CN102571817B

CN102571817B - Method and device for accessing application server

Info

Publication number: CN102571817B
Application number: CN201210034128.0A
Authority: CN
Inventors: 王春宁; 史建鑫; 李月
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2012-02-15
Filing date: 2012-02-15
Publication date: 2014-12-10
Anticipated expiration: 2032-02-15
Also published as: CN102571817A

Abstract

An embodiment of the present invention provides a method for accessing an application server, including: the VPN server receives a first login request sent by the first gateway, the first login request includes the first gateway identifier; the VPN server generates an online gateway according to the first login request Information, the online gateway information includes the first gateway’s identification; the VPN server sends the online gateway information to the client; the VPN server receives the second login request sent by the client to log in to the first gateway, and the second login request includes the first gateway’s identification The VPN server forwards the second login request to the first gateway, so that the first gateway responds to the second login request; the VPN server transmits the first flow of the client accessing the application server through the first gateway, and the application server is located in the VPN. In addition, other methods and devices are also provided. Through the technical solution provided by the embodiment of the present invention, the VPN gateway does not need to occupy the public network IP address.

Description

Method and device for accessing application server

技术领域 technical field

本发明实施例涉及通信技术，尤其涉及访问应用服务器的方法及装置。Embodiments of the present invention relate to communication technologies, and in particular to methods and devices for accessing application servers.

背景技术 Background technique

虚拟专用网(Virtual Private Network，VPN)的架设比较灵活，极大地丰富了因特网用户能够访问的网络资源。具体实现时，位于公网的客户端可以通过虚拟专用网网关访问虚拟专用网中的应用服务器(Application Server，AS)。应用服务器可以是网页服务器、文件服务器、视频服务器、因特网协议电视(Internet Protocol Television，IPTV)服务器等。The establishment of a virtual private network (Virtual Private Network, VPN) is relatively flexible, which greatly enriches the network resources that Internet users can access. During specific implementation, a client located on the public network can access an application server (Application Server, AS) in a virtual private network through a virtual private network gateway. The application server may be a webpage server, a file server, a video server, an Internet Protocol Television (Internet Protocol Television, IPTV) server, and the like.

发明人发现现有技术存在如下问题：The inventor finds that the prior art has the following problems:

登录虚拟专用网网关是能够访问公网的客户端访问虚拟专用网的前提。这意味着虚拟专用网网关需要占用公网因特网协议(Internet Protocol，IP)地址。Logging in to the VPN gateway is a prerequisite for clients that can access the public network to access the VPN. This means that the virtual private network gateway needs to occupy a public Internet Protocol (Internet Protocol, IP) address.

发明内容 Contents of the invention

本发明实施例提供访问应用服务器的方法即装置，可以解决虚拟专用网网关占用公网IP地址的技术问题。The embodiment of the present invention provides a method, that is, a device for accessing an application server, which can solve the technical problem that a virtual private network gateway occupies a public network IP address.

一方面，本发明实施例提供的一种访问应用服务器的方法，包括：On the one hand, a method for accessing an application server provided by an embodiment of the present invention includes:

位于公网的虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求，所述第一登录请求包含所述第一网关的标识；The virtual private network server located in the public network receives the first login request sent by the first gateway located in the virtual private network, and the first login request includes the identification of the first gateway;

所述虚拟专用网服务器根据所述第一登录请求生成在线网关信息，所述在线网关信息包含所述第一网关的标识；The virtual private network server generates online gateway information according to the first login request, and the online gateway information includes an identifier of the first gateway;

所述虚拟专用网服务器向客户端发送所述在线网关信息；The virtual private network server sends the online gateway information to the client;

所述虚拟专用网服务器接收所述客户端发送的请求登录所述第一网关的第二登录请求，所述第二登录请求包含所述第一网关的标识；The virtual private network server receives a second login request sent by the client requesting to log in to the first gateway, and the second login request includes an identifier of the first gateway;

所述虚拟专用网服务器向所述第一网关转发所述第二登录请求，以便于所述第一网关对所述第二登录请求进行响应；The virtual private network server forwards the second login request to the first gateway, so that the first gateway responds to the second login request;

所述虚拟专用网服务器传输所述客户端通过所述第一网关访问所述应用服务器的第一流量，所述应用服务器位于所述虚拟专用网。The virtual private network server transmits first traffic for the client to access the application server through the first gateway, and the application server is located in the virtual private network.

另一方面，本发明实施例提供的另一种访问应用服务器的方法，包括：On the other hand, another method for accessing an application server provided by an embodiment of the present invention includes:

位于虚拟专用网的第一网关向位于公网的虚拟专用网服务器发送包含所述第一网关的标识的第一登录请求，以便于所述虚拟专用网服务器生成用于被客户端接收的包含所述第一网关的标识的在线网关信息；The first gateway located in the virtual private network sends a first login request including the identifier of the first gateway to the virtual private network server located in the public network, so that the virtual private network server generates a request for being received by the client and includes the The online gateway information of the identification of the first gateway;

所述第一网关接收所述虚拟专用网服务器转发的所述客户端发送的请求登录所述第一网关的第二登录请求，所述第二登录请求包含所述第一网关的标识；The first gateway receives a second login request sent by the client and forwarded by the virtual private network server requesting to log in to the first gateway, and the second login request includes an identifier of the first gateway;

所述第一网关对所述第二登录请求进行响应；The first gateway responds to the second login request;

所述第一网关传输所述客户端通过所述第一网关访问所述应用服务器的第一流量，所述应用服务器位于所述第一网关对应的虚拟专用网。The first gateway transmits first traffic for the client to access the application server through the first gateway, and the application server is located in a virtual private network corresponding to the first gateway.

客户端接收位于公网的虚拟专用网服务器发送的在线网关信息，所述在线网关信息通过如下途径得到：所述虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求，所述第一登录请求包含所述第一网关的标识；所述虚拟专用网服务器根据所述第一登录请求生成在线网关信息，所述在线网关信息包含所述第一网关的标识；The client receives the online gateway information sent by the virtual private network server located in the public network, and the online gateway information is obtained through the following approach: the virtual private network server receives the first login request sent by the first gateway located in the virtual private network, so The first login request includes the identifier of the first gateway; the virtual private network server generates online gateway information according to the first login request, and the online gateway information includes the identifier of the first gateway;

所述客户端向所述虚拟专用网服务器发送请求登录所述第一网关的第二登录请求，所述第二登录请求包含所述第一网关的标识，以便于所述虚拟专用网服务器向所述第一网关转发所述第二登录请求，所述第二登录请求用于使所述第一网关对所述第二登录请求进行响应；The client sends a second login request requesting to log in to the first gateway to the virtual private network server, and the second login request includes the identifier of the first gateway, so that the virtual private network server can send a request to the first gateway. The first gateway forwards the second login request, and the second login request is used to make the first gateway respond to the second login request;

所述客户端通过所述第一网关访问所述应用服务器，所述应用服务器位于所述虚拟专用网。The client accesses the application server through the first gateway, and the application server is located in the virtual private network.

另一方面，本发明实施例提供的一种访问应用服务器的装置，包括：On the other hand, a device for accessing an application server provided by an embodiment of the present invention includes:

第一接收单元，用于接收位于虚拟专用网的第一网关发送的第一登录请求，所述第一登录请求包含所述第一网关的标识；The first receiving unit is configured to receive a first login request sent by a first gateway located in a virtual private network, where the first login request includes an identifier of the first gateway;

网关信息生成单元，用于根据所述第一登录请求生成在线网关信息，所述在线网关信息包含所述第一网关的标识；a gateway information generating unit, configured to generate online gateway information according to the first login request, where the online gateway information includes the identifier of the first gateway;

发送单元，用于向客户端发送所述在线网关信息；a sending unit, configured to send the online gateway information to the client;

第二接收单元，用于接收所述客户端发送的请求登录所述第一网关的第二登录请求，所述第二登录请求包含所述第一网关的标识；The second receiving unit is configured to receive a second login request sent by the client requesting to log in to the first gateway, where the second login request includes an identifier of the first gateway;

转发单元，用于向所述第一网关转发所述第二登录请求，以便于所述第一网关对所述第二登录请求进行响应；a forwarding unit, configured to forward the second login request to the first gateway, so that the first gateway responds to the second login request;

传输单元，用于传输所述客户端通过所述第一网关访问所述应用服务器的第一流量，所述应用服务器位于所述虚拟专用网。A transmission unit, configured to transmit the first traffic for the client to access the application server through the first gateway, where the application server is located in the virtual private network.

另一方面，本发明实施例提供的另一种访问应用服务器的装置，包括：On the other hand, another device for accessing an application server provided by an embodiment of the present invention includes:

发送单元，用于向位于公网的虚拟专用网服务器发送包含位于虚拟专用网的第一网关的标识的第一登录请求，以便于所述虚拟专用网服务器生成用于被客户端接收的包含所述第一网关的标识的在线网关信息；The sending unit is configured to send a first login request including the identification of the first gateway located in the virtual private network to the virtual private network server located in the public network, so that the virtual private network server generates a request for being received by the client and includes the The online gateway information of the identification of the first gateway;

接收单元，用于接收所述虚拟专用网服务器转发的所述客户端发送的请求登录所述第一网关的第二登录请求，所述第二登录请求包含所述第一网关的标识；a receiving unit, configured to receive a second login request sent by the client and forwarded by the virtual private network server, requesting to log in to the first gateway, the second login request including the identifier of the first gateway;

响应单元，用于对所述第二登录请求进行响应；a response unit, configured to respond to the second login request;

传输单元，用于传输所述客户端通过所述第一网关访问所述应用服务器的第一流量，所述应用服务器位于所述第一网关对应的虚拟专用网。A transmission unit, configured to transmit the first traffic for the client to access the application server through the first gateway, and the application server is located in a virtual private network corresponding to the first gateway.

接收单元，用于接收位于公网的虚拟专用网服务器发送的在线网关信息，所述在线网关信息通过如下途径得到：所述虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求，所述第一登录请求包含所述第一网关的标识；所述虚拟专用网服务器根据所述第一登录请求生成在线网关信息，所述在线网关信息包含所述第一网关的标识；The receiving unit is configured to receive the online gateway information sent by the virtual private network server located in the public network, and the online gateway information is obtained through the following way: the virtual private network server receives the first login sent by the first gateway located in the virtual private network request, the first login request includes the identifier of the first gateway; the virtual private network server generates online gateway information according to the first login request, and the online gateway information includes the identifier of the first gateway;

发送单元，用于向所述虚拟专用网服务器发送请求登录所述第一网关的第二登录请求，所述第二登录请求包含所述第一网关的标识，以便于所述虚拟专用网服务器向所述第一网关转发所述第二登录请求，所述第二登录请求用于使所述第一网关对所述第二登录请求进行响应；A sending unit, configured to send a second login request requesting to log in to the first gateway to the virtual private network server, where the second login request includes the identifier of the first gateway, so that the virtual private network server can send The first gateway forwards the second login request, and the second login request is used to make the first gateway respond to the second login request;

访问单元，用于通过所述第一网关访问所述应用服务器，所述应用服务器位于所述虚拟专用网。An access unit, configured to access the application server through the first gateway, where the application server is located in the virtual private network.

可见，本发明实施例提供的技术方案中，虚拟专用网服务器位于公网，具有公网IP地址，客户端能够根据虚拟专用网服务器的公网IP地址访问虚拟专用网服务器。客户端能够通过虚拟专用网服务器访问已登录虚拟专用网服务器的虚拟专用网网关所对应的虚拟专用网。因此，通过本发明实施例提供的技术方案，能够解决现有技术中虚拟专用网网关需要占用公网IP地址的技术问题。It can be seen that in the technical solution provided by the embodiment of the present invention, the VPN server is located in the public network and has a public IP address, and the client can access the VPN server according to the public IP address of the VPN server. The client can access the virtual private network corresponding to the virtual private network gateway that has logged into the virtual private network server through the virtual private network server. Therefore, the technical solution provided by the embodiment of the present invention can solve the technical problem in the prior art that the virtual private network gateway needs to occupy the public network IP address.

附图说明 Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍，显而易见地，下面描述中的附图是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1是本发明实施例提供的技术方案应用于某一场景的组网结构图；FIG. 1 is a network structure diagram in which the technical solution provided by the embodiment of the present invention is applied to a certain scene;

图2是本发明实施例提供的一种访问应用服务器的方法的流程图；FIG. 2 is a flowchart of a method for accessing an application server provided by an embodiment of the present invention;

图3是本发明实施例提供的另一种访问应用服务器的方法的流程图；FIG. 3 is a flow chart of another method for accessing an application server provided by an embodiment of the present invention;

图4是本发明实施例提供的另一种访问应用服务器的方法的流程图；FIG. 4 is a flow chart of another method for accessing an application server provided by an embodiment of the present invention;

图5是本发明实施例提供的一种访问应用服务器的装置的结构示意图；Fig. 5 is a schematic structural diagram of a device for accessing an application server provided by an embodiment of the present invention;

图6是本发明实施例提供的另一种访问应用服务器的装置的结构示意图；FIG. 6 is a schematic structural diagram of another device for accessing an application server provided by an embodiment of the present invention;

图7是本发明实施例提供的另一种访问应用服务器的装置的结构示意图。Fig. 7 is a schematic structural diagram of another device for accessing an application server provided by an embodiment of the present invention.

具体实施方式 Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚，下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

本发明实施例提供了一种访问应用服务器的方法、装置以及系统，可以解决虚拟专用网网关占用公网IP地址的技术问题。图1为本发明实施例提供的技术方案应用于某一场景的组网结构图。The embodiment of the present invention provides a method, device and system for accessing an application server, which can solve the technical problem that a virtual private network gateway occupies a public network IP address. FIG. 1 is a network structure diagram in which a technical solution provided by an embodiment of the present invention is applied to a certain scene.

图1的组网结构图包括四台网络设备，分别是客户端、虚拟专用网服务器、网关以及应用服务器。The network structure diagram in Fig. 1 includes four network devices, namely a client, a virtual private network server, a gateway and an application server.

客户端能够通过因特网访问虚拟专用网服务器。虚拟专用网服务器能够通过因特网访问网关。网关为虚拟专用网的网关。网关位于虚拟专用网以及因特网的边缘。应用服务器位于虚拟专用网，应用服务器能够通过网关与因特网交互。Clients can access the VPN server through the Internet. The VPN server can access the gateway through the Internet. The gateway is a gateway of the virtual private network. Gateways are located at the edge of VPNs and the Internet. The application server is located in the virtual private network, and the application server can interact with the Internet through the gateway.

实施例一：Embodiment one:

本发明实施例提供了一种访问应用服务器的方法，可以用于图1所示的组网结构中，参见图2，图2是本发明实施例提供的访问应用服务器的方法的流程图，该方法包括：An embodiment of the present invention provides a method for accessing an application server, which can be used in the networking structure shown in FIG. 1 , see FIG. 2 , and FIG. 2 is a flow chart of a method for accessing an application server provided by an embodiment of the present invention. Methods include:

201、位于公网的虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求，该第一登录请求包含该第一网关的标识。201. A virtual private network server located on a public network receives a first login request sent by a first gateway located in the virtual private network, where the first login request includes an identifier of the first gateway.

该第一网关的标识可以是第一网关的序列号，虚拟专用网服务器为该第一网关分配的名字。The identifier of the first gateway may be a serial number of the first gateway, and a name assigned to the first gateway by the virtual private network server.

虚拟专用网服务器位于公网，该虚拟专用网服务器具有至少一个公网IP地址。具体实现时，该虚拟专用网服务器对应的公网IP地址可以通过手工配置获得。另外，还可以为虚拟专用网服务器配置域名，并且在域名服务器注册该虚拟专用网服务器。The virtual private network server is located in the public network, and the virtual private network server has at least one public network IP address. During specific implementation, the public network IP address corresponding to the virtual private network server can be obtained through manual configuration. In addition, a domain name can also be configured for the virtual private network server, and the virtual private network server can be registered with the domain name server.

具体实现时，客户端与公网连接，客户端能够向位于公网的网络设备发送登录该网络设备的请求。客户端可以是个人电脑、手机或者个人数字助理。During specific implementation, the client is connected to the public network, and the client can send a request to log in to the network device located on the public network. Clients can be personal computers, mobile phones, or personal digital assistants.

第一网关登陆该虚拟专用网服务器具体实现时，可以是：When the first gateway logs in to the virtual private network server for specific implementation, it can be:

第一网关通过安全套接层(Secure Socket Layer，SSL)协议建立第一网关与服务器之间的SSL连接。第一网关与虚拟专用网服务器之间的SSL连接可以是一个，也可以是多个。第一网关通过SSL连接登陆该虚拟专用网服务器。The first gateway establishes an SSL connection between the first gateway and the server through a secure socket layer (Secure Socket Layer, SSL) protocol. There may be one or more SSL connections between the first gateway and the virtual private network server. The first gateway logs in the virtual private network server through the SSL connection.

可以通过如下方式建立该第一网关与该虚拟专用网服务器之间的SSL连接：The SSL connection between the first gateway and the virtual private network server can be established in the following manner:

该第一网关向该虚拟专用网服务器发送SSL连接建立请求，该服务器向该第一网关发送该SSL连接建立请求对应的响应。该虚拟专用网服务器保存该SSL连接的标识。The first gateway sends an SSL connection establishment request to the virtual private network server, and the server sends a response corresponding to the SSL connection establishment request to the first gateway. The virtual private network server stores the identity of the SSL connection.

该第一网关请求登陆该虚拟专用网服务器具体实现时，可以是第一网关通过超文本传输协议(Hyper Text Transfer Protocol，HTTP)登录该虚拟专用网服务器。When the first gateway request to log in to the virtual private network server is specifically implemented, it may be that the first gateway logs in to the virtual private network server through a hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP).

该第一网关请求登陆该虚拟专用网服务器时，该虚拟专用网服务器可以对该第一网关进行认证。When the first gateway requests to log in to the virtual private network server, the virtual private network server can authenticate the first gateway.

对该第一网关进行认证具体实现时，可以是：When the authentication of the first gateway is implemented specifically, it may be:

该虚拟专用网服务器预先保存能够登陆该虚拟专用网服务器的网关的标识。网关的标识可以是网关的序列号。预先在该虚拟专用网服务器上配置用于对请求登陆该虚拟专用网服务器的网关进行认证的认证方式。该认证方式可以是账户和密码的认证方式。The virtual private network server pre-saves the identifiers of gateways that can log in to the virtual private network server. The identification of the gateway may be the serial number of the gateway. An authentication method for authenticating a gateway requesting to log in to the virtual private network server is pre-configured on the virtual private network server. The authentication method may be an authentication method of account and password.

该虚拟专用网服务器向该客户端发送在线网关信息具体实现时，可以是：When the virtual private network server sends the online gateway information to the client for specific implementation, it may be:

客户端登陆该虚拟专用网服务器后，向该虚拟专用网服务器发送请求获取在线网关信息的请求消息。该虚拟专用网服务器收到该请求消息后向该客户端发送在线网关信息。After the client logs in to the virtual private network server, it sends a request message to the virtual private network server to obtain online gateway information. After receiving the request message, the virtual private network server sends online gateway information to the client.

客户端登陆该虚拟专用网服务器具体实现时，可以是：When the client logs in to the virtual private network server for specific implementation, it can be:

客户端通SSL协议建立与该虚拟专用网服务器的SSL连接。客户端请求登陆该虚拟专用网服务器时，该虚拟专用网服务器可以对该客户端进行认证。关于如何建立该客户端与该虚拟专用网服务器的SSL连接，请参考上文对建立该第一网关与该虚拟专用网服务器之间的SSL连接的描述。关于该虚拟专用网服务器如何对该客户端进行认证，请参考上文对该虚拟专用网服务器对该第一网关进行认证的描述。The client establishes an SSL connection with the virtual private network server through the SSL protocol. When a client requests to log in to the virtual private network server, the virtual private network server can authenticate the client. For how to establish the SSL connection between the client and the VPN server, please refer to the above description of establishing the SSL connection between the first gateway and the VPN server. For how the VPN server authenticates the client, please refer to the above description of the VPN server authenticating the first gateway.

202、该虚拟专用网服务器根据该第一登录请求生成在线网关信息，该在线网关信息包含该第一网关的标识。202. The virtual private network server generates online gateway information according to the first login request, where the online gateway information includes an identifier of the first gateway.

203、该虚拟专用网服务器向客户端发送该在线网关信息。203. The VPN server sends the online gateway information to the client.

可以通过如下方式实现该虚拟专用网服务器向客户端发送在线网关信息：The virtual private network server can send online gateway information to the client in the following ways:

方式一、客户端通过浏览器登陆该虚拟专用网服务器。客户端通过该浏览器接收在线网关信息；Method 1: The client logs in to the virtual private network server through a browser. The client receives online gateway information through the browser;

方式二、客户端通过浏览器登陆该虚拟专用网服务器。客户端通过控件获取在线网关信息。该控件可以是ActiveX。Method 2: The client logs in to the virtual private network server through a browser. The client obtains the online gateway information through the control. The control can be ActiveX.

204、该虚拟专用网服务器接收该客户端发送的请求登录该第一网关的第二登录请求，该第二登录请求包含该第一网关的标识。204. The VPN server receives a second login request sent by the client requesting to log in to the first gateway, where the second login request includes the identifier of the first gateway.

客户端发送请求登录该第一网关的第二登录请求具体实现时，可以是：When the second login request sent by the client to log in to the first gateway is specifically implemented, it may be:

客户端通过浏览器接收在线网关信息。客户端从在线网关信息中选定该第一网关，并通过浏览器向该第一网关发送第二登录请求。The client receives the online gateway information through the browser. The client selects the first gateway from online gateway information, and sends a second login request to the first gateway through the browser.

205、该虚拟专用网服务器向该第一网关转发该第二登录请求，以便于该第一网关对该第二登录请求进行响应。205. The VPN server forwards the second login request to the first gateway, so that the first gateway responds to the second login request.

206、该虚拟专用网服务器传输该客户端通过该第一网关访问该应用服务器的第一流量，该应用服务器位于该虚拟专用网。206. The virtual private network server transmits first traffic for the client to access the application server through the first gateway, where the application server is located in the virtual private network.

具体实现时，可以通过SSL连接传输客户端访问应用服务器的流量。关于如何建立SSL连接，请参见下文的描述。During specific implementation, the traffic of the client accessing the application server may be transmitted through the SSL connection. For how to establish an SSL connection, please refer to the description below.

应用服务器是位于虚拟专用网的应用服务器。应用服务器能够通过第一网关与该虚拟专用网以外的网络进行通信。应用服务器可以是视频服务器、文件服务器或者是网站服务器。The application server is an application server located in a virtual private network. The application server can communicate with the network other than the virtual private network through the first gateway. The application server can be a video server, a file server or a website server.

可见，本实施例提供的技术方案中，虚拟专用网服务器位于公网，具有公网IP地址，客户端能够根据虚拟专用网服务器的公网IP地址访问虚拟专用网服务器。客户端能够通过虚拟专用网服务器访问已登录虚拟专用网服务器的虚拟专用网网关所对应的虚拟专用网。因此，通过本实施例提供的技术方案，能够解决现有技术中虚拟专用网网关需要占用公网IP地址的技术问题。It can be seen that in the technical solution provided by this embodiment, the VPN server is located in the public network and has a public IP address, and the client can access the VPN server according to the public IP address of the VPN server. The client can access the virtual private network corresponding to the virtual private network gateway that has logged into the virtual private network server through the virtual private network server. Therefore, the technical solution provided by this embodiment can solve the technical problem in the prior art that the virtual private network gateway needs to occupy the public network IP address.

可选的，optional,

该虚拟专用网服务器传输该客户端通过该第一网关访问该应用服务器的第一流量，包括：The virtual private network server transmits the first flow that the client accesses the application server through the first gateway, including:

该虚拟专用网服务器向该应用服务器传输该客户端发送的第一访问请求，并且该虚拟专用网服务器向该客户端传输该应用服务器发送的第一访问响应，该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应，该第一流量包括该第一访问请求以及该第一访问响应；The virtual private network server transmits to the application server the first access request sent by the client, and the virtual private network server transmits to the client the first access response sent by the application server, and the first access request is used to make the The application server sends the first access response to the client, where the first flow includes the first access request and the first access response;

该虚拟专用网服务器向该应用服务器传输该客户端发送的第一访问请求，包括：The virtual private network server transmits the first access request sent by the client to the application server, including:

该虚拟专用网服务器通过第一安全套接层连接接收该客户端发送的该第一访问请求，该第一访问请求中包含该第一网关的标识，该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接；The virtual private network server receives the first access request sent by the client through the first secure socket layer connection, the first access request includes the identifier of the first gateway, and the first secure socket layer connection connects the client with the connection between the virtual private network servers;

该虚拟专用网服务器根据安全套接层协议的协议栈得到该第一安全套接层连接的标识，该虚拟专用网服务器生成第一对应关系，该第一对应关系包括该第一网关的标识、第二安全套接层连接的标识以及该第一安全套接层连接的标识，该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接；The virtual private network server obtains the identification of the first secure socket layer connection according to the protocol stack of the secure socket layer protocol, and the virtual private network server generates a first correspondence, which includes the identification of the first gateway, the second The identification of the secure socket layer connection and the identification of the first secure socket layer connection, the second secure socket layer connection is the connection between the virtual private network server and the first gateway;

该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求，生成第二访问请求；The virtual private network server adds the identification of the first secure socket layer connection to the first access request to generate a second access request;

该虚拟专用网服务器通过该第二安全套接层连接向该第一网关发送该第二访问请求，以便于该第一网关通过第一传输控制协议(Transfer Control Protocol，TCP)连接将该第二访问请求转发至该应用服务器，该第二访问请求用于使该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识，并根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系，该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识，该第一传输控制协议连接为该第一网关与该应用服务器之间的连接，该第二访问请求还用于触发该第一网关通过该第一传输控制协议连接向该应用服务器转发该第二访问请求；The virtual private network server sends the second access request to the first gateway through the second secure socket layer connection, so that the first gateway connects the second access request through the first transmission control protocol (Transfer Control Protocol, TCP) The request is forwarded to the application server, and the second access request is used to enable the first gateway to obtain the identification of the second secure socket layer connection according to the secure socket layer protocol stack, and according to the first secure socket layer in the second access request The identification of the layer connection generates a second correspondence, the second correspondence includes the identification of the first secure socket layer connection, the identification of the second secure socket layer connection and the identification of the first transmission control protocol connection, the first transport The control protocol connection is a connection between the first gateway and the application server, and the second access request is also used to trigger the first gateway to forward the second access request to the application server through the first transmission control protocol connection;

该虚拟专用网服务器向该客户端传输该应用服务器发送的第一访问响应，包括：The virtual private network server transmits to the client the first access response sent by the application server, including:

该虚拟专用网服务器接收第二访问响应，该第二访问响应通过如下途径得到：The virtual private network server receives the second access response, and the second access response is obtained through the following means:

该应用服务器通过该第一传输控制协议连接发送该第一访问响应；The application server sends the first access response through the first TCP connection;

该第一网关根据传输控制协议的协议栈得到该第一传输控制协议连接，该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系；该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识；The first gateway obtains the first transmission control protocol connection according to the protocol stack of the transmission control protocol, and the first gateway finds the second corresponding relationship according to the identifier of the first transmission control protocol connection; the first gateway obtains the second corresponding relationship according to the second The corresponding relationship obtains the identification of the first secure socket layer connection and the identification of the second secure socket layer connection;

该第一网关将该第一安全套接层连接的标识添加到该第二访问响应，生成该第一访问响应；The first gateway adds the identifier of the first secure socket layer connection to the second access response to generate the first access response;

该第一网关通过该第二安全套接层连接向该虚拟专用网服务器发送该第一访问响应；The first gateway sends the first access response to the virtual private network server through the second secure socket layer connection;

该虚拟专用网服务器根据该第一访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接，并通过该第一安全套接层连接将该第一访问响应转发至该客户端。The virtual private network server determines that the first secure socket layer connection is a connection for communication according to the identifier of the first secure socket layer connection in the first access response, and uses the first secure socket layer connection to connect the first The access response is forwarded to the client.

可以通过对应表中的表项记录第一对应关系和第二对应关系。也可以通过文件记录第一对应关系和第二对应关系。The first correspondence and the second correspondence may be recorded through entries in the correspondence table. The first correspondence and the second correspondence may also be recorded in a file.

第一网关根据第一传输控制协议连接的标识查找到第二对应关系。具体实现时，可以是第一网关在对应表中查找包含第一传输控制协议连接的标识的表项，并根据包含第一传输控制协议连接的标识的表项得到第一安全套接层连接的标识以及第二安全套接层连接的标识。The first gateway finds the second corresponding relationship according to the identifier of the first TCP connection. During specific implementation, it may be that the first gateway searches the corresponding table for an entry containing the identifier of the first transmission control protocol connection, and obtains the identifier of the first secure socket layer connection according to the entry containing the identifier of the first transmission control protocol connection and the ID of the second Secure Sockets Layer connection.

可选的，optional,

该第一流量为该客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问该应用服务器的流量。The first flow is the flow that the client accesses the application server by way of web proxy, application conversion, port forwarding or network extension.

第一流量可以是该客户端向该应用服务器发送的流量，也可以是该应用服务器向该客户端发送的流量。The first traffic may be traffic sent by the client to the application server, or traffic sent by the application server to the client.

实施例二：Embodiment two:

本发明实施例提供了一种访问应用服务器的方法，可以用于图1所示的组网结构中，参见图3，图3是本发明实施例提供的访问应用服务器的方法的流程图，该方法包括：An embodiment of the present invention provides a method for accessing an application server, which can be used in the networking structure shown in FIG. 1 , see FIG. 3 , and FIG. 3 is a flowchart of a method for accessing an application server provided by an embodiment of the present invention. Methods include:

301、位于虚拟专用网的第一网关向位于公网的虚拟专用网服务器发送包含该第一网关的标识的第一登录请求，以便于该虚拟专用网服务器生成用于被客户端接收的包含该第一网关的标识的在线网关信息。301. The first gateway located in the virtual private network sends a first login request including the identifier of the first gateway to the virtual private network server located in the public network, so that the virtual private network server generates a request for receiving by the client and includes the The online gateway information of the identifier of the first gateway.

302、该第一网关接收该虚拟专用网服务器转发的该客户端发送的请求登录该第一网关的第二登录请求，该第二登录请求包含该第一网关的标识。302. The first gateway receives a second login request sent by the client and forwarded by the virtual private network server, requesting to log in to the first gateway, where the second login request includes an identifier of the first gateway.

303、该第一网关对该第二登录请求进行响应。303. The first gateway responds to the second login request.

304、该第一网关传输该客户端通过该第一网关访问该应用服务器的第一流量，该应用服务器位于该第一网关对应的虚拟专用网。304. The first gateway transmits first traffic for the client to access the application server through the first gateway, where the application server is located in a virtual private network corresponding to the first gateway.

第一网关通过安全套接层协议建立第一网关与服务器之间的SSL连接。第一网关与虚拟专用网服务器之间的SSL连接可以是一个，也可以是多个。第一网关通过SSL连接登陆该虚拟专用网服务器。The first gateway establishes an SSL connection between the first gateway and the server through the secure socket layer protocol. There may be one or more SSL connections between the first gateway and the virtual private network server. The first gateway logs in the virtual private network server through the SSL connection.

该第一网关请求登陆该虚拟专用网服务器具体实现时，可以是第一网关通过超文本传输协议登录该虚拟专用网服务器。When the first gateway requests to log in to the virtual private network server, the first gateway may log in to the virtual private network server through hypertext transfer protocol.

可选的，optional,

该第一网关传输该客户端通过该第一网关访问该应用服务器的第一流量，包括：The first gateway transmits the first flow that the client accesses the application server through the first gateway, including:

该第一网关向该应用服务器传输该客户端发送的第一访问请求，并且该第一网关向该客户端传输该应用服务器发送的第一访问响应，该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应，该第一流量包括该第一访问请求以及该第一访问响应；The first gateway transmits to the application server the first access request sent by the client, and the first gateway transmits to the client the first access response sent by the application server, and the first access request is used to make the application server Send the first access response to the client, where the first flow includes the first access request and the first access response;

该第一网关向该应用服务器传输该客户端发送的第一访问请求，包括：The first gateway transmits to the application server the first access request sent by the client, including:

该第一网关通过第二安全套接层连接接收该虚拟专用网服务器发送的第二访问请求，该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接，该第二访问请求通过如下途径得到：The first gateway receives the second access request sent by the virtual private network server through the second secure socket layer connection, the second secure socket layer connection is the connection between the virtual private network server and the first gateway, and the second Access requests are obtained through the following channels:

该虚拟专用网服务器通过第一安全套接层连接接收该客户端发送的该第一访问请求，该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接，该第一访问请求中包含该第一网关的标识；The virtual private network server receives the first access request sent by the client through the first secure socket layer connection, the first secure socket layer connection is the connection between the client and the virtual private network server, and the first access The request includes the identifier of the first gateway;

该虚拟专用网服务器根据安全套接层协议的协议栈得到该第一安全套接层连接的标识，该虚拟专用网服务器根据该第一安全套接层连接的标识以及该第一访问请求中的该第一网关的标识生成第一对应关系，该第一对应关系包括该第一网关的标识、该第二安全套接层连接的标识以及该第一安全套接层连接的标识；The virtual private network server obtains the identification of the first secure socket layer connection according to the protocol stack of the secure socket layer protocol, and the virtual private network server obtains the identification of the first secure socket layer connection and the first access request in the first access request. The identification of the gateway generates a first correspondence, the first correspondence includes the identification of the first gateway, the identification of the second secure socket layer connection, and the identification of the first secure socket layer connection;

该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求，生成该第二访问请求；The virtual private network server adds the identification of the first secure socket layer connection to the first access request to generate the second access request;

该第一网关通过第一传输控制协议连接将该第二访问请求转发至该应用服务器；该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识，该第一网关根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系，该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识，该第一传输控制协议连接为该第一网关与该应用服务器之间的连接；The first gateway forwards the second access request to the application server through the first transmission control protocol connection; the first gateway obtains the identifier of the second secure socket layer connection according to the secure socket layer protocol stack, and the first gateway obtains the identifier of the second secure socket layer connection according to the secure socket layer protocol stack. The identifier of the first secure socket layer connection in the second access request generates a second correspondence, and the second correspondence includes the identifier of the first secure socket layer connection, the identifier of the second secure socket layer connection, and the first An identifier of a TCP connection, where the first TCP connection is a connection between the first gateway and the application server;

该第一网关向该客户端传输该应用服务器发送的第一访问响应，包括：The first gateway transmits to the client the first access response sent by the application server, including:

该第一网关通过该第一传输控制协议连接接收该应用服务器发送的该第一访问响应；The first gateway receives the first access response sent by the application server through the first TCP connection;

该第一网关根据传输控制协议的协议栈得到该第一传输控制协议连接，该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系；该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识；该第一网关将该第一安全套接层连接的标识添加到该第一访问响应，生成第二访问响应；The first gateway obtains the first transmission control protocol connection according to the protocol stack of the transmission control protocol, and the first gateway finds the second corresponding relationship according to the identifier of the first transmission control protocol connection; the first gateway obtains the second corresponding relationship according to the second The corresponding relationship obtains the identifier of the first secure socket layer connection and the identifier of the second secure socket layer connection; the first gateway adds the identifier of the first secure socket layer connection to the first access response to generate a second access response ;

该第一网关通过该第二安全套接层连接向该虚拟专用网服务器发送该第二访问响应，该第二访问响应用于使该虚拟专用网服务器根据该第二访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接，并通过该第一安全套接层连接将该第二访问响应转发至该客户端。The first gateway sends the second access response to the virtual private network server through the second secure socket layer connection, and the second access response is used to make the virtual private network server according to the first secure socket in the second access response The identification of the layer connection determines the first secure socket layer connection as a connection for communication, and forwards the second access response to the client through the first secure socket layer connection.

可选的，optional,

实施例三：Embodiment three:

本发明实施例提供了一种访问应用服务器的方法，可以用于图1所示的组网结构中，参见图4，图4是本发明实施例提供的访问应用服务器的方法的流程图，该方法包括：An embodiment of the present invention provides a method for accessing an application server, which can be used in the networking structure shown in FIG. 1 , see FIG. 4 , and FIG. 4 is a flowchart of a method for accessing an application server provided by an embodiment of the present invention. Methods include:

401、客户端接收位于公网的虚拟专用网服务器发送的在线网关信息，该在线网关信息通过如下途径得到：该虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求，该第一登录请求包含该第一网关的标识；该虚拟专用网服务器根据该第一登录请求生成在线网关信息，该在线网关信息包含该第一网关的标识。401. The client receives the online gateway information sent by the virtual private network server located in the public network, and the online gateway information is obtained through the following way: the virtual private network server receives the first login request sent by the first gateway located in the virtual private network, the The first login request includes the identifier of the first gateway; the virtual private network server generates online gateway information according to the first login request, and the online gateway information includes the identifier of the first gateway.

402、该客户端向该虚拟专用网服务器发送请求登录该第一网关的第二登录请求，该第二登录请求包含该第一网关的标识，以便于该虚拟专用网服务器向该第一网关转发该第二登录请求，该第二登录请求用于使该第一网关对该第二登录请求进行响应。402. The client sends a second login request requesting to log in to the first gateway to the virtual private network server, and the second login request includes the identifier of the first gateway so that the virtual private network server forwards the request to the first gateway The second login request is used to make the first gateway respond to the second login request.

403、该客户端通过该第一网关访问该应用服务器，该应用服务器位于该虚拟专用网。403. The client accesses the application server through the first gateway, and the application server is located in the virtual private network.

具体实现时，可以通过SSL连接传输客户端访问应用服务器的流量。关于如何建立SSL连接，请参加下文的描述。During specific implementation, the traffic of the client accessing the application server may be transmitted through the SSL connection. For how to establish an SSL connection, please refer to the description below.

可选的，optional,

该客户端通过该第一网关访问该应用服务器，包括：The client accesses the application server through the first gateway, including:

该客户端通过该第一网关向该应用服务器发送第一访问请求，并且该客户端通过该第一网关接收该应用服务器发送的第一访问响应，该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应；The client sends a first access request to the application server through the first gateway, and the client receives the first access response sent by the application server through the first gateway, and the first access request is used to make the application server send The client sends the first access response;

该客户端通过该第一网关向该应用服务器发送第一访问请求，包括：The client sends a first access request to the application server through the first gateway, including:

该客户端通过第一安全套接层连接向该虚拟专用网服务器发送该第一访问请求，该第一访问请求中包含该第一网关的标识，该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接；该第一访问请求用于使该虚拟专用网服务器根据安全套接层协议的协议栈得到该第一安全套接层连接的标识，该第一访问请求还用于使该虚拟专用网服务器根据该第一访问请求中的该第一网关的标识以及该第一安全套接层连接的标识生成第一对应关系，该第一对应关系包括该第一网关的标识、第二安全套接层连接的标识以及该第一安全套接层连接的标识，该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接；该第一访问请求还用于使该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求，生成第二访问请求；该第一访问请求还用于使该虚拟专用网服务器通过该第二安全套接层连接向该第一网关发送该第二访问请求；该第二访问请求用于使该第一网关通过第一传输控制协议连接将该第二访问请求转发至该应用服务器，该第二访问请求用于使该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识，并根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系，该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识，该第一传输控制协议连接为该第一网关与该应用服务器之间的连接；该第二访问请求还用于使该第一网关通过该第一传输控制协议连接向该应用服务器转发该第二访问请求；The client sends the first access request to the virtual private network server through the first secure socket layer connection, the first access request includes the identifier of the first gateway, and the first secure socket layer connection connects the client with the A connection between virtual private network servers; the first access request is used to enable the virtual private network server to obtain the identifier of the first secure socket layer connection according to the protocol stack of the secure socket layer protocol, and the first access request is also used to use The virtual private network server generates a first correspondence according to the identifier of the first gateway in the first access request and the identifier of the first secure socket layer connection, and the first correspondence includes the identifier of the first gateway, the second The identification of the secure socket layer connection and the identification of the first secure socket layer connection, the second secure socket layer connection is the connection between the virtual private network server and the first gateway; the first access request is also used to make the The virtual private network server adds the identification of the first secure socket layer connection to the first access request to generate a second access request; the first access request is also used to make the virtual private network server connect through the second secure socket layer sending the second access request to the first gateway; the second access request is used to make the first gateway forward the second access request to the application server through the first transmission control protocol connection, and the second access request is used to make the first gateway obtain the identifier of the second secure socket layer connection according to the secure socket layer protocol stack, and generate a second corresponding relationship according to the identifier of the first secure socket layer connection in the second access request, and the second corresponding relationship The relationship includes the identifier of the first secure socket layer connection, the identifier of the second secure socket layer connection and the identifier of the first transmission control protocol connection, the first transmission control protocol connection is between the first gateway and the application server connection; the second access request is also used to make the first gateway forward the second access request to the application server through the first TCP connection;

该客户端通过该第一网关接收该应用服务器发送的第一访问响应，包括：The client receives the first access response sent by the application server through the first gateway, including:

该客户端通过该第一安全套接层连接接收该虚拟专用网服务器转发的第二访问响应，该第二访问响应通过如下途径得到：The client receives the second access response forwarded by the VPN server through the first secure socket layer connection, and the second access response is obtained through the following means:

该第一网关根据传输控制协议的协议栈得到该第一传输控制协议连接的标识，该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系，该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识；The first gateway obtains the identifier of the first transmission control protocol connection according to the protocol stack of the transmission control protocol, the first gateway finds the second corresponding relationship according to the identifier of the first transmission control protocol connection, and the first gateway according to the The second corresponding relationship obtains the identifier of the first secure socket layer connection and the identifier of the second secure socket layer connection;

该第一网关将该第一安全套接层连接的标识添加到该第一访问响应，生成该第二访问响应；The first gateway adds the identifier of the first secure socket layer connection to the first access response to generate the second access response;

该第一网关通过该第二安全套接层连接向该虚拟专用网服务器发送该第二访问响应；The first gateway sends the second access response to the virtual private network server through the second secure socket layer connection;

该虚拟专用网服务器根据该第二访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接，并通过该第一安全套接层连接向该客户端转发该第二访问响应。The virtual private network server determines that the first secure socket layer connection is a connection for communication according to the identifier of the first secure socket layer connection in the second access response, and sends the message to the client through the first secure socket layer connection The second access response is forwarded.

可选的，optional,

该客户端以网页代理、应用转换、端口转发或者网络扩展的方式访问该应用服务器。The client accesses the application server by means of web proxy, application conversion, port forwarding or network extension.

实施例四：Embodiment four:

本发明实施例提供了一种访问应用服务器的装置，可以用于图1所示的组网结构中。具体可以是图1中的虚拟专用网服务器。参见图5，图5是本发明实施例提供的访问应用服务器的装置的结构示意图，该装置包括：An embodiment of the present invention provides a device for accessing an application server, which can be used in the networking structure shown in FIG. 1 . Specifically, it may be the virtual private network server in FIG. 1 . Referring to FIG. 5, FIG. 5 is a schematic structural diagram of a device for accessing an application server provided by an embodiment of the present invention, and the device includes:

第一接收单元501，用于接收位于虚拟专用网的第一网关发送的第一登录请求，该第一登录请求包含该第一网关的标识；The first receiving unit 501 is configured to receive a first login request sent by a first gateway located in a virtual private network, where the first login request includes an identifier of the first gateway;

网关信息生成单元502，用于根据该第一登录请求生成在线网关信息，该在线网关信息包含该第一网关的标识；A gateway information generating unit 502, configured to generate online gateway information according to the first login request, where the online gateway information includes the identifier of the first gateway;

发送单元503，用于向客户端发送该在线网关信息；A sending unit 503, configured to send the online gateway information to the client;

第二接收单元504，用于接收该客户端发送的请求登录该第一网关的第二登录请求，该第二登录请求包含该第一网关的标识；The second receiving unit 504 is configured to receive a second login request sent by the client requesting to log in to the first gateway, where the second login request includes the identifier of the first gateway;

转发单元506，用于向该第一网关转发该第二登录请求，以便于该第一网关对该第二登录请求进行响应；A forwarding unit 506, configured to forward the second login request to the first gateway, so that the first gateway responds to the second login request;

传输单元507，用于传输该客户端通过该第一网关访问该应用服务器的第一流量，该应用服务器位于该虚拟专用网。The transmission unit 507 is configured to transmit the first traffic for the client to access the application server through the first gateway, where the application server is located in the virtual private network.

可选的，optional,

传输单元507包括第一子单元以及第二子单元；The transmission unit 507 includes a first subunit and a second subunit;

该第一子单元用于向该应用服务器传输该客户端发送的第一访问请求；The first subunit is configured to transmit the first access request sent by the client to the application server;

该第二子单元用于向该客户端传输该应用服务器发送的第一访问响应，该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应，该第一流量包括该第一访问请求以及该第一访问响应；The second subunit is used to transmit to the client the first access response sent by the application server, the first access request is used to make the application server send the first access response to the client, and the first traffic includes the a first access request and the first access response;

该第一子单元包括：The first subunit includes:

访问请求接收单元，用于通过第一安全套接层连接接收该客户端发送的该第一访问请求，该第一访问请求中包含该第一网关的标识，该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接；An access request receiving unit, configured to receive the first access request sent by the client through the first secure socket layer connection, the first access request includes the first gateway identifier, and the first secure socket layer connection is the first access request for the client connection between the client and the virtual private network server;

对应关系生成单元，用于根据安全套接层协议的协议栈得到该第一安全套接层连接的标识，生成第一对应关系，该第一对应关系包括该第一网关的标识、第二安全套接层连接的标识以及该第一安全套接层连接的标识，该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接；The corresponding relationship generating unit is used to obtain the identifier of the first secure socket layer connection according to the protocol stack of the secure socket layer protocol, and generate a first corresponding relationship, the first corresponding relationship includes the identifier of the first gateway, the second secure socket layer The identification of the connection and the identification of the first secure socket layer connection, the second secure socket layer connection is the connection between the virtual private network server and the first gateway;

访问请求更新单元，用于将该第一安全套接层连接的标识添加到该第一访问请求，生成第二访问请求；An access request updating unit, configured to add the identifier of the first secure socket layer connection to the first access request to generate a second access request;

访问请求发送单元，用于通过该第二安全套接层连接向该第一网关发送该第二访问请求，以便于该第一网关通过第一传输控制协议连接将该第二访问请求发送至该应用服务器，该第二访问请求用于使该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识，并根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系，该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识，该第一传输控制协议连接为该第一网关与该应用服务器之间的连接，该第二访问请求还用于触发该第一网关通过该第一传输控制协议连接向该应用服务器转发该第二访问请求；An access request sending unit, configured to send the second access request to the first gateway through the second secure socket layer connection, so that the first gateway sends the second access request to the application through the first transmission control protocol connection The server, the second access request is used to enable the first gateway to obtain the identifier of the second secure socket layer connection according to the secure socket layer protocol stack, and generate an identifier according to the identifier of the first secure socket layer connection in the second access request The second correspondence relationship, the second correspondence relationship includes the identifier of the first secure socket layer connection, the identifier of the second secure socket layer connection and the identifier of the first transmission control protocol connection, the first transmission control protocol connection is the A connection between the first gateway and the application server, where the second access request is also used to trigger the first gateway to forward the second access request to the application server through the first TCP connection;

该第二子单元包括：This second subunit includes:

访问响应接收单元，用于接收第二访问响应，该第二访问响应通过如下途径得到：An access response receiving unit, configured to receive a second access response, the second access response is obtained through the following means:

访问响应转发单元，用于根据该第一访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接，并通过该第一安全套接层连接将该第一访问响应转发至该客户端。An access response forwarding unit, configured to determine the first secure socket layer connection as a connection for communication according to the identifier of the first secure socket layer connection in the first access response, and connect the first secure socket layer connection to the The first access response is forwarded to the client.

可选的，optional,

实施例五：Embodiment five:

本发明实施例提供了一种访问应用服务器的装置，可以用于图1所示的组网结构中。具体可以是图1中的网关。参见图6，图6是本发明实施例提供的访问应用服务器的装置的结构示意图，该装置包括：An embodiment of the present invention provides a device for accessing an application server, which can be used in the networking structure shown in FIG. 1 . Specifically, it may be the gateway in FIG. 1 . Referring to FIG. 6, FIG. 6 is a schematic structural diagram of a device for accessing an application server provided by an embodiment of the present invention, and the device includes:

发送单元601，用于向位于公网的虚拟专用网服务器发送包含位于虚拟专用网的第一网关的标识的第一登录请求，以便于该虚拟专用网服务器生成用于被客户端接收的包含该第一网关的标识的在线网关信息；The sending unit 601 is configured to send a first login request including the identification of the first gateway located in the virtual private network to a virtual private network server located in the public network, so that the virtual private network server generates a request for being received by the client and includes the The online gateway information of the identification of the first gateway;

接收单元602，用于接收该虚拟专用网服务器转发的该客户端发送的请求登录所述第一网关的第二登录请求，该第二登录请求包含该第一网关的标识；The receiving unit 602 is configured to receive a second login request sent by the client and forwarded by the virtual private network server requesting to log in to the first gateway, where the second login request includes the identifier of the first gateway;

响应单元603，用于对该第二登录请求进行响应；a response unit 603, configured to respond to the second login request;

传输单元604，用于转发该客户端通过该第一网关访问该应用服务器的第一流量，该应用服务器位于该第一网关对应的虚拟专用网。The transmission unit 604 is configured to forward the first traffic for the client to access the application server through the first gateway, and the application server is located in the virtual private network corresponding to the first gateway.

可选的，optional,

传输单元604包括第一子单元和第二子单元；The transmission unit 604 includes a first subunit and a second subunit;

该第一子单元包括：The first subunit includes:

访问请求接收单元，用于通过第二安全套接层连接接收该虚拟专用网服务器发送的第二访问请求，该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接，该第二访问请求通过如下途径得到：an access request receiving unit, configured to receive a second access request sent by the virtual private network server through a second secure socket layer connection, the second secure socket layer connection being a connection between the virtual private network server and the first gateway, The second access request is obtained through the following means:

该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求，生成该第二访问请求；访问请求转发单元，用于通过第一传输控制协议连接将该第二访问请求转发至该应用服务器；该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识，该第一网关根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系，该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识，该第一The virtual private network server adds the identification of the first secure socket layer connection to the first access request to generate the second access request; the access request forwarding unit is configured to connect the second access request through the first transmission control protocol forwarded to the application server; the first gateway obtains the identifier of the second secure socket layer connection according to the secure socket layer protocol stack, and the first gateway generates the first secure socket layer connection identifier according to the second access request Two corresponding relationships, the second corresponding relationship includes the identifier of the first secure socket layer connection, the identifier of the second secure socket layer connection and the identifier of the first transmission control protocol connection, the first

传输控制协议连接为该第一网关与该应用服务器之间的连接；该第二子单元包括：The transmission control protocol connection is a connection between the first gateway and the application server; the second subunit includes:

访问响应接收单元，用于通过该第一传输控制协议连接接收该应用服务器发送的该第一访问响应；An access response receiving unit, configured to receive the first access response sent by the application server through the first TCP connection;

查找单元，用于根据传输控制协议的协议栈得到该第一传输控制协议连接，该第一网关根据该第一传输控制协议连接的标识查找到该第二对应关系；该第一网关根据该第二对应关系得到该第一安全套接层连接的标识以及该第二安全套接层连接的标识；The search unit is configured to obtain the first transmission control protocol connection according to the protocol stack of the transmission control protocol, and the first gateway finds the second corresponding relationship according to the identifier of the first transmission control protocol connection; the first gateway according to the first transmission control protocol connection Obtaining the identification of the first secure socket layer connection and the identification of the second secure socket layer connection from the two correspondences;

访问响应更新单元，用于将该第一安全套接层连接的标识添加到该第一访问响应，生成第二访问响应；An access response updating unit, configured to add the identifier of the first secure socket layer connection to the first access response to generate a second access response;

访问响应发送单元，用于通过该第二安全套接层连接向该虚拟专用网服务器发送该第二访问响应，该第二访问响应用于使该虚拟专用网服务器根据该第二访问响应中的该第一安全套接层连接的标识确定该第一安全套接层连接为用于通信的连接，并通An access response sending unit, configured to send the second access response to the virtual private network server through the second secure socket layer connection, the second access response is used to make the virtual private network server according to the second access response in the second access response The identification of the first secure socket layer connection determines that the first secure socket layer connection is used for communication, and through

过该第一安全套接层连接将该第二访问响应转发至该客户端。可以通过对应表中的表项记录第一对应关系和第二对应关系。也可以通过文件记录第一对应关系和第二对应关系。forwarding the second access response to the client through the first secure socket layer connection. The first correspondence and the second correspondence may be recorded through entries in the correspondence table. The first correspondence and the second correspondence may also be recorded in a file.

可选的，optional,

实施例六：Embodiment six:

本发明实施例提供了一种访问应用服务器的装置，可以用于图1所示的组网结构中。具体可以是图1中的客户端。参见图7，图7是本发明实施例提供的访问应用服务器的装置的结构示意图，该装置包括：An embodiment of the present invention provides a device for accessing an application server, which can be used in the networking structure shown in FIG. 1 . Specifically, it may be the client in FIG. 1 . Referring to FIG. 7, FIG. 7 is a schematic structural diagram of a device for accessing an application server provided by an embodiment of the present invention, and the device includes:

接收单元701，用于接收位于公网的虚拟专用网服务器发送的在线网关信息，该在线网关信息通过如下途径得到：该虚拟专用网服务器接收位于虚拟专用网的第一网关发送的第一登录请求，该第一登录请求包含该第一网关的标识；该虚拟专用网服务器根据该第一登录请求生成在线网关信息，该在线网关信息包含该第一网关的标识；The receiving unit 701 is configured to receive the online gateway information sent by the virtual private network server located in the public network, the online gateway information is obtained through the following way: the virtual private network server receives the first login request sent by the first gateway located in the virtual private network , the first login request includes the identifier of the first gateway; the virtual private network server generates online gateway information according to the first login request, and the online gateway information includes the identifier of the first gateway;

发送单元702，用于向该虚拟专用网服务器发送请求登录该第一网关的第二登录请求，该第二登录请求包含该第一网关的标识，以便于该虚拟专用网服务器向该第一网关转发该第二登录请求，该第二登录请求用于使该第一网关对该第二登录请求进行响应；A sending unit 702, configured to send a second login request requesting to log in to the first gateway to the virtual private network server, where the second login request includes the identifier of the first gateway, so that the virtual private network server can send a request to the first gateway Forwarding the second login request, where the second login request is used to make the first gateway respond to the second login request;

访问单元703，用于通过该第一网关访问该应用服务器，该应用服务器位于该虚拟专用网。The access unit 703 is configured to access the application server through the first gateway, where the application server is located in the virtual private network.

可选的，optional,

访问单元703包括第一访问单元和第二访问单元；The access unit 703 includes a first access unit and a second access unit;

该第一访问单元，用于通过该第一网关向该应用服务器发送第一访问请求；The first access unit is configured to send a first access request to the application server through the first gateway;

该第二访问单元，用于通过该第一网关接收该应用服务器发送的第一访问响应，该第一访问请求用于使该应用服务器向该客户端发送该第一访问响应；The second access unit is configured to receive a first access response sent by the application server through the first gateway, and the first access request is used to make the application server send the first access response to the client;

该第一访问单元包括第一触发单元以及访问请求发送单元：The first access unit includes a first trigger unit and an access request sending unit:

该第一触发单元，用于触发该访问请求发送单元发送该第一访问请求；The first triggering unit is configured to trigger the access request sending unit to send the first access request;

该访问请求发送单元，用于通过第一安全套接层连接向该虚拟专用网服务器发送该第一访问请求，该第一访问请求中包含该第一网关的标识，该第一安全套接层连接为该客户端与该虚拟专用网服务器之间的连接；该第一访问请求用于使该虚拟专用网服务器根据安全套接层协议的协议栈得到该第一安全套接层连接的标识，该第一访问请求还用于使该虚拟专用网服务器根据该第一访问请求中的该第一网关的标识以及该第一安全套接层连接的标识生成第一对应关系，该第一对应关系包括该第一网关的标识、第二安全套接层连接的标识以及该第一安全套接层连接的标识，该第二安全套接层连接为该虚拟专用网服务器与该第一网关之间的连接；该第一访问请求还用于使该虚拟专用网服务器将该第一安全套接层连接的标识添加到该第一访问请求，生成第二访问请求；该第一访问请求还用于使该虚拟专用网服务器通过该第二安全套接层连接向该第一网关发送该第二访问请求；该第二访问请求用于使该第一网关通过第一传输控制协议连接将该第二访问请求转发至该应用服务器，该第二访问请求用于使该第一网关根据安全套接层协议栈得到该第二安全套接层连接的标识，并根据该第二访问请求中的该第一安全套接层连接的标识生成第二对应关系，该第二对应关系包括该第一安全套接层连接的标识、该第二安全套接层连接的标识以及该第一传输控制协议连接的标识，该第一传输控制协议连接为该第一网关与该应用服务器之间的连接；该第二访问请求还用于使该第一网关通过该第一传输控制协议连接向该应用服务器转发该第二访问请求；The access request sending unit is configured to send the first access request to the virtual private network server through the first secure socket layer connection, the first access request includes the identifier of the first gateway, and the first secure socket layer connection is The connection between the client and the virtual private network server; the first access request is used to make the virtual private network server obtain the identification of the first secure socket layer connection according to the protocol stack of the secure socket layer protocol, and the first access request The request is also used to make the virtual private network server generate a first correspondence according to the identifier of the first gateway and the identifier of the first secure socket layer connection in the first access request, and the first correspondence includes the first gateway The identification of the second secure socket layer connection and the identification of the first secure socket layer connection, the second secure socket layer connection is the connection between the virtual private network server and the first gateway; the first access request It is also used to make the virtual private network server add the identification of the first secure socket layer connection to the first access request to generate a second access request; the first access request is also used to make the virtual private network server pass the first access request Two secure socket layer connections send the second access request to the first gateway; the second access request is used to make the first gateway forward the second access request to the application server through the first transmission control protocol connection, the second access request The second access request is used to make the first gateway obtain the identifier of the second secure socket layer connection according to the secure socket layer protocol stack, and generate a second corresponding relationship according to the identifier of the first secure socket layer connection in the second access request , the second correspondence includes the identifier of the first secure socket layer connection, the identifier of the second secure socket layer connection, and the identifier of the first transmission control protocol connection, where the first transmission control protocol connection is between the first gateway and The connection between the application servers; the second access request is also used to make the first gateway forward the second access request to the application server through the first TCP connection;

该第二访问单元包括第二触发单元以及访问响应接收单元：The second access unit includes a second trigger unit and an access response receiving unit:

该第二触发单元，用于触发该访问响应接收单元接收第二访问响应；The second triggering unit is configured to trigger the access response receiving unit to receive a second access response;

该访问响应接收单元，用于通过该第一安全套接层连接接收该虚拟专用网服务器转发的该第二访问响应，该第二访问响应通过如下途径得到：The access response receiving unit is configured to receive the second access response forwarded by the virtual private network server through the first secure socket layer connection, and the second access response is obtained through the following means:

本领域普通技术人员可以理解：实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成，前述程序可以存储于一计算机可读取存储介质中，该程序在执行时，执行包括上述方法实施例的步骤；而前述的存储介质包括：ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps to realize the above method embodiments can be completed by hardware related to program instructions, and the aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the execution includes: The steps of the above-mentioned method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other various media that can store program codes.

最后应说明的是：以上实施例仅用以说明本发明的技术方案，而非对其限制；尽管参照前述实施例对本发明进行了详细的说明，本领域的普通技术人员应当理解：其依然可以对前述各实施例所记载的技术方案进行修改，或者对其中部分技术特征进行等同替换；而这些修改或者替换，并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention.

Claims

1. a method for access application server, is characterized in that, comprising:

The virtual private network services device that is positioned at public network receives the first logging request of the first gateway transmission that is positioned at Virtual Private Network, the mark that described the first logging request comprises described the first gateway;

Described virtual private network services device is created on line gateway information according to described the first logging request, the mark that described online gateway information comprises described the first gateway;

Described virtual private network services device sends described online gateway information to client;

Described virtual private network services device receives request that described client sends logins the second logging request of described the first gateway, the mark that described the second logging request comprises described the first gateway;

Described virtual private network services device is to the second logging request described in described the first gateway forwards, so that described the first gateway responds described the second logging request;

Described virtual private network services device transmits described client by the first flow of application server described in described the first gateway access, and described application server is positioned at described Virtual Private Network.

2. method according to claim 1, is characterized in that,

Described virtual private network services device transmits described client by the first flow of application server described in described the first gateway access, comprising:

Described virtual private network services device transmits to described application server the first access request that described client sends, and the first access response that described virtual private network services device sends to application server described in described client transmissions, described the first access request is used for making described application server to send described the first access response to described client, and described first flow comprises described the first access request and described the first access response;

Described virtual private network services device transmits to described application server the first access request that described client sends, and comprising:

Described virtual private network services device is connected and is received described the first access request that described client sends by the first SSL, the mark that comprises described the first gateway in described the first access request, described the first SSL is connected to being connected between described client and described virtual private network services device;

Described virtual private network services device obtains according to the protocol stack of secure socket layer protocol the mark that described the first SSL connects, described virtual private network services device generates the first corresponding relation, described the first corresponding relation comprises the mark of described the first gateway, the mark of the second SSL connection and the mark that described the first SSL connects, and described the second SSL is connected to being connected between described virtual private network services device and described the first gateway;

The mark that described virtual private network services device connects described the first SSL is added described the first access request to, generates the second access request;

Described virtual private network services device is connected and is sent described the second access request to described the first gateway by described the second SSL, so that described the first gateway is connected described the second access request is sent to described application server by the first transmission control protocol, described the second access request is for making described the first gateway obtain according to secure socket layer protocol stack the mark that described the second SSL connects, and the mark connecting according to described the first SSL in described the second access request generates the second corresponding relation, described the second corresponding relation comprises the mark that described the first SSL connects, the mark that the mark that described the second SSL connects and described the first transmission control protocol connect, described the first transmission control protocol is connected to being connected between described the first gateway and described application server, described the second access request is also connected and is forwarded described the second access request to described application server by described the first transmission control protocol for triggering described the first gateway,

The first access response that described virtual private network services device sends to application server described in described client transmissions, comprising:

Described virtual private network services device receives the second access response, and described the second access response obtains by following approach:

Described application server is connected and is sent described the first access response by described the first transmission control protocol;

Described the first gateway obtains described the first transmission control protocol according to the protocol stack of transmission control protocol and connects, and the mark that described the first gateway connects according to described the first transmission control protocol finds described the second corresponding relation; Described the first gateway obtains the mark of described the first SSL connection and the mark that described the second SSL connects according to described the second corresponding relation;

The mark that described the first gateway connects described the first SSL is added described the second access response to, generates described the first access response;

Described the first gateway is connected and is sent described the first access response to described virtual private network services device by described the second SSL;

The mark that described virtual private network services device connects according to described the first SSL in described the first access response determines that described the first SSL is connected to the connection for communicating by letter, and is connected described the first access response is forwarded to described client by described the first SSL.

3. according to method described in claim 1 or 2, it is characterized in that,

Described first flow is that described client is accessed the flow of described application server in the mode of webpage agency, application conversion, port repeat or extension of network.

4. a method for access application server, is characterized in that, comprising:

The first gateway that is positioned at Virtual Private Network sends the first logging request of the mark that comprises described the first gateway to the virtual private network services device that is positioned at public network, so that described virtual private network services device generates for by the online gateway information of mark of comprising of client of described the first gateway;

Described the first gateway receives request that described client that described virtual private network services device forwards sends logins the second logging request of described the first gateway, the mark that described the second logging request comprises described the first gateway;

Described the first gateway responds described the second logging request;

Described the first gateway transmits described client by the first flow of application server described in described the first gateway access, and described application server is positioned at Virtual Private Network corresponding to described the first gateway.

5. method according to claim 4, is characterized in that,

Described the first gateway transmits described client by the first flow of application server described in described the first gateway access, comprising:

Described the first gateway transmits to described application server the first access request that described client sends, and the first access response that described the first gateway sends to application server described in described client transmissions, described the first access request is used for making described application server to send described the first access response to described client, and described first flow comprises described the first access request and described the first access response;

Described the first gateway transmits to described application server the first access request that described client sends, and comprising:

Described the first gateway is connected and is received the second access request that described virtual private network services device sends by the second SSL, described the second SSL is connected to being connected between described virtual private network services device and described the first gateway, and described the second access request obtains by following approach:

Described virtual private network services device is connected and is received described the first access request that described client sends by the first SSL, described the first SSL is connected to being connected between described client and described virtual private network services device, the mark that comprises described the first gateway in described the first access request;

Described virtual private network services device obtains according to the protocol stack of secure socket layer protocol the mark that described the first SSL connects, the mark of described the first gateway in mark and described the first access request that described virtual private network services device connects according to described the first SSL generates the first corresponding relation, and described the first corresponding relation comprises the mark of the mark of described the first gateway, described the second SSL connection and the mark that described the first SSL connects;

The mark that described virtual private network services device connects described the first SSL is added described the first access request to, generates described the second access request;

Described the first gateway is connected described the second access request is forwarded to described application server by the first transmission control protocol; Described the first gateway obtains according to secure socket layer protocol stack the mark that described the second SSL connects, the mark that described the first gateway connects according to described the first SSL in described the second access request generates the second corresponding relation, described the second corresponding relation comprises mark, the mark of described the second SSL connection and the mark that described the first transmission control protocol connects that described the first SSL connects, and described the first transmission control protocol is connected to being connected between described the first gateway and described application server;

The first access response that described the first gateway sends to application server described in described client transmissions, comprising:

Described the first gateway is connected and is received described the first access response that described application server sends by described the first transmission control protocol;

The mark that described the first gateway connects described the first SSL is added described the first access response to, generates the second access response;

Described the first gateway is connected and is sent described the second access response to described virtual private network services device by described the second SSL, described the second access response determines that for the mark that described virtual private network services device is connected according to described first SSL of described the second access response described the first SSL is connected to the connection for communicating by letter, and is connected described the second access response is forwarded to described client by described the first SSL.

6. according to method described in claim 4 or 5, it is characterized in that,

7. a method for access application server, is characterized in that, comprising:

Client is positioned at the online gateway information of the virtual private network services device transmission of public network, described online gateway information obtains by following approach: described virtual private network services device receives the first logging request of the first gateway transmission that is positioned at Virtual Private Network, the mark that described the first logging request comprises described the first gateway; Described virtual private network services device is created on line gateway information according to described the first logging request, the mark that described online gateway information comprises described the first gateway;

Described client sends request the second logging request of described the first gateway of login to described virtual private network services device, the mark that described the second logging request comprises described the first gateway, so that described virtual private network services device is to the second logging request described in described the first gateway forwards, described the second logging request is used for making described the first gateway to respond described the second logging request;

Described client is by application server described in described the first gateway access, and described application server is positioned at described Virtual Private Network.

8. method according to claim 7, is characterized in that,

Described client, by application server described in described the first gateway access, comprising:

Described client sends the first access request by described the first gateway to described application server, and described client receives by described the first gateway the first access response that described application server sends, and described the first access request is used for making described application server to send described the first access response to described client;

Described client sends the first access request by described the first gateway to described application server, comprising:

Described client is connected and is sent described the first access request to described virtual private network services device by the first SSL, the mark that comprises described the first gateway in described the first access request, described the first SSL is connected to being connected between described client and described virtual private network services device, described the first access request is for making described virtual private network services device obtain according to the protocol stack of secure socket layer protocol the mark that described the first SSL connects, described the first access request is also for making described virtual private network services device generate the first corresponding relation according to the mark of the mark of described first gateway of described the first access request and described the first SSL connection, described the first corresponding relation comprises the mark of described the first gateway, the mark that the mark that the second SSL connects and described the first SSL connect, described the second SSL is connected to being connected between described virtual private network services device and described the first gateway, described the first access request is also added described the first access request to for the mark that described virtual private network services device is connected described the first SSL, generates the second access request, described the first access request is also for making described virtual private network services device be connected and be sent described the second access request to described the first gateway by described the second SSL, described the second access request is used for making described the first gateway to be connected described the second access request is forwarded to described application server by the first transmission control protocol, described the second access request is for making described the first gateway obtain according to secure socket layer protocol stack the mark that described the second SSL connects, and the mark connecting according to described the first SSL in described the second access request generates the second corresponding relation, described the second corresponding relation comprises the mark that described the first SSL connects, the mark that the mark that described the second SSL connects and described the first transmission control protocol connect, described the first transmission control protocol is connected to being connected between described the first gateway and described application server, described the second access request is also for making described the first gateway be connected and be forwarded described the second access request to described application server by described the first transmission control protocol,

Described client receives by described the first gateway the first access response that described application server sends, and comprising:

Described client is connected and is received the second access response that described virtual private network services device forwards by described the first SSL, and described the second access response obtains by following approach:

Described the first gateway obtains according to the protocol stack of transmission control protocol the mark that described the first transmission control protocol connects, the mark that described the first gateway connects according to described the first transmission control protocol finds described the second corresponding relation, and described the first gateway obtains the mark of described the first SSL connection and the mark that described the second SSL connects according to described the second corresponding relation;

The mark that described the first gateway connects described the first SSL is added described the first access response to, generates described the second access response;

Described the first gateway is connected and is sent described the second access response to described virtual private network services device by described the second SSL;

The mark that described virtual private network services device connects according to described the first SSL in described the second access response determines that described the first SSL is connected to the connection for communicating by letter, and is connected and forwarded described the second access response to described client by described the first SSL.

9. according to method described in claim 7 or 8, it is characterized in that,

Described client is accessed described application server in the mode of webpage agency, application conversion, port repeat or extension of network.

10. a device for access application server, is characterized in that, comprising:

The first receiving element, for receiving the first logging request of the first gateway transmission that is positioned at Virtual Private Network, the mark that described the first logging request comprises described the first gateway;

Gateway information generation unit, for being created on line gateway information according to described the first logging request, the mark that described online gateway information comprises described the first gateway;

Transmitting element, for sending described online gateway information to client;

The second receiving element, logins the second logging request of described the first gateway, the mark that described the second logging request comprises described the first gateway for receiving request that described client sends;

Retransmission unit, for to the second logging request described in described the first gateway forwards, so that described the first gateway responds described the second logging request;

Transmission unit, for transmitting described client by the first flow of application server described in described the first gateway access, described application server is positioned at described Virtual Private Network.

11. install according to claim 10, it is characterized in that,

Described transmission unit comprises the first subelement and the second subelement;

Described the first subelement is for transmitting the first access request that described client sends to described application server;

First access response of described the second subelement for sending to application server described in described client transmissions, described the first access request is used for making described application server to send described the first access response to described client, and described first flow comprises described the first access request and described the first access response;

Described the first subelement comprises:

Access request receiving element, for connecting and receive described the first access request that described client sends by the first SSL, the mark that comprises described the first gateway in described the first access request, described the first SSL is connected to being connected between described client and described virtual private network services device;

Corresponding relation generation unit, the mark connecting for obtain described the first SSL according to the protocol stack of secure socket layer protocol, generate the first corresponding relation, described the first corresponding relation comprises the mark of described the first gateway, the mark of the second SSL connection and the mark that described the first SSL connects, and described the second SSL is connected to being connected between described virtual private network services device and described the first gateway;

Access request updating block, adds described the first access request to for the mark that described the first SSL is connected, and generates the second access request;

Access request transmitting element, for connecting and send described the second access request to described the first gateway by described the second SSL, so that described the first gateway is connected described the second access request is sent to described application server by the first transmission control protocol, described the second access request is for making described the first gateway obtain according to secure socket layer protocol stack the mark that described the second SSL connects, and the mark connecting according to described the first SSL in described the second access request generates the second corresponding relation, described the second corresponding relation comprises the mark that described the first SSL connects, the mark that the mark that described the second SSL connects and described the first transmission control protocol connect, described the first transmission control protocol is connected to being connected between described the first gateway and described application server, described the second access request is also connected and is forwarded described the second access request to described application server by described the first transmission control protocol for triggering described the first gateway,

Described the second subelement comprises:

Access response receiving element, for receiving the second access response, described the second access response obtains by following approach:

Access response retransmission unit, determine that for the mark connecting according to described first SSL of described the first access response described the first SSL is connected to the connection for communicating by letter, and connect described the first access response is forwarded to described client by described the first SSL.

The device of 12. 1 kinds of access application server, is characterized in that, comprising:

Transmitting element, for sends the first logging request of the mark that comprises the first gateway that is positioned at Virtual Private Network to the virtual private network services device that is positioned at public network, so that described virtual private network services device generates the online gateway information of mark being used for by comprising of client of described the first gateway;

Receiving element, logins the second logging request of described the first gateway, the mark that described the second logging request comprises described the first gateway for receiving request that described client that described virtual private network services device forwards sends;

Response unit, for responding described the second logging request;

Transmission unit, for transmitting described client by the first flow of application server described in described the first gateway access, described application server is positioned at Virtual Private Network corresponding to described the first gateway.

13. according to device described in claim 12, it is characterized in that,

Described the first subelement comprises:

Access request receiving element, for connecting and receive the second access request that described virtual private network services device sends by the second SSL, described the second SSL is connected to being connected between described virtual private network services device and described the first gateway, and described the second access request obtains by following approach:

Access request retransmission unit, for being connected described the second access request be forwarded to described application server by the first transmission control protocol; Described the first gateway obtains according to secure socket layer protocol stack the mark that described the second SSL connects, the mark that described the first gateway connects according to described the first SSL in described the second access request generates the second corresponding relation, described the second corresponding relation comprises mark, the mark of described the second SSL connection and the mark that described the first transmission control protocol connects that described the first SSL connects, and described the first transmission control protocol is connected to being connected between described the first gateway and described application server;

Described the second subelement comprises:

Access response receiving element, for being connected and received described the first access response that described application server sends by described the first transmission control protocol;

Search unit, connect for obtain described the first transmission control protocol according to the protocol stack of transmission control protocol, the mark that described the first gateway connects according to described the first transmission control protocol finds described the second corresponding relation; Described the first gateway obtains the mark of described the first SSL connection and the mark that described the second SSL connects according to described the second corresponding relation;

Access response updating block, adds described the first access response to for the mark that described the first SSL is connected, and generates the second access response;

Access response transmitting element, for connecting and send described the second access response to described virtual private network services device by described the second SSL, described the second access response determines that for the mark that described virtual private network services device is connected according to described first SSL of described the second access response described the first SSL is connected to the connection for communicating by letter, and is connected described the second access response is forwarded to described client by described the first SSL.

The device of 14. 1 kinds of access application server, is characterized in that, comprising:

Receiving element, for receiving the online gateway information of the virtual private network services device transmission that is positioned at public network, described online gateway information obtains by following approach: described virtual private network services device receives the first logging request of the first gateway transmission that is positioned at Virtual Private Network, the mark that described the first logging request comprises described the first gateway; Described virtual private network services device is created on line gateway information according to described the first logging request, the mark that described online gateway information comprises described the first gateway;

Transmitting element, for send request the second logging request of described the first gateway of login to described virtual private network services device, the mark that described the second logging request comprises described the first gateway, so that described virtual private network services device is to the second logging request described in described the first gateway forwards, described the second logging request is used for making described the first gateway to respond described the second logging request;

Addressed location, for by application server described in described the first gateway access, described application server is positioned at described Virtual Private Network.

15. according to device described in claim 14, it is characterized in that,

Described addressed location comprises the first addressed location and the second addressed location;

Described the first addressed location, for sending the first access request by described the first gateway to described application server;

Described the second addressed location, the first access response sending for receive described application server by described the first gateway, described the first access request is used for making described application server to send described the first access response to client;

Described the first addressed location comprises the first trigger element and access request transmitting element:

Described the first trigger element, sends described the first access request for triggering described access request transmitting element;

Described access request transmitting element, for connecting and send described the first access request to described virtual private network services device by the first SSL, the mark that comprises described the first gateway in described the first access request, described the first SSL is connected to being connected between described client and described virtual private network services device, described the first access request is for making described virtual private network services device obtain according to the protocol stack of secure socket layer protocol the mark that described the first SSL connects, described the first access request is also for making described virtual private network services device generate the first corresponding relation according to the mark of the mark of described first gateway of described the first access request and described the first SSL connection, described the first corresponding relation comprises the mark of described the first gateway, the mark that the mark that the second SSL connects and described the first SSL connect, described the second SSL is connected to being connected between described virtual private network services device and described the first gateway, described the first access request is also added described the first access request to for the mark that described virtual private network services device is connected described the first SSL, generates the second access request, described the first access request is also for making described virtual private network services device be connected and be sent described the second access request to described the first gateway by described the second SSL, described the second access request is used for making described the first gateway to be connected described the second access request is forwarded to described application server by the first transmission control protocol, described the second access request is for making described the first gateway obtain according to secure socket layer protocol stack the mark that described the second SSL connects, and the mark connecting according to described the first SSL in described the second access request generates the second corresponding relation, described the second corresponding relation comprises the mark that described the first SSL connects, the mark that the mark that described the second SSL connects and described the first transmission control protocol connect, described the first transmission control protocol is connected to being connected between described the first gateway and described application server, described the second access request is also for making described the first gateway be connected and be forwarded described the second access request to described application server by described the first transmission control protocol,

Described the second addressed location comprises the second trigger element and access response receiving element:

Described the second trigger element, receives the second access response for triggering described access response receiving element;

Described access response receiving element, for being connected and received described the second access response that described virtual private network services device forwards by described the first SSL, described the second access response obtains by following approach: