CN106921552A - Terminal, gateway and tunnel multiplex system - Google Patents
Terminal, gateway and tunnel multiplex system Download PDFInfo
- Publication number
- CN106921552A CN106921552A CN201510993881.6A CN201510993881A CN106921552A CN 106921552 A CN106921552 A CN 106921552A CN 201510993881 A CN201510993881 A CN 201510993881A CN 106921552 A CN106921552 A CN 106921552A
- Authority
- CN
- China
- Prior art keywords
- gateway
- terminal
- data
- ssl tunneling
- destination server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to the communications field, a kind of terminal, gateway and ssl tunneling multiplex system are disclosed.The system includes terminal and gateway, and wherein terminal includes:Controller, for the ssl tunneling between foundation and gateway;Transmitter, for sending linking request to the gateway by the ssl tunneling;And receiver, for receiving the gateway by the linking status transmitted by the ssl tunneling.Gateway includes:Receiver module, for receiving terminal by the linking request transmitted by ssl tunneling;Control module, for being established the link according to the linking request and destination server;And sending module, for will be sent to the terminal by the ssl tunneling with the linking status of the destination server.By setting up ssl tunneling so that enter row data communication between terminal and gateway by ssl tunneling, and then the security of network access is improve, the load of gateway is effectively reduced by the multiplexing for realizing ssl tunneling.
Description
Technical field
The present invention relates to the communications field, in particular it relates to a kind of terminal, gateway and tunnel multiplex system.
Background technology
Large and medium-sized enterprise sets many application servers in enterprises both at home and abroad at present, is enterprises
The convenience that resource is used provides help, including:Enterprises mail service, cooperative office system, wealth
Business management system etc..For this gateway, any True Data is not preserved thereon, it is all of quiet
State webpage and web program, are all still stored on the application server of enterprises.Thus, to net
The attack of pass can't cause that the application server of enterprises is destroyed, which enhances in enterprise
The security of portion's application server.
But with the safe class for increasingly improving, common tcp/ip communication can not meet big-and-middle-sized
The need for enterprise network security, its exigence more perfect security mechanism meets peace higher
It is complete to need.
The content of the invention
It is an object of the invention to provide a kind of terminal, gateway and tunnel multiplex system, it can effectively be reduced
The load of gateway, improves the security of network access.
To achieve these goals, the present invention provides a kind of terminal, and the terminal includes:Controller, is used for
Set up and the ssl tunneling between gateway;Transmitter, for by the ssl tunneling to the gateway
Send linking request;And receiver, for receiving the gateway by transmitted by the ssl tunneling
Linking status.
Preferably, the IP address of server of the linking request needed for the terminal and port constitute.
Preferably, the transmitter is additionally operable in the linking status in the case of linking successfully, to pass through
The ssl tunneling sends the first data to the gateway;And the receiver is additionally operable to receive the net
Closing should by the second data being associated with first data and purpose transmitted by the ssl tunneling
With mark.
Preferably, the transmitter is additionally operable to be marked second data is activation according to the purpose application
To purpose application.
Correspondingly, the present invention also provides a kind of gateway, and the gateway includes:Receiver module, for receiving end
End is by the linking request transmitted by ssl tunneling;Control module, for according to the linking request and mesh
Server establish the link;And sending module, for the linking status with the destination server to be led to
The ssl tunneling is crossed to send to the terminal.
Preferably, the control module is additionally operable to parse the linking request obtain and the linking request
The IP address of associated destination server and port, and according to the IP address and port and purpose service
Device is established the link.
Preferably, the receiver module is additionally operable to receiving terminal by first transmitted by the ssl tunneling
Data;The control module is additionally operable to parsing first data to obtain what is be associated with first data
The IP address of destination server, the port of destination server and valid data;And the sending module
It is additionally operable to the valid data according to the IP address of the destination server, the port of destination server
Send to destination server.
Preferably, the receiver module is additionally operable to receive the destination server according to the valid data
The second data for sending;The control module is additionally operable to increase by second data purpose application mark;
And the sending module is additionally operable to for second data and the purpose application to mark the SSL tunnels
Road is sent to the terminal.
Correspondingly, the present invention also provides a kind of ssl tunneling multiplex system, and the system is included:Above-mentioned end
End, and above-mentioned gateway.
By above-mentioned technical proposal, ssl tunneling is set up so that pass through SSL tunnels between terminal and gateway
Road enters row data communication, and then improves the security of network access, by realizing answering for ssl tunneling
With the load for effectively reducing gateway.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Accompanying drawing is, for providing a further understanding of the present invention, and to constitute the part of specification, with
Following specific embodiment is used to explain the present invention together, but is not construed as limiting the invention.
In accompanying drawing:
Fig. 1 shows the structured flowchart of ssl tunneling multiplex system provided by the present invention;
Fig. 2 shows the structured flowchart of terminal provided by the present invention;
Fig. 3 shows the structured flowchart of gateway provided by the present invention.
Description of reference numerals
The gateway of 100 terminal 200
The transmitter of 300 server 110
The receiver of 120 controller 130
The control module of 210 receiver module 220
230 sending modules
Specific embodiment
Specific embodiment of the invention is described in detail below in conjunction with accompanying drawing.It should be appreciated that
Specific embodiment described herein is merely to illustrate and explain the present invention, and is not limited to this hair
It is bright.
Fig. 1 shows the structured flowchart of ssl tunneling multiplex system provided by the present invention.As shown in figure 1,
The invention provides a kind of ssl tunneling multiplex system, the system includes:Terminal 100, the and of gateway 200
Server 300.
Fig. 2 shows the structured flowchart of terminal provided by the present invention.As shown in Fig. 2 terminal 100 can
To include:Controller 120, for the ssl tunneling between foundation and gateway;Transmitter 110, is used for
Linking request is sent to the gateway by the ssl tunneling;And receiver 130, for receiving
Gateway is stated by the linking status transmitted by the ssl tunneling.
Specifically, the controller 120 of terminal 100 is set up and gateway between by the FPDP of gateway
Ssl tunneling, when carrying out data transmission, multiple applications of terminal 100 are first by the server needed for it
IP address and port set bag be linking request, the transmitter 110 of terminal 100 will by ssl tunneling
The linking request is sent to gateway 200.
Fig. 3 shows the structured flowchart of gateway provided by the present invention.As shown in figure 3, gateway 200 can
To include:Receiver module 210, for receiving terminal by the linking request transmitted by ssl tunneling;Control
Molding block 220, for being established the link according to the linking request and destination server;And sending module
230, for will be sent to the end by the ssl tunneling with the linking status of the destination server
End.
The transmitter 110 of the receiving terminal 100 of receiver module 210 of gateway 200 is sent out by ssl tunneling
The linking request sent, 220 pairs of linking requests of control module carry out data parsing to obtain destination server
IP address and port, and according to the IP address and port for being parsed successively with one or more service
Device is linked, and gateway 200 can be managed to the link set up, record, and mould is sent afterwards
Block 230 will be sent to terminal 100 with the linking status of the destination server by ssl tunneling.Terminal
The linking status are back to corresponding application by 100 again.
In linking status in the case of linking successfully, multiple applications of terminal 100 start to send and service
The first data that device is communicated, transmitter 110 passes through ssl tunneling by first data is activation to gateway
200, the receiver module 210 of gateway 200 receives first data, control module 220 pairs first number
According to being parsed, IP address, the purpose service of destination server being associated with first data are obtained
The port of device and valid data, IP address and purpose service of the sending module 230 according to destination server
The respective links that the port of device passes through to have set up send to destination server valid data.
Then, receiver module 210 is additionally operable to receive the related to first data of destination server transmission
Second data of connection, now, control module 220 is linked by transmitting the place of the second data, to this
Two data increase purpose application mark, and sending module 230 is additionally operable to second data and purpose application mark
Note is sent to terminal 100 by ssl tunneling.
The receiver 130 of terminal 100 second data and purpose application are marked, the parsing mesh of control machine 120
Application mark, transmitter 110 is by the second data is activation to purpose application.
With further reference to Fig. 1, terminal provided by the present invention 100 can be outer net desktop computer or pen
Remember this computer, but the present invention is not restricted to this.
Server 300 can include polytype server, and e.g., internal mail server, collaboration are done
Public system server, financial management server etc., but the present invention is not restricted to this.
Ssl tunneling multiplex system provided by the present invention, terminal, gateway, by setting up ssl tunneling
The data communication between terminal and gateway is carried out, the security of network access is improve, by realizing SSL
The multiplexing in tunnel effectively reduces the load of gateway.
The preferred embodiment of the present invention is described in detail above in association with accompanying drawing, but, the present invention is not limited
Detail in above-mentioned implementation method, in range of the technology design of the invention, can be to the present invention
Technical scheme carry out various simple variants, these simple variants belong to protection scope of the present invention.
It is further to note that each particular technique described in above-mentioned specific embodiment is special
Levy, in the case of reconcilable, can be combined by any suitable means, in order to avoid need not
The repetition wanted, the present invention is no longer separately illustrated to various possible combinations.
Additionally, can also be combined between a variety of implementation methods of the invention, as long as its
Without prejudice to thought of the invention, it should equally be considered as content disclosed in this invention.
Claims (9)
1. a kind of terminal, it is characterised in that the terminal includes:
Controller, for the ssl tunneling between foundation and gateway;
Transmitter, for sending linking request to the gateway by the ssl tunneling;And
Receiver, for receiving the gateway by the linking status transmitted by the ssl tunneling.
2. terminal according to claim 1, it is characterised in that the linking request is by the end
The IP address of the server needed for end and port composition.
3. terminal according to claim 1, it is characterised in that
It is in the case of linking successfully, by the SSL that the transmitter is additionally operable in the linking status
Tunnel sends the first data to the gateway;And
The receiver be additionally operable to receive the gateway by transmitted by the ssl tunneling with described the
The second associated data of one data and purpose application mark.
4. terminal according to claim 3, it is characterised in that the transmitter is additionally operable to basis
The purpose application is marked second data is activation to purpose application.
5. a kind of gateway, it is characterised in that the gateway includes:
Receiver module, for receiving terminal by the linking request transmitted by ssl tunneling;
Control module, for being established the link according to the linking request and destination server;And
Sending module, for will be sent by the ssl tunneling with the linking status of the destination server
To the terminal.
6. gateway according to claim 5, it is characterised in that the control module is additionally operable to solution
The linking request is analysed to obtain IP address and the end of the destination server being associated with the linking request
Mouthful, and established the link with destination server according to the IP address and port.
7. gateway according to claim 5, it is characterised in that
The receiver module is additionally operable to receiving terminal by the first data transmitted by the ssl tunneling;
The control module is additionally operable to parsing first data to obtain what is be associated with first data
The IP address of destination server, the port of destination server and valid data;And
The sending module is additionally operable to IP address, the end of destination server according to the destination server
Mouth sends to destination server the valid data.
8. gateway according to claim 6, it is characterised in that
The receiver module is additionally operable to receive the destination server and is sent according to the valid data
Second data;
The control module is additionally operable to increase by second data purpose application mark;And
The sending module is additionally operable to for second data and the purpose application to mark the SSL tunnels
Road is sent to the terminal.
9. a kind of ssl tunneling multiplex system, it is characterised in that the system is included:
Terminal according to any one of claim 1-4 claim;And
Gateway according to any one of claim 5-8 claim.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510993881.6A CN106921552A (en) | 2015-12-25 | 2015-12-25 | Terminal, gateway and tunnel multiplex system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510993881.6A CN106921552A (en) | 2015-12-25 | 2015-12-25 | Terminal, gateway and tunnel multiplex system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106921552A true CN106921552A (en) | 2017-07-04 |
Family
ID=59454802
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510993881.6A Pending CN106921552A (en) | 2015-12-25 | 2015-12-25 | Terminal, gateway and tunnel multiplex system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106921552A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114189547A (en) * | 2022-02-14 | 2022-03-15 | 北京安盟信息技术股份有限公司 | SSL tunnel fast switching method under cluster |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1728628A (en) * | 2004-07-30 | 2006-02-01 | 迈普(四川)通信技术有限公司 | Multiplexing method of security proxy channel, and multiplexing server of security proxy channel |
CN1838638A (en) * | 2006-03-21 | 2006-09-27 | 杭州华为三康技术有限公司 | VPN data forwarding method and VPN device for data forwarding |
CN101242324A (en) * | 2007-02-09 | 2008-08-13 | 联想网御科技(北京)有限公司 | A remote secure access method and system based on SSL protocol |
CN101296238A (en) * | 2008-06-17 | 2008-10-29 | 杭州华三通信技术有限公司 | Method and equipment for remaining persistency of security socket layer conversation |
CN102231746A (en) * | 2011-07-11 | 2011-11-02 | 华为技术有限公司 | Method for validating identification information and terminal thereof |
CN102932359A (en) * | 2012-11-08 | 2013-02-13 | 华为软件技术有限公司 | Method, device and system for streaming media service request |
CN103379009A (en) * | 2012-04-20 | 2013-10-30 | 南京易安联网络技术有限公司 | SSL VPN communication method based on data link layers |
CN104168173A (en) * | 2010-08-20 | 2014-11-26 | 华为技术有限公司 | Method and device for terminal to achieve private network traversal to be in communication with server in IMS core network and network system |
-
2015
- 2015-12-25 CN CN201510993881.6A patent/CN106921552A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1728628A (en) * | 2004-07-30 | 2006-02-01 | 迈普(四川)通信技术有限公司 | Multiplexing method of security proxy channel, and multiplexing server of security proxy channel |
CN1838638A (en) * | 2006-03-21 | 2006-09-27 | 杭州华为三康技术有限公司 | VPN data forwarding method and VPN device for data forwarding |
CN101242324A (en) * | 2007-02-09 | 2008-08-13 | 联想网御科技(北京)有限公司 | A remote secure access method and system based on SSL protocol |
CN101296238A (en) * | 2008-06-17 | 2008-10-29 | 杭州华三通信技术有限公司 | Method and equipment for remaining persistency of security socket layer conversation |
CN104168173A (en) * | 2010-08-20 | 2014-11-26 | 华为技术有限公司 | Method and device for terminal to achieve private network traversal to be in communication with server in IMS core network and network system |
CN102231746A (en) * | 2011-07-11 | 2011-11-02 | 华为技术有限公司 | Method for validating identification information and terminal thereof |
CN103379009A (en) * | 2012-04-20 | 2013-10-30 | 南京易安联网络技术有限公司 | SSL VPN communication method based on data link layers |
CN102932359A (en) * | 2012-11-08 | 2013-02-13 | 华为软件技术有限公司 | Method, device and system for streaming media service request |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114189547A (en) * | 2022-02-14 | 2022-03-15 | 北京安盟信息技术股份有限公司 | SSL tunnel fast switching method under cluster |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2016266557B2 (en) | Secure dynamic communication network and protocol | |
CN101136777B (en) | Security management method of dual-encryption channel cooperation in network management system | |
CN103401773B (en) | Method and network equipment realizing interboard communication | |
CN101582856B (en) | Session setup method of portal server and BAS (broadband access server) device and system thereof | |
CN101309273B (en) | Method and device for generating safety alliance | |
CN101136929B (en) | Internet small computer system interface data transmission method and apparatus | |
CN108200158B (en) | Request Transmission system, method, apparatus and storage medium | |
CN101217512B (en) | A client-end state maintenance method, system, client-end and application server | |
CN103108037B (en) | A kind of communication means, Web server and Web communication system | |
WO2017148446A1 (en) | Network resource scheduling method, device and system, and network node | |
CN105592003A (en) | Cross-domain single sign-on method and system based on notification | |
CN106899500B (en) | Message processing method and device for cross-virtual extensible local area network | |
CN104243281A (en) | Voice communication method based on mobile Internet | |
CN101299668A (en) | Method, system and apparatus for establishing communication | |
CN105491169A (en) | Data proxy method and system | |
CN105553986B (en) | A kind of limited real time node communication means of multihoming based on UDP | |
CN106921552A (en) | Terminal, gateway and tunnel multiplex system | |
CN106130695A (en) | A kind of data transmission method and system | |
US9992767B2 (en) | Data transmission method and device | |
CN102742247A (en) | Data multiplexing transmission method, device and system | |
CN101465858A (en) | Method for implementing private network penetration of monitoring business, network appliance and server | |
CN101510901B (en) | Communication method, communication apparatus and system between distributed equipment | |
CN103475506A (en) | Multi-equipment management control method and multi-equipment management control system | |
CN102291402A (en) | Method, device and system for passing through private network | |
CN106789344A (en) | Data transmission method, system, CDN and client |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170704 |
|
RJ01 | Rejection of invention patent application after publication |