JP2004297484A - Network setting method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To give an instruction to a server from a management terminal and to easily and speedily add, change and delete a VPN device in a network setting method for setting a network of the VPN device connected to the network. <P>SOLUTION: The method has a step for collectively storing and holding address information and a communication method of the VPN device connected to the network in a database, installing the server connected to the network, and receiving a request of addition, change and deletion of designation of one or above address information or the communication method of the VPN device to the server from the management terminal; a step for reflecting the received request on the database; and a step for generating a setting file where address information and the communication method, which correspond to the request, are set and a step for transmitting the generated setting file to the applied VPN device so as to reflect it. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a network setting method for performing a network setting of a VPN device connected to a network.
[0002]
[Prior art]
2. Description of the Related Art Conventionally, when a virtual private network (VPN) is configured on a network, a technician with a high level of specialized knowledge has an IP address, an encrypted communication method, an encryption key, and the like for two or more VPN devices. I made the settings so that I could communicate.
[0003]
Further, a management table for holding communication addresses dynamically allocated is provided on the control device side, and the communication addresses dynamically allocated to the respective VPN devices are received and written in the management tables, respectively. A technique is described in which a connection is controlled by reading an address from a management table and notifying the address to a calling VPN apparatus.
[0004]
[Patent Document 1]
See [0005] and [0006] of JP-A-2002-77261 and FIG.
[0005]
[Problems to be solved by the invention]
However, in the above-mentioned former, there is a problem that it is difficult for a technician having specialized knowledge to set an IP address, an encryption communication method, an encryption key, and the like for each VPN device.
[0006]
In the latter case, when the communication address of the VPN device is dynamically allocated, the control device notifies the call source VPN device of the communication address of the call destination, and the communication address of the notified communication address is used. Since the communication is made to the call destination, the communication can be performed with each other even if the communication address of the VPN device is dynamically allocated. However, the VPN device is newly added, deleted, changed, or encrypted. There was a problem that the communication method and the encryption key could not be changed.
[0007]
In order to solve these problems, the present invention centrally manages address information and communication methods of all VPN devices in a server, notifies a configuration file to each VPN device, respectively, and sets, changes, and deletes address information and communication methods. It is an object of the present invention to easily and quickly add, change, or delete a VPN device by instructing a server from a management terminal.
[0008]
[Means for Solving the Problems]
Means for solving the problem will be described with reference to FIG.
[0009]
In FIG. 1, a server 1 is a server connected to a network 5, and registers and manages address information and a communication method of the VPN device 3 in a VPN ID DB 17, and creates a setting file 22 to store the information in the corresponding VPN device 3. This is transmitted and reflected.
[0010]
The management terminals 31 and 42 perform various managements.
Next, the operation will be described.
[0011]
The server 1 receives a request for addition, change, or deletion specifying at least one of the address information and the communication method of the VPN device 4 from the management terminal 31, registers the received request in the VPNID DB 17, and responds to the request. A setting file 22 in which the address information and the communication method are set is created, and the created setting file 22 is transmitted to the corresponding VPN device 3 and reflected.
[0012]
At this time, when the management terminals 31 and 41 connected to each VPN device 3 connect to the server 1 by notifying the connection ID and the connection password and connecting, the ID and password are notified to the server 1 and issued. Thereafter, the user inputs the issued ID and password and requests for addition, change, or deletion when the authentication is OK.
[0013]
In addition, the connection ID and the connection password, the ID and the password, and the information of addition, change, and deletion of the VPN device 3 are input on the screen to notify the server 1.
[0014]
Therefore, the server 1 centrally manages the address information and the communication method of all the VPN devices 3, notifies the setting files 22 to the respective VPN devices 3, and sets, changes, and deletes the address information and the communication method. 32, the server 1 can be instructed to add, change, or delete the VPN device 3 easily and quickly.
[0015]
BEST MODE FOR CARRYING OUT THE INVENTION
Next, an embodiment and operation of the present invention will be sequentially described in detail with reference to FIGS.
[0016]
FIG. 1 shows a system configuration diagram of the present invention.
In FIG. 1, a server 1 executes various processes in accordance with a program, is connected to a network 5, and registers address information and communication methods of VPN devices at a plurality of bases A, B, C,. It performs centralized management, creates a setting file 22, transmits the setting file 22 to the corresponding VPN device 3 and reflects it, and the like, and includes a sign-up process 10 and a setup process 20.
[0017]
The sign-up process 10 manages sign-up and the like. Here, a login ID issuing unit 11, a login ID authentication unit 12, a site registration / deletion unit 13, a VPN ID issuing unit 14, a site information 15, a login ID DB 16 , And a VPN ID DB 17.
[0018]
The login ID issuing means 11 is for issuing an ID and a password for the VPN device 3 to log in to the server 1 and for registering and managing the ID and password in the login ID DB 16 and the like (see FIG. 8A).
[0019]
The login ID authentication unit 13 refers to the login ID DB 16 and performs authentication when the VPN device 3 logs in to the server 1.
[0020]
The VPN ID issuing unit 14 issues an ID, an IP address, and the like of the VPN device 3 and registers and manages the VPN device 3 in the VPN ID DB 17.
[0021]
The base information 15 is base information when a base registration / deletion request is made.
The login ID DB 16 registers information (login ID, password, Internet connection ID, IP address, base ID, and the like) used when the VPN apparatus 3 at the base logs in to the server 1 and performs centralized management ((FIG. 8 ( a)).
[0022]
The VPN ID DB 17 registers and centrally manages information (VPN ID, password, login ID, IP address, base name, telephone number, etc.) of the VPN device 3 (see FIG. 8B).
[0023]
The setup process 20 is for creating and reflecting the setting file 22 of the VPN device 3 and includes a setting creating unit 21, a setting file 22, a setting reflecting unit 23, a setting file management DB 23, and the like. Is what is done.
[0024]
The setting creating unit 21 sets new registration or changed information in the VPN device 3 based on information such as addition, change, and deletion of the VPN device 3 of the base notified of the sign-up process 10. A setting file 22 is created.
[0025]
The setting file 22 is a file in which the newly registered or changed address information and the communication method are set for the VPN device 3 (see FIG. 9).
[0026]
The setting reflecting unit 24 transmits the setting file 22 to the corresponding VPN device 3 via the network 5, reflects the contents of the setting file 22, and executes new registration, change, deletion, etc. of the address information and the communication method. It is.
[0027]
The setting file management DB 23 registers and manages the setting file 22.
[0028]
The VPN device 3 is a VPN device (Virtual Private Network) device at a center and at each site, and constructs a virtual private network on the network. Here, it is configured by a VPN device 3 of one center and VPN devices 3 of a large number of bases A, B, C. Each of the VPN devices 3 is connected to a network 5, for example, the Internet, and operates as if it were a dedicated line network. Data between the VPN devices 3 is usually encrypted and transmitted and received between them. For this reason, it is necessary to set address information and an encryption method (encryption method and encryption key, etc.) in each VPN device 3. In this application, the setting, change, addition, and deletion are collectively managed from the server 1. The setting, change, addition, and deletion of the address information and the communication method of the VPN device 3 are realized by a simple operation from the management terminal 31. The details will be sequentially described below.
[0029]
Next, an ID / password issuing procedure will be described in detail according to the order of the flowchart in FIG.
[0030]
FIG. 2 is a flowchart for explaining the operation of the present invention (ID / password issuance). Here, the management terminal (base A) 31 and the sign-up process 10 correspond to the management terminal 31 of the VPN device (center) 3 at the base A and the sign-up process 10 of the server 1 in FIG.
[0031]
In FIG. 2, S1 starts a setup program. This is done by inserting a floppy disk or CD-R storing the setup program 33 into the management terminal 31 connected to the VPN device (center) 3 at the base A, for example, the center in FIG. I do.
[0032]
In step S2, an ID and a password are input. In this case, the setup program started in S1 displays a setup program display screen of FIG. 6A described later, inputs a connection ID and a password from the screen, and presses a registration button.
[0033]
S3 connects. In response to the input of the ID and password of S2 and the pressing of the registration button, the setup program connects to the server 1 of FIG. 1 corresponding to a preset address.
[0034]
In S4, the sign-up process 10 constituting the server 1 returns an initial screen.
[0035]
In step S5, the initial screen returned in step S4 is displayed. Here, the initial screen of the instant VPN system shown in FIG. 6B is displayed.
[0036]
In step S6, issuance of an ID and a password is selected. Here, after inputting the login ID and password on the screen shown in FIG. 6B, the "login issue" button at the bottom is pressed, and issuance of ID and password is selected.
[0037]
In step S7, the ID and password input in step S6 are transmitted to the sign-up process 10, and the login ID issuing unit 11 of the sign-up process 10 issues the ID and password.
[0038]
S8 registers in the DB. In this case, the ID and password issued by the login ID issuing means 11 in S7 are registered in the login ID DB 16 of FIG.
[0039]
As described above, the FD or the CD-R of the setup program is inserted into the management terminal 31 of the VPN device 3 at the center of the site A in FIG. 1 and started, and the connection ID and the password are changed from the screen to the screen shown in FIG. When the user inputs the connection to the setup process 10 of the server 1, inputs the login ID and password from the downloaded screen of FIG. 6B and presses the login ID issue button, the login ID and password are entered in the sign-up process 10. Is registered in the login ID DB 16 of FIG. 8A, and the issuance of the login ID and password for logging in to the server 1 from the management terminal 31 is completed.
[0040]
Next, the procedure of base registration (registration of the VPN device at the base) will be described in detail according to the order of the flowchart in FIG.
[0041]
FIG. 3 is a flowchart illustrating the operation of the present invention (base registration). Here, the management terminal (base A) 31, the sign-up process 10 and the setup process 20 correspond to the management terminal 31 of the VPN device (center) 3 of the base A and the sign-up process 10 and the setup process 20 of the server 1 in FIG. Corresponding.
[0042]
In FIG. 3, S11 logs in with an ID (VPN00101) and a password. This is because the ID (VPN00101) and password of the VPN device at the base A are issued by the server 1 in FIG. 1 according to the flowchart of FIG. 2 described above, and the ID (VPN00101) and password are input from the screen. Log in to the sign-up process 10 of the server 1.
[0043]
In S12, a base addition screen is transmitted.
S13 displays.
[0044]
In S14, the base names and telephone numbers of the bases B and C are input, and an add button is pressed. In steps S13 and S14, a login ID issuance screen (base registration) shown in FIG. 6C (to be described later) is displayed.
·phone number:
, The locations B and C and their telephone numbers are respectively entered in the input fields, and an add button is pressed in the location list to add as shown in the lower part of the figure.
[0045]
In step S15, in response to the pressing of the add button in step S14, the bases B and C receiving the additional registration request and the telephone numbers received by the sign-up process 10 of the server 1 are held, and the screen is returned.
[0046]
In step S16, the data is stored in the DB. This is because the information (bases B and C and their telephone numbers, base ID, password, and IP address) issued in S15 is registered as shown in (1) and (2) of the base VPN ID DB 17 in FIG. I do.
[0047]
In step S17, a screen is displayed. This means, for example, that a login ID issuance screen shown in FIG. 7D will be displayed, and the information (ID, password, IP address) issued to the bases B and C requested by the administrator in S14 is added. Confirm.
[0048]
S18 saves.
In step S21, the setup process 20 creates the setting file 22 based on the site VPNIDDB issued and stored in step S15. This is because the base IDs, passwords, and IP addresses of bases B and C are issued in S15 and S16 and registered in the base VPN ID DB 17 of FIG. Since the difference is a new addition, the information of the bases B and C is extracted, and a setting file 22 shown in FIG. 9 described later is created. Here, in addition to the IDs, passwords, IP addresses, and the like of the bases B and C issued in S15, further, as a communication method (a communication method for performing secret communication via the network 5 (such as the Internet)),
・ Center VPN device IP address:
• IPSec key exchange method: For example, manual • IPSec key:
-IPSec encryption algorithm:
-IPSec encryption key:
-IPSec authentication algorithm:
-IPSec authentication key:
・ Others:
Are added to the setting file 22 and set.
[0049]
S22 saves. This is stored in the setting file management DB 23 of FIG.
In step S23, the setting file 22 is notified.
[0050]
S24 saves.
As described above, when the bases B and C to be added and their telephone numbers are input from the management terminal 31 to the sign-up process 10 of the server 1 on the screen and an addition request is made, the sign-up process 10 transmits the IDs for the bases B and C, A password and an IP address are issued, and the setup process 20 creates a setting file 22 by adding the communication method of the bases B and C, and can store it in the VPN device 3 of the center.
[0051]
Next, the procedure for setting the base VPN device (setting the base VPN device) will be described in detail according to the order of the flowchart in FIG.
[0052]
FIG. 4 is a flowchart illustrating the operation of the present invention (base VPN device setting). Here, the management terminal (base B / base C) 32, the sign-up process 10, and the setup process 20 correspond to the management terminal 31 of the VPN device (center) 3 of the base B / base C (not shown) in FIG. Sign-up process 10 and sign-up process 20.
[0053]
In FIG. 4, S31 starts a setup program. This is done by inserting a floppy disk or CD-R storing the setup program into the management terminal 32 connected to the VPN device 3 at the location B (or the location C not shown) in FIG. I do.
[0054]
In step S32, an ID and a password are input.
S33 connects. In S32 and S33, an ID (VPN00102 or VPN00103) and a password are input from the screen displayed by the setup program started in S31, and the connection button is pressed.
[0055]
In S34, the sign-up process 10 configuring the server 1 checks the ID and the password. In the case of OK, a response of OK is returned, and the management terminal (base B / base C) recognizes OK in S35. As a result, it can be confirmed that the VPN device 3 at the site B / the site C and the server 1 can communicate normally. Then, the process proceeds to S41. On the other hand, in the case of NO in S34, it is determined that an error has occurred, and communication between the VPN devices 3 of the bases B and C and the server 1 is not possible, so that a check is made.
In step S41, the setting file 22 corresponding to the base B and the IP address of the center is reflected.
[0056]
In S42, the VPN device (base B / base C) 3 stores the setting file 22.
A step S43 returns a response.
[0057]
In S44, it is determined whether or not OK. If OK, the setting file 22 is overwritten in S45 and reflected on the VPN device (base B / base C) 3. On the other hand, in the case of NG in S44, it is determined whether or not the number has exceeded the specified number in S46, an error is determined if YES, and the process returns to S41 and repeats if NO.
[0058]
As described above, at the bases B and C to be added, the management terminal 31 logs in to the server 1, and when the authentication check returns OK, the bases B and C to be added can normally communicate with the server 1. Then, the server 1 further transmits the setting file 22 (see FIG. 9) stored in S22 of FIG. 3 to the VPN devices 3 of the bases B and D, overwrites the setting file 22, and sets the address information and the communication method. In accordance with the address information and the communication method, virtual private network communication can be performed.
[0059]
Next, the procedure for deleting the site VPN device will be described in detail according to the order of the flowchart in FIG.
[0060]
FIG. 5 shows an operation explanation flowchart (deletion of base) of the present invention. Here, the management terminal (base A) 31, the sign-up process 10, and the setup process 20 are the management terminal 31 of the VPN device (center) 3 of the base A, the sign-up process 10, and the sign-up process 20 of the server 1 in FIG. Corresponding to
[0061]
In FIG. 5, S51 logs in with an ID (VPN00101) and a password.
[0062]
In S52, the sign-up process 10 of the server 1 returns a list of sites.
S53 displays. Here, sites B and C are displayed as a list of sites to be deleted.
[0063]
In S54, the base B is selected.
In S55, the sign-up process 10 deletes the site B from the site VPNIDDB17.
[0064]
In S56, the setup process 20 deletes the base (base B) to be deleted from the center setting file 22.
[0065]
S57 saves.
In step S58, the setting file is notified.
[0066]
In step S58, the data is stored in the VPN device 3 at the site A.
As described above, the base B can be deleted by deleting the base B from the base VPN ID DB 17 of the server 1 and transmitting the setting file 22 for the center from which the base B has been deleted to the VPN device 3 of the center. It becomes.
[0067]
6 and 7 show screen examples according to the present invention.
FIG. 6A shows an example of a setup program display screen. This screen is displayed when the setup program is started on the management terminal 31 in FIG. 1 (S2 in FIG. 2). The user inputs a connection ID and a connection password, presses a registration button, and presses a registration button. It is for transmission to the sign-up process 10.
[0068]
FIG. 6B shows an example of the initial screen of the instant VPN system. This screen is the screen displayed in S5 of FIG. 2 described above. Here, the login ID and password shown in the figure are input, the registration button is pressed, and transmitted to the sign-up process 10, and the ID and password are entered. It is for requesting issuance.
[0069]
FIG. 6C shows an example of a login ID issuance screen (base registration). This screen is the screen displayed in S13 of FIG. 3 described above, and is a screen for inputting the name of the base to be added and the telephone number, and requesting the addition of the VPN device at the base.
[0070]
FIG. 7D shows an example of a login ID issuance screen. This screen is the screen displayed in S17 of FIG. 3 described above, and displays the issued login ID and password, and the illustrated information (base name, ID, password, and IP address) as the base connection ID. It was done.
[0071]
FIG. 7E shows an example of an instant VPN system main screen. This screen is an example of a screen of the center information and the base information displayed after logging in to the server 1 and displays the entire information. When an add or delete button is selected, the addition or deletion of the base is performed. To do.
[0072]
FIG. 8 shows a DB example of the present invention.
FIG. 8A shows an example of a login ID DB. The illustrated login ID DB 16 is registered with the following information illustrated in association with each other.
[0073]
・ Login ID:
·password:
・ Internet connection ID:
・ IP address:
・ Base ID:
・ Others:
Here, the login ID and password are the ID and password registered in S6 of FIG. 2 described above. The Internet connection ID is an ID for connecting to the Internet, which is the network 5. The IP address is an address for transmitting and receiving data. The site ID is an ID assigned to the VPN device 3 of the site.
[0074]
FIG. 8B shows an example of the VPNIDDB. The illustrated VPN ID DB 17 registers information of the VPN device 3 at each site in FIG. 1, and here, registers the following information illustrated.
[0075]
・ VPNID:
·password:
・ Login ID (Center):
・ IP address:
・ Base name:
·phone number:
・ Others:
FIG. 9 shows an example of a setting file according to the present invention. The illustrated setting file 22 sets information (address information and a communication method) to be set in the VPN device 3 at the base, and is set here in association with the following information shown in the figure.
[0076]
・ Base name:
・ Center VPN device IP address:
・ Base VPN device IP address:
• IPSec key exchange method: For example, manual • IPSec key:
-IPSec encryption algorithm:
-IPSec encryption key:
-IPSec authentication algorithm:
-IPSec authentication key:
・ Others:
Here, the site name, the center VPN device IP address, and the site VPN device IP address are address information. The IPSec key exchange method, the IPSec key, the IPSec encryption algorithm, the IPSec encryption key, the IPSec authentication algorithm, and the IPSec authentication key are information on the communication method.
[0077]
(Appendix 1)
In a network setting method for performing network setting of a VPN device connected to a network,
Providing a server connected to the network, which collectively stores and holds the address information and the communication method of the VPN devices connected to the network in a database,
Receiving from the management terminal a request for addition, change, or deletion specifying at least one of the address information of the VPN device and the communication method to the server;
Reflecting the received request in the database and creating a setting file that sets address information and a communication method corresponding to the request;
Transmitting the created configuration file to the VPN device and reflecting the created configuration file.
[0078]
(Appendix 2)
When the management terminal connected to each VPN device connects to the server by notifying the connection ID and the connection password when connecting to the server, the management terminal notifies the server of the ID and password, receives the issuance, and receives the issuance. 2. The network setting method according to claim 1, wherein the user requests the addition, change, or deletion when the authentication is OK after inputting the ID and password.
[0079]
(Appendix 3)
3. The network setting method according to claim 1, wherein the connection ID and the connection password, the ID and the password, and information on addition, change, and deletion of the VPN device are input on a screen and notified to the server.
[0080]
(Appendix 4)
In a network setting device for performing network setting of a VPN device connected to a network,
A database that collectively stores and holds address information and communication methods of VPN devices connected to the network;
Means for receiving, from the management terminal, a request for addition, change, or deletion specifying at least one of the address information and the communication method of the VPN device;
Means for reflecting the received request in the database, and creating a setting file in which address information and a communication method corresponding to the request are set;
Means for transmitting the created setting file to the corresponding VPN apparatus and reflecting the same on the VPN apparatus.
[0081]
【The invention's effect】
As described above, according to the present invention, the server 1 centrally manages the address information and the communication method of all the VPN devices 3, notifies the VPN device 3 of the setting file 22, and sets and changes the address information and the communication method. Since the configuration for deleting the VPN device 3 is adopted, it is possible to instruct the server 1 from the management terminals 31 and 32 to add, change, and delete the VPN device 3 easily and quickly.
[Brief description of the drawings]
FIG. 1 is a system configuration diagram of the present invention.
FIG. 2 is a flowchart for explaining the operation of the present invention (ID / password issuance).
FIG. 3 is an operation explanatory flowchart (base registration) of the present invention.
FIG. 4 is an operation explanatory flowchart of the present invention (base VPN device setting).
FIG. 5 is a flowchart for explaining the operation of the present invention (base deletion).
FIG. 6 is a screen example (part 1) of the present invention.
FIG. 7 is a screen example (part 2) of the present invention.
FIG. 8 is a DB example of the present invention.
FIG. 9 is an example of a setting file according to the present invention.
[Explanation of symbols]
1: server 10: sign-up process 11: login ID issuing means 12: login ID authentication means 13: base registration / deletion means 14: VPN ID issuing means 16: login ID DB
17: VPNIDDB
20: Setup process 21: Setting creation means 22: Setting file 23: Setting file management DB
24: setting reflecting means 3: VPN devices 31, 32: management terminal 33: setup program 5: network

Claims (3)

In a network setting method for performing network setting of a VPN device connected to a network,
Providing a server connected to the network, which collectively stores and holds the address information and the communication method of the VPN devices connected to the network in a database,
Receiving from the management terminal a request for addition, change, or deletion specifying at least one of the address information of the VPN device and the communication method to the server;
Reflecting the received request in the database and creating a setting file that sets address information and a communication method corresponding to the request;
Transmitting the created configuration file to the VPN device and reflecting the created configuration file. When the management terminal connected to each of the VPN devices connects to the server by notifying a connection ID and a connection password when connecting to the server, the management terminal notifies the server of the ID and password and receives the issuance. 2. The network setting method according to claim 1, wherein the request for the addition, change, and deletion is made when the authentication is OK after inputting the ID and the password. 3. The network setting according to claim 1, wherein the connection ID and the connection password, the ID and the password, and information on addition, change, and deletion of the VPN device are input from a screen and notified to the server. Method.

Images