The MAC Address of the corresponding VPN binding of the mark of affiliated VPN;
The source MAC of the response message is replaced with to the MAC Address of the VPN binding found, the mesh of the response message
MAC Address replace with the MAC Address of the Terminal Server Client;
The IP address with the Terminal Server Client is searched in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed
Matched forwarding information, according to the response message after the forwarding information forwarding replacement MAC Address found.
8. method as claimed in claim 5, which is characterized in that the method also includes:
It receives the corresponding Resource Server of the resource to be accessed and is directed to the response message that the request message returns, the response
The source IP address of message is the IP address of the corresponding Resource Server of the resource to be accessed, the destination IP of the response message
Location is the IP address of the Terminal Server Client;
IP after the IP address mapping of the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server
In the corresponding relationship of location, institute corresponding with the IP address of mark and Resource Server of the affiliated VPN of resource to be accessed is searched
IP address after stating the IP address mapping of the corresponding Resource Server of resource to be accessed;
The source IP address of the response message is replaced with to the IP of the corresponding Resource Server of find described resource to be accessed
IP address after address of cache;
The IP address with the Terminal Server Client is searched in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed
Matched forwarding information forwards the replaced response message of IP address according to the forwarding information found.
9. a kind of virtual private network resource access device, applied to the gateway for supporting security socket layer SSL VPN,
It is characterized in that, described device includes:
Transmission unit, the Terminal Server Client transmission for establishing SSL vpn tunneling for Xiang Yuben equipment license to the remote client
The resource information of resource in multiple VPN at end, the multiple VPN are that SSL VPN instance belonging to the SSL vpn tunneling is tied up
Fixed VPN;
Receiving unit passes through the request message that the SSL vpn tunneling is sent, the request for receiving the Terminal Server Client
Message carries the access information for the resource to be accessed that the Terminal Server Client is determined according to the resource information of the resource;
Retransmission unit, for search with the matched forwarding-table item of access information of the resource to be accessed, and according to being matched to
Forwarding information in forwarding-table item forwards the request message.
10. device as claimed in claim 9, which is characterized in that the resource information of the resource includes belonging to the resource
The IP address of the mark of VPN, the corresponding Resource Server of the resource;
The transmission unit licenses to the long-range visitor in the Terminal Server Client transmission that Xiang Yuben equipment establishes SSL vpn tunneling
After the resource information of resource in multiple VPN at family end, it is also used to send in the multiple VPN to the Terminal Server Client
The VPN information of resource, the VPN information include the mark of VPN belonging to the resource and bind with VPN belonging to the resource
MAC Address corresponding relationship it is described to be accessed so that the Terminal Server Client determines the access information of the resource to be accessed
The access information of resource includes the MAC Address of the binding of VPN belonging to the resource to be accessed, the corresponding money of the resource to be accessed
The IP address of source server;
The retransmission unit, specifically for the VPN being locally stored mark with VPN binding MAC Address corresponding relationship in,
Search the mark of VPN corresponding with the MAC Address that VPN belonging to the resource to be accessed is bound;In the mark with the VPN found
Know the matched forwarding information of IP address that Resource Server corresponding with the resource to be accessed is searched in corresponding forwarding table, and
The request message is forwarded according to the forwarding information found.
11. device as claimed in claim 10, which is characterized in that the request message is carried by target MAC (Media Access Control) address field
It is corresponding to carry the resource to be accessed by purpose IP address field for the MAC Address of the binding of VPN belonging to the resource to be accessed
Resource Server IP address.
12. device as claimed in claim 9, which is characterized in that the resource information of the resource includes that the resource is corresponding
IP address after the IP address mapping of Resource Server;Wherein, the IP address after the IP address mapping of each Resource Server is not respectively
It is identical;The access information of the resource to be accessed includes: the IP address mapping of the corresponding Resource Server of the resource to be accessed
IP address afterwards;
The retransmission unit, specifically in the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server
IP address mapping after IP address corresponding relationship in, with searching the IP of Resource Server corresponding with the resource to be accessed
The mark of the corresponding VPN of IP address after the mapping of location and the IP address of Resource Server;Corresponding with the mark of the VPN found
Forwarding table in the matched forwarding information of IP address of Resource Server searching and find, according to the forwarding information found
Forward the request message.
13. device as claimed in claim 12, which is characterized in that the request message carries institute by purpose IP address field
IP address after stating the IP address mapping of the corresponding Resource Server of resource to be accessed;
The retransmission unit forwards the request message according to the forwarding information found, comprising:
The IP address for the corresponding Resource Server of the resource to be accessed that the request message purpose IP address field is carried
IP address after mapping replaces with the IP address of the Resource Server found, and is turned according to the forwarding information found
Request message after hair replacement purpose IP address field.
14. device as claimed in claim 9, which is characterized in that the multiple VPN shares same IP address pond, described device
Further include:
Allocation unit, when any resource for the remote client access authorization, the gateway is based on shared IP
Address pool is that the Terminal Server Client distributes identical IP address, is visited so that the Terminal Server Client is sent using same IP address
Ask the request message of any resource of authorization.
15. device as claimed in claim 11, it is characterised in that:
The receiving unit is also used to receive the corresponding Resource Server of the resource to be accessed and returns for the request message
Response message, the purpose IP address of the response message is the IP address of the Terminal Server Client;
The retransmission unit is also used to look into the mark for the VPN being locally stored with the corresponding relationship of the MAC Address of VPN binding
Look for the MAC Address of VPN binding corresponding with the mark of VPN belonging to the resource to be accessed;By the source MAC of the response message
Address replaces with the MAC Address of the VPN binding found, and the target MAC (Media Access Control) address of the response message replaces with the long-range visitor
The MAC Address at family end;It is searched and the remote client in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed
The matched forwarding information of the IP address at end, according to the response message after the forwarding information forwarding replacement MAC Address found.
16. device as claimed in claim 13, it is characterised in that:
The receiving unit is also used to receive the corresponding Resource Server of the resource to be accessed and returns for the request message
Response message, the source IP address of the response message is the IP address of the corresponding Resource Server of the resource to be accessed, institute
The purpose IP address for stating response message is the IP address of the Terminal Server Client;
The retransmission unit is also used in the mark for the VPN being locally stored, the IP address of Resource Server and Resource Server
In the corresponding relationship of IP address after IP address mapping, the mark and resource service with the affiliated VPN of resource to be accessed are searched
IP address after the IP address mapping of the corresponding Resource Server of the corresponding resource to be accessed of the IP address of device;It is answered by described in
After the source IP address for answering message replaces with the IP address mapping of the corresponding Resource Server of find described resource to be accessed
IP address;The IP with the Terminal Server Client is searched in forwarding table corresponding with the mark of the affiliated VPN of resource to be accessed
The forwarding information of address matching forwards the replaced response message of IP address according to the forwarding information found.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710161590.XA CN106888145B (en) | 2017-03-17 | 2017-03-17 | A kind of VPN resource access method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710161590.XA CN106888145B (en) | 2017-03-17 | 2017-03-17 | A kind of VPN resource access method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106888145A CN106888145A (en) | 2017-06-23 |
CN106888145B true CN106888145B (en) | 2019-11-12 |
Family
ID=59181024
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710161590.XA Active CN106888145B (en) | 2017-03-17 | 2017-03-17 | A kind of VPN resource access method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106888145B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107547509B (en) * | 2017-06-27 | 2020-10-13 | 新华三技术有限公司 | Message forwarding method and device |
CN107659485B (en) * | 2017-10-31 | 2021-02-05 | 新华三技术有限公司 | Method and device for communication between equipment and server in Virtual Private Network (VPN) |
CN108337148B (en) * | 2018-02-07 | 2019-10-18 | 北京百度网讯科技有限公司 | For obtaining the method and device of information |
CN109981640B (en) * | 2019-03-25 | 2021-07-23 | 新华三技术有限公司 | Connection establishment method and device |
CN111786867B (en) * | 2019-04-04 | 2021-11-16 | 厦门网宿有限公司 | Data transmission method and server |
CN110505244B (en) * | 2019-09-19 | 2020-06-02 | 南方电网数字电网研究院有限公司 | Remote tunnel access technology gateway and server |
CN111740893B (en) * | 2020-06-30 | 2022-02-11 | 成都卫士通信息产业股份有限公司 | Method, device, system, medium and equipment for realizing software-defined VPN |
CN113923149B (en) * | 2020-07-09 | 2023-12-19 | 阿里巴巴集团控股有限公司 | Network access method, device, network system, electronic equipment and storage medium |
CN114157485A (en) * | 2021-12-03 | 2022-03-08 | 北京天融信网络安全技术有限公司 | Resource access method and device and electronic equipment |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101534302A (en) * | 2009-04-16 | 2009-09-16 | 杭州华三通信技术有限公司 | Method for providing TCP service, system and relevant device thereof |
CN101599901A (en) * | 2009-07-15 | 2009-12-09 | 杭州华三通信技术有限公司 | The method of remotely accessing MPLS VPN, system and gateway |
CN101902400A (en) * | 2010-07-21 | 2010-12-01 | 成都市华为赛门铁克科技有限公司 | Gateway load balancing method, system and client device |
CN101951378A (en) * | 2010-09-26 | 2011-01-19 | 北京品源亚安科技有限公司 | Protocol stack system structure for SSL VPN and data processing method |
US8117325B1 (en) * | 2008-04-29 | 2012-02-14 | Juniper Networks, Inc. | Policy-based cross-domain access control for SSL VPN |
CN104753752A (en) * | 2013-12-30 | 2015-07-01 | 上海格尔软件股份有限公司 | As-needed connecting method suitable for VPN |
CN105812218A (en) * | 2014-12-31 | 2016-07-27 | 中国电信股份有限公司 | Method for realizing multi-VPN-protocol application access, middleware and mobile terminal |
CN105939312A (en) * | 2015-08-26 | 2016-09-14 | 杭州迪普科技有限公司 | Data transmission method and device |
-
2017
- 2017-03-17 CN CN201710161590.XA patent/CN106888145B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8117325B1 (en) * | 2008-04-29 | 2012-02-14 | Juniper Networks, Inc. | Policy-based cross-domain access control for SSL VPN |
CN101534302A (en) * | 2009-04-16 | 2009-09-16 | 杭州华三通信技术有限公司 | Method for providing TCP service, system and relevant device thereof |
CN101599901A (en) * | 2009-07-15 | 2009-12-09 | 杭州华三通信技术有限公司 | The method of remotely accessing MPLS VPN, system and gateway |
CN101902400A (en) * | 2010-07-21 | 2010-12-01 | 成都市华为赛门铁克科技有限公司 | Gateway load balancing method, system and client device |
CN101951378A (en) * | 2010-09-26 | 2011-01-19 | 北京品源亚安科技有限公司 | Protocol stack system structure for SSL VPN and data processing method |
CN104753752A (en) * | 2013-12-30 | 2015-07-01 | 上海格尔软件股份有限公司 | As-needed connecting method suitable for VPN |
CN105812218A (en) * | 2014-12-31 | 2016-07-27 | 中国电信股份有限公司 | Method for realizing multi-VPN-protocol application access, middleware and mobile terminal |
CN105939312A (en) * | 2015-08-26 | 2016-09-14 | 杭州迪普科技有限公司 | Data transmission method and device |
Also Published As
Publication number | Publication date |
---|---|
CN106888145A (en) | 2017-06-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106888145B (en) | A kind of VPN resource access method and device | |
CN110191031B (en) | Network resource access method and device and electronic equipment | |
TWI376132B (en) | Method and system of providing ip-based packet communications with in-premise devices in a utility network | |
US8274986B2 (en) | Packet communication method using node identifier and locator | |
ES2287697T3 (en) | ADDRESS AND APPLIANCE METHOD FOR ESTABLISHING HOST IDENTITY PROTOCOL (HIP) CONNECTIONS BETWEEN LEGACY AND HIP NODES. | |
CN101572643B (en) | Method and system for realizing data transmission among private networks | |
RU2005108655A (en) | METHOD, GATEWAY AND SYSTEM FOR DATA TRANSFER BETWEEN THE DEVICE ON THE GENERAL USE NETWORK AND THE DEVICE ON THE INTERNAL NETWORK | |
CN106878483A (en) | A kind of IP address distribution method and device | |
CN100463452C (en) | VPN data forwarding method and VPN device for data forwarding | |
CN102055816A (en) | Communication method, business server, intermediate equipment, terminal and communication system | |
CN105245629B (en) | Host communication method based on DHCP and device | |
US8265084B2 (en) | Local network connecting system local network connecting method and mobile terminal | |
CA2462448A1 (en) | Access and control system for network-enabled devices | |
CN105487517B (en) | A kind of automatic network-building method of household WIFI network system | |
CN101461198A (en) | Relay network system and terminal adapter | |
KR101743559B1 (en) | Virtual private network, internet cafe network using the same, and manager apparatus for the same | |
US20020199015A1 (en) | Communications system managing server, routing server, mobile unit managing server, and area managing server | |
CN108683645A (en) | A kind of information-distribution type domain name and data transacting system based on block chain | |
KR101240552B1 (en) | System and method for managing media keys and for transmitting/receiving peer-to-peer messages using the media keys | |
CN102546428A (en) | System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception | |
CN101232500A (en) | Network system which performs peer-to-peer communication | |
CN110460641A (en) | Data transmission method, apparatus and system | |
CN109412927A (en) | A kind of more VPN data transmission methods, device and the network equipment | |
CN102447626A (en) | Backbone network with policy driven routing | |
CN105897542A (en) | Tunnel building method and video monitoring system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |