KR101789241B1 - Method, system and computer-readable recording medium for processing dump packets in virtual private network - Google Patents

Method, system and computer-readable recording medium for processing dump packets in virtual private network Download PDF

Info

Publication number
KR101789241B1
KR101789241B1 KR1020150187497A KR20150187497A KR101789241B1 KR 101789241 B1 KR101789241 B1 KR 101789241B1 KR 1020150187497 A KR1020150187497 A KR 1020150187497A KR 20150187497 A KR20150187497 A KR 20150187497A KR 101789241 B1 KR101789241 B1 KR 101789241B1
Authority
KR
South Korea
Prior art keywords
packet
dump
packet dump
information
encryption policy
Prior art date
Application number
KR1020150187497A
Other languages
Korean (ko)
Other versions
KR20170077535A (en
Inventor
김용술
Original Assignee
주식회사 시큐아이
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 시큐아이 filed Critical 주식회사 시큐아이
Priority to KR1020150187497A priority Critical patent/KR101789241B1/en
Publication of KR20170077535A publication Critical patent/KR20170077535A/en
Application granted granted Critical
Publication of KR101789241B1 publication Critical patent/KR101789241B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a packet dump processing method, system, and computer readable recording medium in a VPN.
The present invention relates to a packet dump processing method in a VPN, comprising the steps of obtaining tunnel policy information for tunneling for packet filtering and packet dumping with reference to a packet dump option corresponding to the encryption policy information can do.

Description

METHOD, SYSTEM AND COMPUTER READABLE RECORDING MEDIUM FOR PROCESSING DUMP PACKETS IN VIRTUAL PRIVATE NETWORK BACKGROUND OF THE INVENTION [0001]

The present invention relates to a packet dump processing method, system, and computer readable recording medium in a VPN.

Figure 1 illustrates an exemplary VPN in which virtual private network (VPN) devices form a communication tunnel. Here, VPN is a network service that enables secure communication such as a private network through a public switched network such as the Internet, which is opened between remote networks. In other words, a virtual private network can be constructed to secure the stability in the public switched line without establishing a separate dedicated network by setting a logical line regardless of the configuration of the physical network through the VPN.

VPN devices form a communication tunnel between VPN devices through tunneling where tunneling is a virtual connection that can securely transmit information without being affected by the outside, And is a technology that is safely protected from other users and external users. To implement this tunneling, the two VPN devices negotiate the security policy required for the VPN service, and perform encrypted communication based on the negotiation result.

As shown in FIG. 1, in a general VPN configuration, a VPN device can be divided into a center VPN device and a branch VPN device according to its role. Here, the center VPN device is mainly located in the main office, and the branch office VPN device can be located in a remote office, a client company, a partner company, or the like. On the other hand, although FIG. 1 shows one center VPN apparatus and three branch office VPN apparatuses, this is an exemplary one, and more or fewer VPN apparatuses may be used.

Conventionally, the VPN user must be aware of the VPN tunnel encryption policy to be filtered, and there is an inconvenience in that the VPN user must directly visually confirm the SA information and apply the option. However, the present invention solves all of the above problems .

That is, the present invention aims at automatically generating a VPN packet dump so that a network user can easily use a packet dump even if he or she does not know how to generate an encryption policy or packet dump.

In order to accomplish the above object, a representative structure of the present invention is as follows.

According to an embodiment of the present invention, there is provided a method of processing a packet dump in a VPN, the method comprising: acquiring tunneling encryption policy information for packet filtering; and referring to the packet dumping option corresponding to the encryption policy information And packet dumping.

In addition, when performing a packet dump corresponding to a packet before being encrypted, at least one of i) a source IP address and a destination IP address of the packet, ii) a source port and a destination port, and iii) Can be added as an option.

In addition, when a packet dump corresponding to an encrypted packet is performed, a value of a Security Parameters Index (SPI) of the encryption policy may be added as the packet dump option.

According to another embodiment of the present invention, a packet dump processing system in a VPN includes a packet receiving unit for receiving a packet through a network and encryption policy information for a packet to be received, The packet dump option corresponding to the encryption policy information for the packet dump may be added to the packet dump.

In addition, the packet dump generation unit may include: i) a source IP address and a destination IP address of a packet, ii) a source port and a destination port, and iii) at least one of information corresponding to a protocol One of which may be added as the packet dump option.

In addition, the packet dump generator may add a Security Parameters Index (SPI) value of the encryption policy as the packet dump option when performing a packet dump corresponding to the encrypted packet.

The packet dump generation unit may further include a storage unit for storing information on a packet dump option corresponding to the encryption policy information, wherein the packet dump generation unit acquires, from the storage unit, a packet corresponding to the encryption policy information You can obtain information about the dump option.

In addition to this, another method for implementing the present invention, another system, and a computer-readable recording medium for recording a computer program for executing the method are further provided.

According to the present invention, a packet dump is automatically generated by a packet dump processing system in a VPN, so that a network dummy user can easily use a packet dump even if he or she does not know an encryption policy or a packet dump generation method.

Figure 1 illustrates an exemplary VPN in which VPN devices form a communication tunnel.
2 is a block diagram showing an internal configuration of a packet dump processing system in a VPN.
3 is a diagram for illustrating an exemplary packet dump generated according to an embodiment of the present invention.
4 is a diagram illustrating a main process performed in a packet dump processing system according to an embodiment of the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with an embodiment. It is also to be understood that the position or arrangement of the individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which such claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention.

The present invention provides a packet dump processing method and a system therefor when transmitting and receiving data packets using a virtual private network (VPN).

First, a VPN is a network service that enables secure communication such as a private network through an Internet communication network that is opened between remote networks. IP security (hereinafter referred to as IPsec) VPN encrypts and transmits a data packet in a transmitting terminal to protect data in a public Internet communication network, and a receiving terminal decrypts and transmits the encrypted packet.

At this time, the encryption method can be performed through key exchange, and a set of key exchange information between two points is called a security association (SA). An SA is a set of elements that must be unified prior to exchanging data, such as an encryption algorithm, a key exchange method, a key exchange cycle, and a key exchange policy, when exchanging secret data (authentication, encryption data) between a data transmitter and a receiver.

On the other hand, the encryption policy is a policy on which packets to encrypt. The encryption policy is a combination of IP address, port, protocol information, service, time, etc., and when the packet conforming to the tunnel policy is received, the encryption policy is transmitted. SA has Security Parameters Index (SPI) value for identifying SAs between VPN devices and distinguishes Encapsulation Security Payload (ESP) packets that come into my equipment using SA information and SPI And decodes it.

Next, a packet dump is a tool that allows a user to check a packet input or output to the network interface card, for example, Linux tcpdump, windows wireshark, and the like. Packet dumps are used to monitor the current status, logging, and analyze faults.

The packet dump processing system in the VPN according to the present invention may be configured to be included in the VPN device, but is not limited thereto and may be located outside the VPN device.

Hereinafter, a configuration of a packet dump processing system in a VPN according to the present invention and functions of respective configurations will be described with reference to FIG.

2 is a block diagram illustrating an internal configuration of a packet dump processing system in a VPN according to an embodiment of the present invention.

2, a packet dump processing system 200 in a VPN according to an exemplary embodiment of the present invention includes a packet receiving unit 210, a packet dump generating unit 220, a storage unit 230, a communication unit 240 And a control unit 250. [0033]

The packet dump generation unit 220, the storage unit 230, the communication unit 240, and the control unit 250 may be configured such that at least a part of the packet reception unit 210, the packet dump generation unit 220, the packet dump generation unit 220, Or the like. Such a program module may be included in the packet dump processing system 200 in the VPN in the form of an operating system, an application program module or other program module, and may be physically stored in various well-known storage devices. Such a program module may also be stored in a remote storage device capable of communicating with the packet dump processing system 200 in the VPN. Such program modules, on the other hand, encompass but are not limited to routines, subroutines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types as described below in accordance with the present invention.

First, the packet receiver 210 according to an exemplary embodiment of the present invention may perform a function of receiving a packet before being encrypted or a packet in an encrypted state.

The packet before the encryption is to be transmitted from the internal network to the external network via the VPN device, and may be an original packet which is not encrypted. The encrypted packet is transmitted from the external network to the internal network Lt; RTI ID = 0.0 > ciphered < / RTI >

Next, the packet dump generation unit 220 can perform a function of a dump process on a packet before being encrypted or a packet in an encrypted state to be received by the packet reception unit 210.

For this purpose, the packet dump generator 220 may extract encryption policy information for packet dumping from the information on the VPN tunnel for packet filtering.

Specifically, the packet dump generator 220 may extract SA identifier information for the VPN tunnel. The packet dump generator 220 determines whether the packet to be received by the packet receiver 210 is a packet before being encrypted or a packet in an encrypted state. If the packet dump generator 220 determines that the packet is in an unencrypted state, It is possible to extract information corresponding to the source IP address and the destination IP address to be transmitted.

On the other hand, in the case of a packet in the encrypted state, the packet dump generation unit 220 can extract the SPI value corresponding thereto from the SA information. The encryption policy information thus extracted can be used in the future packet dump generation.

Hereinafter, the packet dump procedure by the packet dump generation unit will be described in detail with reference to FIG.

3 is a diagram for illustrating an exemplary packet dump generated according to an embodiment of the present invention.

Figure 3 illustrates the basic structure of a packet dump, wherein the packet dump is configured with a combination of tools 310 to perform a predetermined packet dump, SA identifier information 320, and information 330 to add a packet dump option .

The packet dump generation unit 220 dumps a packet using a tool (for example, tcpdump) that executes a predetermined packet dump and transmits information corresponding to the encryption policy information to a tool for executing the predetermined packet dump You can create a packet dump by adding it.

Specifically, the packet dump generation unit 220 may further add the SA identifier information 320 or the predetermined packet dump addition option information 330 with reference to the extracted encryption policy information.

At this time, the predetermined packet dump addition option information 330 includes information on the source IP address and the destination IP address, information on the source port and destination port, protocol information, and information on the SPI value among the SA encryption policies Or at least one of them.

Hereinafter, "tcpdump" is used as a tool for executing the packet dump in the packet dump generation unit 220, and information about the encryption policy "SRC IP 100.100.100.0/24 -> DST IP 200.200.200.0/24" And the SPI value corresponding to the encryption policy is "0x00000001 ".

As described above, the packet dump generator 220 extracts SA information from a packet from VPN tunnel information for filtering, and obtains information necessary for a packet dump with reference to the extracted information.

When the packet to be received by the packet receiving unit 210 is a packet before being encrypted, information on a source IP address and a destination IP address (e.g., SRC IP 100.100.100.0/24, DST IP 200.200.200.0 24) can be obtained. In addition to the source IP address and the destination IP address, information on the source port and destination port and protocol may be obtained.

Thereafter, the packet dump generation unit 220 can generate a packet dump by adding "SRC IP 100.100.100.0/24, DST IP 200.200.200.0/24" as a packet dump addition option to the packet dump execution tool "tcpdump" A packet dump such as "tcpdump -nnp -i eth1 dst net 200.200.200.0/24 and src net 100.100.100.0/24" may be generated by the packet dump generation unit 220. [

On the other hand, when the packet dump generator 220 desires to perform a packet dump for a packet in an encrypted state, the packet dump generator 220 may obtain information on the SPI value (e.g., 0x00000001) from the SA information of the packet from the SA information. In particular, information on the SPI value can be obtained from the storage unit 230, which will be described later.

The packet dump generator 220 can generate a packet dump by adding "0x00000001" as a packet dump addition option to the packet dump execution tool "tcpdump", so that "tcpdump -nnp -i eth2 'ip [20 : 4] = 0x00000001 '"can be generated by the packet dump generation unit 220.

As described above, only one of the source IP address and the destination IP address or the SPI information may be added as the packet dump addition option. However, the present invention is not limited to this, and information about the source IP address and the destination IP address, It is also possible to add all of the SPI information.

In this case, a packet dump such as "tcpdump -nnp -i ethX 'ip [20: 4] = 0x00000001' or" dst net 200.200.200.0/24 and src net 100.100.100.0/24 ' ). ≪ / RTI >

In the storage unit 230 according to an embodiment of the present invention, SA information for each tunnel of the VPN overall system, information about each encryption policy, information for associating each encryption information with each SA information of the SPI information, Etc. may be stored. That is, the packet dump option information corresponding to predetermined SA information may be matched and stored in the storage unit 230.

The packet dump generation unit 220 accesses the storage unit 230 with reference to the SA information about a predetermined VPN tunnel for packet filtering (for example, tunnel X), and stores the SA information from the storage unit 230 The corresponding packet dump option can be acquired and added to the packet dump.

Although the storage 230 in FIG. 2 is shown as being included and configured in the packet dump processing system 200 in the VPN, according to the needs of those skilled in the art implementing the present invention, And may be configured separately from the packet dump processing system 200.

Meanwhile, the storage unit 230 in the present invention is a concept including a computer-readable recording medium, and may be not only a storage unit for negotiation but also a light storage unit including data recording based on a file system, Even if a set of logs can be retrieved to extract data, the storage unit 230 of the present invention can be used.

The communication unit 240 according to an exemplary embodiment of the present invention can perform a function of transmitting and receiving data to / from the packet receiving unit 210, the packet dump generating unit 220, and the storage unit 230 have.

The control unit 250 controls the flow of data between the packet receiving unit 210, the packet dump generating unit 220, the storage unit 230, and the communication unit 240. [ can do. That is, the control unit 250 according to the present invention controls the flow of data from / to the outside of the packet dump processing system 200 in the VPN or the data flow between the respective elements of the packet dump processing system 200 in the VPN The packet receiving unit 210, the packet dump generating unit 220, the storage unit 230, and the communication unit 240, respectively.

4 is a diagram illustrating a main process performed in a packet dump processing system in a VPN according to an exemplary embodiment of the present invention.

In step S410, the packet dump generation unit 220 may obtain SA information from information on the VPN tunnel for packet filtering.

In step S420, the packet dump generation unit 220 may access the storage unit 230 to obtain information on a packet dump option to be added to the packet dump with reference to the acquired SA information. Packet dump option information corresponding to each SA information may be matched and stored in the storage unit 230.

When the packet dump generation unit 220 obtains information on the packet dump option, the packet dump generation unit 220 may add a packet dump option acquired to the packet dump execution tool in step S430 to generate a packet dump .

According to the present invention, since a packet dump is automatically generated, a network user (particularly, a manager) can easily use a packet dump even if he or she does not know how to generate an encryption policy or packet dump.

The embodiments of the present invention described above can be implemented in the form of program instructions that can be executed through various computer components and recorded on a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination. The program instructions recorded on the computer-readable recording medium may be those specially designed and constructed for the present invention or may be those known and used by those skilled in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.

Therefore, the spirit of the present invention should not be construed as being limited to the above-described embodiments, and all of the equivalents or equivalents of the claims, as well as the following claims, I will say.

200: Packet dump processing system in VPN
210:
220: Packet dump generation unit
230:
240:
250:

Claims (8)

A packet dump processing method in a VPN performed by a packet dump processing system,
The packet dump processing system obtaining encryption policy information of a tunnel for packet filtering;
The packet dump processing system comprising: adding a packet dump option corresponding to the encryption policy information to a packet dump execution tool to generate a packet dump structure; And
And performing a packet dump using the packet dump structure,
Wherein the step of acquiring the encryption policy information comprises:
Extracting pre-stored encryption policy information corresponding to the requested VPN tunnel information; And
Extracting a previously stored packet dump option corresponding to the extracted encryption policy information,
Wherein the packet dump structure comprises:
The packet dump execution tool, the encryption policy identifier information corresponding to the extracted encryption policy information, and the extracted packet dump option,
When performing a packet dump corresponding to a packet before being encrypted, at least one of i) a source IP address and a destination IP address of the packet, ii) a source port and a destination port, and iii) Lt; / RTI >
Wherein a value of a Security Parameters Index (SPI) of the encryption policy is added as the packet dump option when performing a packet dump corresponding to an encrypted packet. delete delete In a packet dump processing system in a VPN,
A packet receiving unit for receiving a packet through a network; And
A packet dump structure is generated by adding a packet dump option corresponding to the encryption policy information for the packet to be received to the packet dump execution tool to generate a packet dump structure, A packet dump generation unit for executing a packet dump; And
And a storage unit for storing information on a packet dump option corresponding to the encryption policy information,
Wherein the packet dump generation unit comprises:
Extracting the encryption policy information pre-stored in the storage unit corresponding to the requested VPN tunnel information, extracting the packet dump options previously stored in the storage unit corresponding to the extracted encryption policy information, Generating the packet dump structure including the extracted encryption policy identifier information corresponding to the extracted encryption policy information and the extracted packet dump option,
The packet dump generation unit may generate at least one of a source IP address, a destination IP address, a source port and a destination port of the packet and information corresponding to the protocol when the packet dump corresponding to the packet before being encrypted is performed as the packet dump option Add,
Wherein the packet dump generator adds a Security Parameters Index (SPI) value of the encryption policy as the packet dump option when performing a packet dump corresponding to an encrypted packet. delete delete delete A computer-readable recording medium recording a computer program for executing the method according to claim 1.
KR1020150187497A 2015-12-28 2015-12-28 Method, system and computer-readable recording medium for processing dump packets in virtual private network KR101789241B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150187497A KR101789241B1 (en) 2015-12-28 2015-12-28 Method, system and computer-readable recording medium for processing dump packets in virtual private network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150187497A KR101789241B1 (en) 2015-12-28 2015-12-28 Method, system and computer-readable recording medium for processing dump packets in virtual private network

Publications (2)

Publication Number Publication Date
KR20170077535A KR20170077535A (en) 2017-07-06
KR101789241B1 true KR101789241B1 (en) 2017-10-23

Family

ID=59354134

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150187497A KR101789241B1 (en) 2015-12-28 2015-12-28 Method, system and computer-readable recording medium for processing dump packets in virtual private network

Country Status (1)

Country Link
KR (1) KR101789241B1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101156008B1 (en) * 2010-12-24 2012-06-18 한국인터넷진흥원 System and method for botnet detection based on signature using network traffic analysis
US20140082719A1 (en) * 2012-09-19 2014-03-20 Business Security Ol Ab Method and device for network communication management

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101156008B1 (en) * 2010-12-24 2012-06-18 한국인터넷진흥원 System and method for botnet detection based on signature using network traffic analysis
US20140082719A1 (en) * 2012-09-19 2014-03-20 Business Security Ol Ab Method and device for network communication management

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Shrew Soft, "VPN Trace", Shrew Soft VPN Client Administrators Guide, https://www.shrew.net/static/help2.1.x/vpnhelp.htm?VPNTrace.html, 2010.

Also Published As

Publication number Publication date
KR20170077535A (en) 2017-07-06

Similar Documents

Publication Publication Date Title
CN105591926B (en) A kind of flow rate protecting method and device
US7853783B2 (en) Method and apparatus for secure communication between user equipment and private network
US8713305B2 (en) Packet transmission method, apparatus, and network system
US10992652B2 (en) Methods, systems, and computer readable media for monitoring encrypted network traffic flows
CN109150688B (en) IPSec VPN data transmission method and device
KR101680955B1 (en) Multi-tunnel virtual private network
CN106209838B (en) IP access method and device of SSL VPN
US10484279B2 (en) Executing multiple virtual private network (VPN) endpoints associated with an endpoint pool address
US9210128B2 (en) Filtering of applications for access to an enterprise network
CN105812322B (en) The method for building up and device of internet safety protocol safe alliance
CN106169952A (en) Authentication method that a kind of internet IKMP is heavily consulted and device
JP2005117246A (en) Packet-discriminating apparatus
US9473466B2 (en) System and method for internet protocol security processing
US9350712B2 (en) Packet analysis apparatus and method and virtual private network server
US20230066604A1 (en) Performance improvement for encrypted traffic over ipsec
JP2007036834A (en) Encryption apparatus, program, recording medium, and method
KR101214613B1 (en) Security method and security system based on proxy for identifying connector credibly
CN105743868A (en) Data acquisition system supporting encrypted and non-encrypted protocols and method
KR101789241B1 (en) Method, system and computer-readable recording medium for processing dump packets in virtual private network
KR101329968B1 (en) Method and system for determining security policy among ipsec vpn devices
CN115225414A (en) Encryption strategy matching method and device based on IPSEC (Internet protocol Security), and communication system
EP2878102B1 (en) Secure data transfer
JP2023531034A (en) Service transmission method, device, network equipment and storage medium
JP2008199420A (en) Gateway device and authentication processing method
US8892884B2 (en) Managing IPsec security associations using discrete domains

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)
GRNT Written decision to grant