[go: up one dir, main page]

CN1231024C - Virtual specsel net realizing method based on dynamic IP address and system - Google Patents

Virtual specsel net realizing method based on dynamic IP address and system Download PDF

Info

Publication number
CN1231024C
CN1231024C CNB021257604A CN02125760A CN1231024C CN 1231024 C CN1231024 C CN 1231024C CN B021257604 A CNB021257604 A CN B021257604A CN 02125760 A CN02125760 A CN 02125760A CN 1231024 C CN1231024 C CN 1231024C
Authority
CN
China
Prior art keywords
gateway
address
server
address server
virtual private
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB021257604A
Other languages
Chinese (zh)
Other versions
CN1476204A (en
Inventor
罗声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB021257604A priority Critical patent/CN1231024C/en
Publication of CN1476204A publication Critical patent/CN1476204A/en
Application granted granted Critical
Publication of CN1231024C publication Critical patent/CN1231024C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses a realization method and a system of a virtual private network (VPN) based on a dynamic IP address. The method comprises the following steps that an address server for managing a dynamic IP address is established in an IP public network; the information of the dynamic IP address, a name, etc. is registered in the address server by a gateway of a virtual private network; when an initiating end gateway needs to be connected to a target gateway, the initiating end gateway is firstly enquired in the address server to obtain an IP address of the target gateway, and the IP address is used for establishing connection. The system of the present invention comprises an IP network, a virtual private network gateway which is connected with the IP network, and the address server for managing the dynamic IP address. A dynamic IP address management module and a data module are arranged in the address server. Public components of the address server are fully used by the present invention, and a VPN network can be conveniently established under the condition that the fixed IP address of a target VPN is not known by a VPN gateway. The present invention is very convenient and economical for an enterprise adopting dialing to be accessed in the IP network.

Description

基于动态IP地址的虚拟专用网实现方法及系统Method and system for realizing virtual private network based on dynamic IP address

技术领域technical field

本发明涉及一种基于动态IP地址的虚拟专用网实现方法及系统。The invention relates to a virtual private network realization method and system based on a dynamic IP address.

背景技术Background technique

虚拟专用网(Virtua1 Private Network,简称VPN)是利用公共网络基础设施,通过“隧道”技术等手段达到类似私有专网的数据安全传输。该网络具有虚拟的特点:VPN并不是某个公司专有的封闭线路或者是租用某个网络服务商提供的封闭线路,但同时VPN又具有专线的数据传输功能,因为VPN能够像专线一样在公共网络上处理自己公司的信息。Virtual private network (Virtua1 Private Network, referred to as VPN) is to use public network infrastructure to achieve data security transmission similar to private private network through "tunnel" technology and other means. The network has the characteristics of virtuality: VPN is not a closed circuit proprietary to a certain company or a closed circuit provided by a leased network service provider, but at the same time, VPN has the data transmission function of a dedicated line, because a VPN can be used in a public network like a dedicated line. Handle your company's information on the Internet.

VPN的工作原理:How a VPN works:

基于IP的VPN基本上归结为两类:拨号VPN(一般称为VDPN,即虚拟拨号专网)和专线VPN(Dedicated VPN,即专线的VPN),完整的VPN解决方案通常把拨号VPN和专线VPN组合在一起来满足所有用户的使用需求。IP-based VPN basically comes down to two categories: dial-up VPN (commonly known as VDPN, that is, virtual dial-up private network) and dedicated line VPN (Dedicated VPN, that is, dedicated line VPN). A complete VPN solution usually combines dial-up VPN and dedicated line VPN Combined together to meet the needs of all users.

拨号VPN:Dial-up VPN:

拨号VPN(即VDPN)为移动用户和远程办公用户提供了对公司企业网的远程访问。这是当今最常见的一种VPN部署形式,主要是基于L2F(Layer 2 ForwardingProtocol)协议。VDPN允许多个不同领域的用户都能通过公共网络或者Internet或其他公用网络获得安全的通路到他们的企业内部网络。拨号VPN又可分为客户发起的(Client-Initiated)VPN和NAS发起的VPN。Dial-up VPN (VDPN) provides remote access to the corporate network for mobile users and telecommuting users. This is the most common form of VPN deployment today, mainly based on the L2F (Layer 2 Forwarding Protocol) protocol. VDPN allows users in many different fields to obtain secure access to their corporate internal network through the public network or the Internet or other public networks. Dial-up VPN can be divided into client-initiated (Client-Initiated) VPN and NAS-initiated VPN.

在客户发起的VPN中,用户拨号到本地的POP,由客户来发出请求并建立到其企业内部网的加密隧道。为了建立一个安全的连接,客户端运行IPsec软件,客户软件与公司内部网络防火墙上的IPsec进程通信,或者直接与支持IPsec的路由器通信,确保连接的安全性。这种形式的VPN特点是:In the VPN initiated by the customer, the user dials to the local POP, and the customer sends the request and establishes an encrypted tunnel to the intranet of the enterprise. In order to establish a secure connection, the client runs IPsec software, and the client software communicates with the IPsec process on the company's internal network firewall, or directly communicates with routers that support IPsec to ensure the security of the connection. The characteristics of this form of VPN are:

(1)远程用户能够同时与多个归属网关(Home Gateway)建立IP隧道(IPTunnel)。(1) Remote users can establish IP tunnels (IPTunnel) with multiple home gateways (Home Gateway) at the same time.

(2)远程用户不必重新拨号,就可以进入另一个网络。(2) The remote user can enter another network without redialing.

(3)VPN的建立和管理与因特网服务提供商(ISP:internet serviceprovider)无关。(3) The establishment and management of VPN has nothing to do with the Internet service provider (ISP: internet service provider).

(4)这种加密的VPN隧道对于服务提供商而言是透明的,在客户端需要专用的拨号软件。(4) This encrypted VPN tunnel is transparent to the service provider, and requires dedicated dial-up software on the client side.

(5)客户端需要知道企业的固定IP地址,以便向企业的服务器进行认证。(5) The client needs to know the fixed IP address of the enterprise in order to authenticate to the server of the enterprise.

在NAS发起的VPN中,由服务提供商POP中的NAS请求并创建到客户公司路由器(或者Home Gateway)的VPN隧道。NAS使用L2F(Layer 2 Forwarding Protocol)或者L2TP(Layer 2 Tunneling Protocol)协议来建立到客户Home Gateway的安全隧道。In NAS-initiated VPN, the NAS in the service provider POP requests and creates a VPN tunnel to the customer company router (or Home Gateway). The NAS uses the L2F (Layer 2 Forwarding Protocol) or L2TP (Layer 2 Tunneling Protocol) protocol to establish a secure tunnel to the customer's Home Gateway.

在这种拨号VPN形式中,用户认证分两级处理。当用户拨入时,首先由服务提供商NAS执行基本的认证,这个认证仅仅识别出用户的公司身份。然后,NAS打开到用户公司Home Gateway的隧道,由Home Gateway来执行用户级的认证功能。这种VPN形式在认证时,服务提供商也需要知道企业的Home Gateway的IP地址。In this form of dial-up VPN, user authentication is handled in two levels. When a user dials in, the service provider NAS first performs basic authentication, which only identifies the user's company identity. Then, the NAS opens a tunnel to the user's company's Home Gateway, and the Home Gateway performs user-level authentication. When this type of VPN is authenticated, the service provider also needs to know the IP address of the enterprise's Home Gateway.

专线VPN:Dedicated VPN:

在基于IP Tunnel的专线VPN中,点对点协议(PPP:Point to Point Protocol)数据包流通过共享IP网络上的隧道进行传输。隧道是由隧道协议形成的,这与流行的各种网络是依靠相应的网络协议完成通信没有区别。为了传输来自不同网络的数据包,最普遍使用的方法是先把各种网络协议(IP、IPX和AppleTalk等)封装到PPP里,再把这整个PPP数据包装入隧道协议里。在这种情况下,需要知道各个端点的固定IP地址。In the private line VPN based on IP Tunnel, the point-to-point protocol (PPP: Point to Point Protocol) data packet flow is transmitted through the tunnel on the shared IP network. Tunnels are formed by tunneling protocols, which is no different from popular networks that rely on corresponding network protocols to complete communication. In order to transmit data packets from different networks, the most commonly used method is to first encapsulate various network protocols (IP, IPX, AppleTalk, etc.) into PPP, and then encapsulate the entire PPP data into the tunnel protocol. In this case, the fixed IP addresses of the individual endpoints need to be known.

在基于虚拟电路(Vitual Circuit)的VPN中,服务提供商可以提供虚拟电路来建立IP VPN服务。用PVC在帧中继(Frame Relay)和ATM网络中建立点对点连接,并通过路由器来管理第三层的信息。电信运营商或者邮电局可以采用这种办法,充分利用其现有的帧交换(如帧中继)或信元交换(如ATM)基础设施提供IP VPN服务。In a VPN based on virtual circuits, service providers can provide virtual circuits to establish IP VPN services. Use PVC to establish point-to-point connections in Frame Relay (Frame Relay) and ATM networks, and manage layer 3 information through routers. Telecom operators or post offices can use this method to make full use of their existing frame switching (such as frame relay) or cell switching (such as ATM) infrastructure to provide IP VPN services.

由上述可知,无论是拨号VPN还是专线VPN都至少需要一个固定的IP地址来作为鉴权控制的中心。但是对于小型企业,或者连锁型企业,各个分支都比较小,采用基于动态IP的宽带或者窄带接入是最经济的方式,但是在现有技术的方式下难于采用传统的VPN技术建立动态IP用户群之间的VPN,除非通过人工的途径相互交流目前的IP地址。对于个人小团体来说尤其如此。It can be seen from the above that no matter dial-up VPN or leased-line VPN, at least one fixed IP address is required as the authentication control center. However, for small enterprises, or chain enterprises, each branch is relatively small, using broadband or narrowband access based on dynamic IP is the most economical way, but it is difficult to use traditional VPN technology to establish dynamic IP users in the way of existing technologies VPN between groups, unless the current IP address is exchanged with each other through artificial means. This is especially true for small groups of individuals.

发明内容Contents of the invention

本发明的目的在于提供一种基于动态IP地址的虚拟专用网实现方法及系统,以满足动态IP地址情况下的VPN的自动建立。The purpose of the present invention is to provide a method and system for realizing a virtual private network based on a dynamic IP address, so as to satisfy the automatic establishment of a VPN under the condition of a dynamic IP address.

本发明的方法包括以下步骤:在IP公网中建立管理动态IP地址的地址服务器;虚拟专用网的网关通过建立到IP公网的连接以获得出口处的公网IP地址;虚拟专用网网关在地址服务器中注册,至少将网关名称及动态IP地址注册到地址服务器中;当发起端需要连接至目标网关时,发起端的网关先从地址服务器中查询以获得目标网关的IP地址,并利用该IP地址建立连接。The method of the present invention comprises the following steps: set up the address server of management dynamic IP address in IP public network; The gateway of virtual private network obtains the public network IP address of outlet by setting up the connection to IP public network; Virtual private network gateway is in Register in the address server, at least register the gateway name and dynamic IP address in the address server; when the initiator needs to connect to the target gateway, the gateway of the initiator first queries the address server to obtain the IP address of the target gateway, and uses the IP address to establish a connection.

本发明的系统至少包括IP网络以及与该网络连接的虚拟专用网网关,其结构特点在于:所述IP网络中连接有管理动态IP地址的地址服务器,该地址服务器中设置有动态IP地址管理模块和数据模块;所述虚拟专用网网关通过IP网络向地址服务器发送至少包括自身名称和动态IP地址的信息;所述动态IP地址管理模块将虚拟专用网网关的信息存储于数据模块中,根据发起端的查询请求从数据模块中获取目标网关的动态IP地址,由地址服务器提供给发起端网关。The system of the present invention at least includes an IP network and a virtual private network gateway connected to the network, and its structural feature is that an address server for managing dynamic IP addresses is connected to the IP network, and a dynamic IP address management module is arranged in the address server and data module; the virtual private network gateway sends at least the information comprising its own name and dynamic IP address to the address server through the IP network; the dynamic IP address management module stores the information of the virtual private network gateway in the data module, according to the initiation The query request of the terminal obtains the dynamic IP address of the target gateway from the data module, and the address server provides it to the gateway of the initiator.

本发明通过增加动态IP地址注册和查询的机制,实现动态IP地址情况下VPN的自动建立,有效的解决了现有技术难于采用传统的VPN技术建立动态IP用户群之间的VPN的技术问题,而对VPN本身的建立过程没有任何影响。与现有技术相比,本发明简单,容易实现。对于地址服务器,还可以利用INTERNET网上普遍采用的WEB,WEB服务(WEB SERVICE),轻量级目标访问协议(LDAP:LightweightDirectory Access Protocol),域名服务(DNS:domineer name server)等公共服务来实现,因而其实现成本较低。The present invention realizes the automatic establishment of VPN under the condition of dynamic IP address by increasing the mechanism of dynamic IP address registration and query, and effectively solves the technical problem that it is difficult to establish a VPN between dynamic IP user groups in the prior art by adopting traditional VPN technology. It does not have any impact on the establishment process of the VPN itself. Compared with the prior art, the present invention is simple and easy to implement. For the address server, it can also be implemented by using public services such as WEB, WEB service (WEB SERVICE), Lightweight Target Access Protocol (LDAP: Lightweight Directory Access Protocol), domain name service (DNS: domain name server) commonly used on the Internet, Therefore, its implementation cost is lower.

附图说明Description of drawings

图1为实现本发明的系统框图;Fig. 1 is the system block diagram realizing the present invention;

图2为本发明的流程图;Fig. 2 is a flowchart of the present invention;

图3为本发明中VPN网关注册的流程图;Fig. 3 is the flowchart of VPN gateway registration among the present invention;

图4为VPN建立过程示意图;Fig. 4 is a schematic diagram of VPN establishment process;

图5是本发明的地址服务器采用WEB服务器实现的流程图。Fig. 5 is a flow chart of implementing the address server of the present invention using a WEB server.

具体实施方式Detailed ways

参考图1和图2:地址服务器中包括有动态IP地址管理模块和数据模块。该地址服务器连接于IP公网中,用于对接入公网VPN网关的动态IP地址进行管理,地址服务器具有固定的IP地址,如66.77.9.76。分支一和分支二内的私网通过VPN网关接入IP公网中,网关则采用点对点协议(PPP:Point to PointProtocol),通过以太网的点对点协议(PPPOE:PPP over Ethernet)等方式建立到IP网的链接。当网关链接到IP公网时,得到一动态的公网IP地址,然后,网关在地址服务器中注册,将网关名称、公网IP地址、认证密码及其它相关信息注册到地址服务器,由动态IP地址管理模块将其存储于数据模块中,如图3所示。如注册成功,地址服务器将给予确认。当虚拟专用网(VPN)之间需要建立连接时,发起端先从地址服务器中查询目标网关的IP地址,动态IP地址管理模块从数据模块中获取目标网关的动态IP地址,由地址服务器提供给发起端网关。发起端从地址服务器得到目标网关的IP地址后,通过该IP地址建立连接。查询时发起端必须通过认证,对于未通过授权认证的网关,地址服务拒绝查询,以保证信息安全。Referring to Figure 1 and Figure 2: the address server includes a dynamic IP address management module and a data module. The address server is connected to the IP public network and is used to manage the dynamic IP address of the VPN gateway accessing the public network. The address server has a fixed IP address, such as 66.77.9.76. The private networks in branch 1 and branch 2 are connected to the IP public network through the VPN gateway, and the gateway adopts the point-to-point protocol (PPP: Point to Point Protocol), and the point-to-point protocol of Ethernet (PPPOE: PPP over Ethernet) is established to the IP network. web link. When the gateway is connected to the IP public network, a dynamic public IP address is obtained. Then, the gateway registers in the address server, registers the gateway name, public IP address, authentication password and other related information to the address server, and the dynamic IP The address management module stores it in the data module, as shown in FIG. 3 . If the registration is successful, the address server will give confirmation. When a connection needs to be established between virtual private networks (VPN), the initiator first inquires the IP address of the target gateway from the address server, and the dynamic IP address management module obtains the dynamic IP address of the target gateway from the data module, which is provided by the address server to Initiating gateway. After the initiator obtains the IP address of the target gateway from the address server, it establishes a connection through the IP address. The initiator must pass the authentication when querying. For gateways that have not passed the authorization authentication, the address service refuses to query to ensure information security.

参阅图4,图中表示出了虚拟专用网网关A和网关B之间建立连接的过程。VPN网关A和VPN网关B出口处的公网IP地址61.145.x.x、61.135.x.x,名称,授权密码以及其它相关信息已注册于地址服务器中,当VPN网关B需要与VPN网关A建立连接时,VPN网关B通过固定IP地址66.77.9.76与地址服务器建立连接,并通过VPN网关A的授权认证,从服务器中查询得到VPN网关动态的公网IP地址61.145.x.x。VPN网关B根据得到的目标网关A的IP地址61.145.x.x,进行VPN建立的协商,完成之后VPN网关A和VPN网关B之间便建立起了VPN隧道。Referring to FIG. 4, the figure shows the process of establishing a connection between gateway A and gateway B of the virtual private network. The public network IP addresses 61.145.x.x, 61.135.x.x, names, authorization passwords and other relevant information at the exits of VPN gateway A and VPN gateway B have been registered in the address server. When VPN gateway B needs to establish a connection with VPN gateway A, VPN gateway B establishes a connection with the address server through the fixed IP address 66.77.9.76, and obtains the dynamic public network IP address 61.145.x.x of the VPN gateway from the server through the authorization and authentication of VPN gateway A. VPN gateway B negotiates to establish a VPN based on the obtained IP address 61.145.x.x of target gateway A. After completion, a VPN tunnel is established between VPN gateway A and VPN gateway B.

本发明中的地址服务器可为复数个,并根据地域进行合理分布。There may be multiple address servers in the present invention, and they shall be reasonably distributed according to regions.

地址服务器可为独立的服务器,也利用INTERNET网上普遍采用的WEB,WEBSERVICE,LDAP,DNS等公共服务来实现;地址服务器采用WEB SERVICE的方式建立,VPN网关可以通过简单对象访问协议(SOAP:Simple Object Access Protocol)和地址服务交互,通过通用描述、发现和集成(UDDI:Universal Description,Discovery,and Integration)发现该服务;地址服务器采用LDAP SERVER来提供,VPN网关可以通过LDAP协议和地址服务交互;地址服务器采用基于TCP/IP的自定义协议来进行,VPN网关通过承载在TCP/IP协议之上的自定义协议来和地址服务交互。The address server can be an independent server, and it can also be implemented by using public services such as WEB, WEBSERVICE, LDAP, and DNS commonly used on the Internet; the address server is established in the form of WEB SERVICE, and the VPN gateway can use Simple Object Access Protocol (SOAP: Simple Object Access Protocol) interacts with the address service, and discovers the service through Universal Description, Discovery, and Integration (UDDI: Universal Description, Discovery, and Integration); the address server is provided by LDAP SERVER, and the VPN gateway can interact with the address service through the LDAP protocol; the address The server uses a custom protocol based on TCP/IP, and the VPN gateway interacts with the address service through a custom protocol carried on top of the TCP/IP protocol.

图5则表示出了地址服务器采用WEB服务器实现时的流程。由于一般的企业都具有WEB网站,所以可以将该服务嵌入到自己的网站中,可靠性和安全性可以由企业自己控制,同时VPN网关需要配置对应服务的网页地址。从图中可看出,VPN网关A和VPN网关B与地址服务器之间的交互流程发生了改变,利用超文本传输协议(HTTP)承载了相关的注册和查询信息。Fig. 5 shows the process when the address server is realized by using a WEB server. Since most enterprises have WEB websites, they can embed this service into their own websites, and the reliability and security can be controlled by the enterprises themselves. At the same time, the VPN gateway needs to be configured with the webpage address of the corresponding service. It can be seen from the figure that the interaction process between VPN gateway A and VPN gateway B and the address server has changed, and the hypertext transfer protocol (HTTP) is used to carry the relevant registration and query information.

一个企业可以拥有自己的地址服务器,这样企业所有的联网都可以用拨号接入,或者ADSL等的方式接入,而不需要运营商提供特别的支持。An enterprise can have its own address server, so that all the Internet of the enterprise can be accessed by dial-up or ADSL without special support from the operator.

也可以有独立的服务提供商,向公众提供这样的服务,这样对于企业而言,可以完全仅仅利用拨号接入或者ADSL动态接入方式,连接起来,自己也不需要维护地址服务器。There can also be an independent service provider to provide such services to the public. In this way, for enterprises, they can only use dial-up access or ADSL dynamic access to connect, and they do not need to maintain address servers.

本发明充分利用的了公共的地址服务器部件,使得VPN网关在不知道目标VPN的固定IP地址的情况下,可以方便的建立VPN网络。对于采用完全分布的拨号接入的企业是非常方便和经济的。The invention makes full use of the public address server part, so that the VPN gateway can conveniently establish a VPN network without knowing the fixed IP address of the target VPN. It is very convenient and economical for enterprises using fully distributed dial-up access.

Claims (15)

1, based on the Virtual Private Network implementation method of dynamic IP addressing, it is characterized in that: may further comprise the steps:
In the IP public network, set up the address server of management dynamic IP addressing;
The connection of the gateway of Virtual Private Network by being established to the IP public network is to obtain the public network IP address in exit;
The Virtual Private Network gateway is registered in address server, is registered in the address server to major general's gateway name and dynamic IP addressing;
When originating end need be connected to intended gateway, the gateway of originating end was inquired about the IP address with the acquisition intended gateway earlier from address server, and utilizes this IP address to connect;
Described originating end is the originating end that request connects at Virtual Private Network, and described intended gateway is a gateway of accepting the Virtual Private Network of this request.
2, method according to claim 1 is characterized in that: described address server is address server independently.
3, method according to claim 1 and 2 is characterized in that: described address server is a plurality of, and distributes according to the region.
4, method according to claim 1 is characterized in that: described address server is the WEB server, and this WEB server adopts HTML (Hypertext Markup Language) to exchange with the gateway of Virtual Private Network.
5, method according to claim 1 is characterized in that: described address server adopts the WEB service manner to set up, and the virtual private gateway is mutual by Simple Object Access Protocol and address server.
6, method according to claim 1 is characterized in that: described address server adopts lightweight target access protocol server to provide, and the virtual private gateway is mutual by lightweight target access agreement and address server.
7, method according to claim 1 is characterized in that: the Virtual Private Network gateway also comprises when registering in address server authentication password is registered in the address server.
8, method according to claim 1 is characterized in that: the IP address that initiating end gateway inserts the IP public network is that dynamical fashion distributes.
9, method according to claim 1 is characterized in that: carry out authorization identifying before the IP address of initiating end gateway query aim gateway from address server, to the gateway by authorization identifying, address server provides inquiry service, otherwise the refusal inquiry.
10, a kind of system of method according to claim 1 that realizes, at least comprise IP network and the Virtual Private Network gateway that is connected with this network, it is characterized in that: be connected with the address server of management dynamic IP addressing in the described IP network, be provided with dynamic IP addressing administration module and data module in this address server;
Described Virtual Private Network gateway sends the information comprise self title and dynamic IP addressing at least by IP network to address server;
Described dynamic IP addressing administration module in data module, from data module obtains the dynamic IP addressing of intended gateway according to the query requests of originating end with the information stores of Virtual Private Network gateway, offers initiating end gateway by address server;
Described originating end is the originating end that request connects at Virtual Private Network, and described intended gateway is a gateway of accepting the Virtual Private Network of this request.
11, system according to claim 10 is characterized in that: described address server is a plurality of, and distributes according to the region.
12, system according to claim 10 is characterized in that: the authorization message that also comprises the virtual private gateway in the described data module.
13, system according to claim 10 is characterized in that: described address server is the WEB server, and this WEB server adopts HTML (Hypertext Markup Language) to exchange with the gateway of Virtual Private Network.
14, system according to claim 10 is characterized in that: described address server is the server of WEB World Wide Web, and the virtual private gateway is mutual by Simple Object Access Protocol and address server.
15, system according to claim 10 is characterized in that: described address server is a lightweight target access protocol server, and the virtual private gateway is mutual by lightweight target access agreement and address server.
CNB021257604A 2002-08-16 2002-08-16 Virtual specsel net realizing method based on dynamic IP address and system Expired - Fee Related CN1231024C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021257604A CN1231024C (en) 2002-08-16 2002-08-16 Virtual specsel net realizing method based on dynamic IP address and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021257604A CN1231024C (en) 2002-08-16 2002-08-16 Virtual specsel net realizing method based on dynamic IP address and system

Publications (2)

Publication Number Publication Date
CN1476204A CN1476204A (en) 2004-02-18
CN1231024C true CN1231024C (en) 2005-12-07

Family

ID=34143044

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021257604A Expired - Fee Related CN1231024C (en) 2002-08-16 2002-08-16 Virtual specsel net realizing method based on dynamic IP address and system

Country Status (1)

Country Link
CN (1) CN1231024C (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100596076C (en) * 2006-10-20 2010-03-24 华为技术有限公司 User equipment registration and activation system, method and device in personal network management
US8874693B2 (en) * 2009-02-20 2014-10-28 Microsoft Corporation Service access using a service address
WO2010127610A1 (en) * 2009-05-04 2010-11-11 成都市华为赛门铁克科技有限公司 Method, equipment and system for processing visual private network node information
CN101557336B (en) * 2009-05-04 2012-05-02 成都市华为赛门铁克科技有限公司 Method for establishing network tunnel, data processing method and related equipment
CN101572729B (en) * 2009-05-04 2012-02-01 成都市华为赛门铁克科技有限公司 A method for processing virtual private network node information and related equipment and system
CN102196059A (en) * 2011-05-26 2011-09-21 石家庄博士德软件科技开发有限公司 Technology for acquiring dynamic Internet protocol (IP) address of server in real time
CN102299836A (en) * 2011-09-16 2011-12-28 北京星网锐捷网络技术有限公司 Method and device for accessing access equipment
CN103780713A (en) * 2012-10-26 2014-05-07 苏州精易会信息技术有限公司 Method for acquiring dynamic IP address of server in real time
CN103475563A (en) * 2013-09-28 2013-12-25 上海成业智能科技股份有限公司 Implementation method and monitoring system for public network VPN with non-fixed IP address
CN105357331A (en) * 2015-10-28 2016-02-24 烽火通信科技股份有限公司 Pseudo-static IP implementation method and system based on dynamic IP
CN109728988B (en) * 2017-10-27 2020-05-12 贵州白山云科技股份有限公司 Inter-intranet communication method and device
CN109245998A (en) * 2018-10-09 2019-01-18 郑州云海信息技术有限公司 A kind of method, system and associated component accessing NAS
CN110943999B (en) * 2019-12-05 2022-03-22 拉货宝网络科技有限责任公司 Logistics multi-bin network intercommunication and monitoring method
CN113271218B (en) * 2020-02-17 2023-03-21 中国电信股份有限公司 VPN service configuration method, system, orchestrator and storage medium
CN113194160A (en) * 2021-04-22 2021-07-30 西安交通大学 Large-span domain IP address rapid dynamic switching system and method
CN118827087B (en) * 2023-09-07 2025-11-21 中国移动通信集团广东有限公司 Service method, device and system for network security

Also Published As

Publication number Publication date
CN1476204A (en) 2004-02-18

Similar Documents

Publication Publication Date Title
CN1231024C (en) Virtual specsel net realizing method based on dynamic IP address and system
US20020038371A1 (en) Communication method and system
AU770584B2 (en) Secured session sequencing proxy system and method therefor
US7325058B1 (en) Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites
DE60130042T2 (en) DISTRIBUTED SERVER FUNCTIONALITY FOR AN EMULATED LAN
US6874030B1 (en) PPP domain name and L2TP tunnel selection configuration override
EP1370040B1 (en) A method, a network access server, an authentication-authorization-and-accounting server, and a computer software product for proxying user authentication-authorization-and-accounting messages via a network access server
US8204042B2 (en) Methods, systems, and computer program products for establishing VoIP service in a network
Cohen On the establishment of an access VPN in broadband access networks
US7290286B2 (en) Content provider secure and tracable portal
KR100333530B1 (en) Method for configurating VPN(Virtual Private Network) by using NAT(Network Address Translation) and computer readable record medium on which a program therefor is recorded
CN1478232A (en) Systems and methods for secure network mobility
CN1802821A (en) Personal remote firewall
US6928463B1 (en) Broadband content delivery via personal content tunnel
US20090113036A1 (en) System and Method for Logging Communications
CN1666476A (en) Systems and methods for communicating in a load balancing environment
CN1538706A (en) A HTTP redirection method for WEB authentication
CN1571383A (en) A method for implementing campus network
JP3616570B2 (en) Internet relay connection method
CN1553642A (en) A method of establishing a virtual private network
US20050021746A1 (en) Information collecting system for providing connection information to an application in an IP network
CN1505345A (en) A method for accessing user's forced access to authentication server
WO2004014045A1 (en) Service class dependant asignment of ip addresses for cotrolling access to an d delivery of e-sevices
CN1118171C (en) On-demand system and method for access repeater applied to virtual private network
WO2003003664A1 (en) System and method for address and key distribution in virtual networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20051207

Termination date: 20130816