[go: up one dir, main page]

WO2010081380A1 - Procédé et dispositif de passerelle pour un contrôle d'accès de réseau local - Google Patents

Procédé et dispositif de passerelle pour un contrôle d'accès de réseau local Download PDF

Info

Publication number
WO2010081380A1
WO2010081380A1 PCT/CN2009/076252 CN2009076252W WO2010081380A1 WO 2010081380 A1 WO2010081380 A1 WO 2010081380A1 CN 2009076252 W CN2009076252 W CN 2009076252W WO 2010081380 A1 WO2010081380 A1 WO 2010081380A1
Authority
WO
WIPO (PCT)
Prior art keywords
gateway
packet
user
ipsec
local area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2009/076252
Other languages
English (en)
Chinese (zh)
Inventor
张战兵
陈爱平
徐蒙
孙宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Digital Technologies Chengdu Co Ltd
Original Assignee
Huawei Symantec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Symantec Technologies Co Ltd filed Critical Huawei Symantec Technologies Co Ltd
Publication of WO2010081380A1 publication Critical patent/WO2010081380A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method for access control of a local area network and a gateway device.
  • the existing gateway access modes are mainly Security Socket Layer (SSL) and Security Architecture for IP network (IPSec). They are usually connected behind the firewall and before the LAN resources. , providing secure access to external network users.
  • SSL Security Socket Layer
  • IPSec Security Architecture for IP network
  • the user enters a user name and password on the login interface, and the gateway performs a full certificate on the user name and password input by the user according to the saved user information database. After the full certificate is passed, the gateway negotiates an SSL-encrypted key with the user. , then complete the login. Thereafter, the data packets transmitted between the gateway and the user are encrypted using the key, and the gateway and the user can use the key to decapsulate the transmitted data packets. To achieve security control of data transmission.
  • a significant disadvantage of the SSL access gateway is that if a user wants to access multiple physical LANs, it needs to register separately on multiple gateways of the multiple LANs. The user operation is cumbersome and inconvenient.
  • the embodiment of the invention provides a method for accessing a local area network and a gateway device, which can obtain the right to access a plurality of local area network resources after the user registers with a gateway.
  • the embodiment of the invention provides a method for access control of a local area network, including:
  • the first gateway interacts with the second gateway to synchronize the registered user information;
  • the first gateway receives an access request of the user;
  • the first gateway performs access control on the user access to the local area network according to the registered user information synchronized with the second gateway.
  • the embodiment of the invention further provides a gateway device, including:
  • An information synchronization unit configured to perform synchronization with another gateway to perform registration of user information
  • an access control unit configured to receive an access request of the user, and connect the user to access the local area network according to the registered user information synchronized with another gateway Into control.
  • the registration user information is synchronized through the interaction between the gateways; when the user registers with one gateway and then logs in to other gateways, other gateways can access the local area network according to the synchronized registered user information. Perform access control. It is not necessary to repeat the registration in other gateways according to the prior art, which simplifies the process of user registration, so that once the user is used to obtain access rights at a gateway, the user can log in to multiple local area networks to obtain resources, which greatly facilitates the user.
  • FIG. 1 is a schematic diagram of networking in accordance with an embodiment of the present invention.
  • FIG. 2 is a flowchart of a method for access control of a local area network according to an embodiment of the present invention
  • FIG. 3 is a flowchart of a method for access control of a local area network according to an embodiment of the present invention
  • FIG. 4 is a structure of a gateway device according to an embodiment of the present invention
  • FIG. 5 is a schematic structural diagram of a gateway device according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • Embodiments of the present invention provide a method for access control of a local area network, and a gateway device and a communication system Method.
  • a networking diagram of an embodiment of the present invention establishes an IPSec (Security Architecture for IP network, IP layer) between gateways (first gateway and second gateway) of different local area networks (LAN 1 and LAN 2). Protocol security structure) tunnel, the first gateway and the second gateway interact through the IPsec channel to maintain synchronization of registered user information.
  • the other gateway can obtain the registration of the user through data synchronization.
  • User information wherein the first gateway is in the local area network 1 and the second gateway is in the local area network 2; in this example, data transmission using the IPSec channel can ensure the security of communication between the local area network 1 and the local area network 2.
  • LAN 1 and LAN 2 are safe for the user. You can directly access the resources of LAN 1 and LAN 2.
  • the data sent to the local area network 2 is intercepted by the first gateway, encapsulated into an IPsec message and sent to the second gateway, and then parsed by the second gateway and forwarded to the local area network 2, and vice versa. It can be understood that the user can directly access the local area network 2 without going through the local area network 1. Since the user has already registered at the first gateway, it is not necessary to repeat the registration at the second gateway, and the resources of the local area network 2 can be directly accessed through the verification of the second gateway.
  • the method for accessing local area network access control includes: A1, the first gateway interacts with the second gateway to synchronize the registered user information;
  • the synchronization process can be divided into an initial synchronization phase and an update synchronization phase:
  • the initial synchronization phase the gateway copies all the registered user information of each other to complete the initial synchronization; when the registered user information between the gateways is completely consistent, the update synchronization phase is entered;
  • Update synchronization phase After the initial synchronization, when the registered user information of a certain gateway changes, the changed data is notified to other gateways with synchronization relationship, and other gateways perform data update.
  • the update is performed.
  • the information is sent to another gateway for configuration updates. To ensure that the first gateway and the second gateway have the same registered user information.
  • the registered user information includes:
  • the user's login identity verification information and the corresponding user access security control policy may be in various forms for identifying the user, generally in the form of a user name and a password, which may be understood, and may also be used, such as: a user's Internet Protocol (IP) address, media access. A control (MAC) address or the like that can identify the identity of the user.
  • IP Internet Protocol
  • MAC control
  • the security control policy includes: a user's permission setting and a local area network resource corresponding to the permission.
  • User permissions can be divided into administrator level, user level, and visitor level;
  • Users with user-level privileges can access and tamper with resources in the shared area;
  • the registration user information changes include: registration of new users, destruction of user information, change of user privilege level, change of resource configuration corresponding to privilege level, and the like.
  • the communication between the first gateway and the second gateway is established by using the embodiment of the present invention.
  • the IPsec tunnel implements data transmission between the first gateway and the second gateway through an IPsec tunnel, and encapsulates the data into an IPsec format before the data transmission. .
  • the communication in the IPsec tunnel mode can make the data exchanged between the gateways more secure, because only the gateway having the tunnel identifier can decapsulate the IPsec packet, and the present invention is not limited to the manner of completing the gateway between the gateways. Communication, existing conventional communication methods can be used, such as a conventional conversation mode, etc., and the specific manner does not constitute a limitation of the present invention. It can be understood that if the IPsec tunnel is disconnected, the first gateway and the second gateway renegotiate to establish an IPsec tunnel to ensure real-time connectivity.
  • the first gateway receives an access request of the user.
  • the first gateway performs access control on the user accessing the local area network according to the registered user information synchronized with the second gateway.
  • the process of determining whether the user is registered in the first gateway includes:
  • the process of specifically determining whether the user is registered in the first gateway may be: acquiring an IP address or a MAC address in the user access request, and checking whether the registration information synchronized with the second gateway includes the The IP address or MAC address, if included, allows access by the user.
  • the method further includes: the first gateway receives the packet and performs packet forwarding processing.
  • the gateway can receive three types of packets and can perform different processing on different packets.
  • the packet received by the first gateway is a Secure Sockets Layer SSL packet
  • the packet is decapsulated, and the security control policy of the user is checked. If the gateway security policy is not met, the packet is discarded. If the security control policy of the gateway is met, the destination address of the packet is further determined. If the destination address is the local area network where the first gateway is located, the forwarding is performed directly, if the destination address of the packet is the second address. The local area network of the gateway is encapsulated into IPsec packets and sent to the second gateway through the IPsec tunnel.
  • the packet received by the first gateway is a packet of the local area network where the first gateway is located, if the destination address of the packet is a public network, the packet is encapsulated into an SSL packet and sent; if the packet is The local area address is the local area network where the second gateway is located, and is encapsulated into an IPsec message and sent to the second gateway through an IPsec tunnel with the second gateway.
  • the packet received by the first gateway is an IPsec packet sent by the second gateway, it is determined whether the destination address of the packet is the local area network of the gateway, and if yes, the IPsec decapsulation is performed and then forwarded.
  • the registration user information is synchronized by the interaction between the gateways; when the user registers with another gateway and then logs in to other gateways, the other gateways can access the local area network according to the synchronized registered user information.
  • the process of registering with other gateways is not required in the prior art, which simplifies the process of user registration, so that once the user is used to obtain access rights at a gateway, the user can log in to multiple local area networks to obtain resources, which greatly facilitates the user.
  • an IPsec tunnel is established between the gateways, and the registered user information is synchronized and data transmitted through the established IPsec tunnel, so that the data transmission between the gateways is more secure and reliable.
  • An embodiment of the present invention describes a feasible processing manner of a gateway for different packets, and the process As shown in Figure 3, it includes:
  • the gateway receives the ⁇ text
  • step B2 checking the type of the message; if the type of the message is an ordinary message, that is, the message is a message inside the local area network of the gateway, proceed to step B3; if the type of the message is an SSL message, continue the step B4; If the type of the packet is an IPsec packet, proceed to step B5;
  • the ordinary message processing is performed, and the specific processing manner is as follows: if the destination address of the ordinary packet is a public network, the packet is sent after being encapsulated by SSL; if the destination address of the ordinary packet is the local area network where the gateway is located If the destination address of the ordinary packet is another local area network, the packet is encapsulated into an IPsec message and sent to the opposite gateway through an IPsec tunnel with the gateway in the other local area network.
  • step B4 parsing the SSL packet and proceeding to step B6.
  • step B6 Performs security policy matching on the data that is synchronized with other gateways. If the matching succeeds, proceed to step B8. If the matching fails, proceed to step B7.
  • step B8 determining whether the destination address of the packet is the local area network of the gateway, and if yes, proceeding to step B9, if no, proceeding to step B10.
  • B9 Forwards the packet according to the destination address, and ends the process.
  • step B10 Search for an IPsec tunnel according to the destination address of the packet. If found, proceed to step B11. If no, continue to step B12.
  • the gateway saves the IPsec tunnel established with other gateways and saves it as an Access Control List (ACL).
  • ACL Access Control List
  • the gateway in the embodiment of the present invention can process IPsec and SSL packets. After the IPsec tunnel is configured, the gateway maintains the communication relationship between the two ends of the IPsec tunnel. Once the tunnel is broken, The gateway will re-negotiate to establish a tunnel. After each tunnel is established, the gateway can re-synchronize the registered user information at both ends.
  • the changed data can be updated to reduce the amount of data transmitted during synchronization, and specifically, the changed data can be sent to the opposite gateway by updating the information.
  • the changed data here can include: modified data, added data, deleted data.
  • a flag bit, a serial number, and an aging bit are set for each registered user information.
  • the registered user information includes: a user's login identity verification information and a corresponding user access security control policy
  • the security control policy includes: a user's permission setting and a local area network resource whose permission corresponds to the access.
  • the registered user information of different gateways has different sequence numbers assigned. This serial number is used to uniquely identify each registered user information.
  • the flag bit is used to identify the status of each registered user information.
  • the meaning of the representation of the value of the flag bit is shown in Table 1.
  • Registered user information with flags 1 and 5 will not take effect and will only be saved in the gateway for synchronization. Registered user information with flags 2, 3, and 4 will take effect; the configuration information with flag 3 indicates that the synchronization between gateways is normal, and other values indicate synchronization exceptions.
  • the flag position of each registered user information is 1. Then the current gateway will send the registered user information to the correspondent gateway, and set the flag bit to 2. Once the confirmation of the peer gateway is received, the flag position is 3. The error retransmission mechanism ensures that information can be sent to the other party.
  • the receiver gateway After receiving the configuration registration user information, the receiver gateway sets the registration user information flag to 2 and sends an acknowledgement message. Once the confirmation message of the other party is received, set the flag to 3.
  • a configuration registration user information will take effect when the status is 2 or 3.
  • the gateway periodically registers the user information with the query flag bit other than 3, sends it to the peer gateway, and modifies the value of the aging bit plus one.
  • the aging bit is the preset number of transmissions.
  • the gateway sets the registered user information flag to 4, reports the network management, the recording configuration is abnormal, and the transmission is no longer sent. Configure registered user information.
  • the first transmission will set the aging position to 1, the second transmission will aging the position 2, the third transmission will aging the position 3, and the critical value will be reached.
  • the user information flag position 4 will be registered.
  • the local gateway For the modified registered user information, the local gateway marks it as changing back to 2 and sends the registered user information to the opposite gateway, and then sets it to 3 after receiving the correct response from the peer. If the local gateway receives the modified registered user information, the registered user information is modified. If the modification is successful, the flag bit is unchanged, and if the flag is 1 J, the flag is set to 5 and reported to the network management.
  • the registered user information is marked with a flag of 5, and the serial number of the registered user information is sent to the opposite gateway. After the other gateway correct response is received, the local delete, no shellfish 1 J, the flag 4 the NMS.
  • the administrator can choose to initiate a resend or delete the information locally.
  • the administrator can also choose to send all local configuration information to overwrite the remote gateway information or request the remote gateway to send all configuration information to the gateway.
  • the gateway device provided by an embodiment of the present invention includes: an information synchronization unit 410, configured to perform synchronization with another gateway to perform registration of user information; and an access control unit 420, configured to receive a user. Access request, according to the synchronization with another gateway The registered user information controls the access of the user to the local area network.
  • the gateway device 500 provides an example of a specific feasible processing manner of the access control unit. This example should be understood as the implementation of the access control unit function applied to a specific scenario.
  • the limitation of the invention is as shown in FIG. 5, which includes:
  • the information synchronization unit 510 is configured to perform synchronization with the other gateway to perform registration of the user information.
  • the access control unit 520 is configured to: when the gateway receives the packet sent by the user, according to the registered user information synchronized with another gateway. The user accesses the local area network for access control.
  • the IPsec tunnel establishing unit 530 is configured to establish an IPsec tunnel with another gateway, where the IPsec tunnel is used to transmit data between the gateways, and the data is encapsulated into an IPsec format before the data transmission. .
  • the packet forwarding unit 540 is configured to receive the packet and perform forwarding processing.
  • the packet forwarding unit 540 includes:
  • the message classification unit 541 is configured to detect the type of the received message; if the received message is an SSL message, the message is sent to the SSL message processing unit; if the received message is an ordinary message, The packet is sent to the normal packet processing unit for processing; if the received packet is an IPsec packet, the packet is sent to the IPsec packet processing unit for processing;
  • the SSL packet processing unit 542 is configured to receive the SSL packet of the packet classification unit 541, and then perform the packet unblocking; check the security control policy of the user, and if the gateway security policy is not met, discard the packet; The security control policy of the gateway further determines the destination address of the packet. If the destination address is the local area network where the first gateway is located, the device directly forwards the packet if the destination address of the packet is the second gateway. The local area network is encapsulated into an IPsec message and sent to another gateway through an IPsec tunnel;
  • the normal packet processing unit 543 is configured to receive the normal packet of the packet classification unit 541. If the destination address of the packet is a public network, the packet is encapsulated into an SSL packet, and the destination address of the packet is The local area network where the other gateway is located is encapsulated into an IPsec packet and sent to another gateway through an IPsec tunnel;
  • the IPsec packet processing unit 544 is configured to receive the IPsec packet of the packet classification unit 541, and determine whether the destination address of the packet is the local area network where the gateway is located, and if yes, perform IPsec decapsulation and then forward the packet.
  • the registration of the user information is synchronized by the interaction between the gateways.
  • the gateway can access the local area network according to the registered user information synchronized with the other gateways. control.
  • the process of user authentication and authorization is more convenient and simpler. Once used to obtain access rights in a gateway, it is possible to repeatedly log in to other gateways without the prior art, and directly and freely access other local area networks through unified security policy management. Great convenience for users.
  • the changed data when data synchronization is performed between gateways, only the changed data may be updated, that is, the changed data is sent to the opposite gateway by the update information to achieve the purpose of reducing the amount of synchronized data. Synchronization is achieved by making the data exchanged less between the gateways, thereby saving network bandwidth and improving synchronization efficiency.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
  • ROM read-only memory
  • RAM random access memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé pour un contrôle d'accès de réseau local (LAN) comprenant les étapes suivantes : une première passerelle réalise la synchronisation d'informations d'utilisateurs d'enregistrement interagissant avec une seconde passerelle; la première passerelle reçoit une demande d'accès de l'utilisateur; selon les informations d'utilisateurs d'enregistrement synchronisées avec la seconde passerelle, la première passerelle réalise le contrôle d'accès pour l'utilisateur qui accède au LAN. Un dispositif de passerelle comprend : une unité de synchronisation d'informations qui est utilisée pour réaliser la synchronisation d'informations d'utilisateurs d'enregistrement interagissant avec une autre passerelle; une unité de contrôle d'accès qui est utilisée pour recevoir la demande d'accès de l'utilisateur et réaliser le contrôle d'accès pour l'utilisateur qui accède à un LAN selon les informations d'utilisateurs d'enregistrement synchronisées avec l'autre passerelle. Il peut être fait en sorte que l'utilisateur puisse obtenir l'autorité pour accéder à des ressources de LAN multiples après l'enregistrement au niveau d'une passerelle.
PCT/CN2009/076252 2009-01-19 2009-12-30 Procédé et dispositif de passerelle pour un contrôle d'accès de réseau local Ceased WO2010081380A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910005547XA CN101478485B (zh) 2009-01-19 2009-01-19 局域网访问控制的方法以及网关设备
CN200910005547.X 2009-01-19

Publications (1)

Publication Number Publication Date
WO2010081380A1 true WO2010081380A1 (fr) 2010-07-22

Family

ID=40839120

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/076252 Ceased WO2010081380A1 (fr) 2009-01-19 2009-12-30 Procédé et dispositif de passerelle pour un contrôle d'accès de réseau local

Country Status (2)

Country Link
CN (1) CN101478485B (fr)
WO (1) WO2010081380A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113625589A (zh) * 2021-09-15 2021-11-09 云茂互联智能科技(厦门)有限公司 一种设备控制方法、装置、电子设备和存储介质
CN113992440A (zh) * 2021-12-28 2022-01-28 北京安博通科技股份有限公司 一种网关设备和将本地数据传入IPsec隧道的方法

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478485B (zh) * 2009-01-19 2012-04-04 成都市华为赛门铁克科技有限公司 局域网访问控制的方法以及网关设备
CN101951380B (zh) * 2010-09-28 2013-08-28 杭州华三通信技术有限公司 轻量级双栈组网中的访问控制方法及其装置
CN106936779A (zh) * 2015-12-29 2017-07-07 北京网御星云信息技术有限公司 一种数据连接方法、系统及装置
CN106549864B (zh) * 2016-12-06 2019-11-22 上海电器科学研究院 一种云网关的通信实现方法
CN110493319B (zh) * 2019-07-23 2022-07-12 视联动力信息技术股份有限公司 数据同步方法、系统及装置
CN110635979B (zh) * 2019-10-21 2022-02-01 杭州鸿雁智能科技有限公司 局域网内的通信设备之间互联的方法
CN114040403B (zh) * 2021-10-26 2024-05-24 青岛海尔科技有限公司 设备同步方法、装置及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060236382A1 (en) * 2005-04-01 2006-10-19 Hinton Heather M Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment
CN101075875A (zh) * 2007-06-14 2007-11-21 中国电信股份有限公司 在门户/系统之间实现单点登录的方法及其系统
CN101166173A (zh) * 2006-10-20 2008-04-23 北京直真节点技术开发有限公司 一种单点登录系统、装置及方法
CN101478485A (zh) * 2009-01-19 2009-07-08 成都市华为赛门铁克科技有限公司 局域网访问控制的方法以及网关设备

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100367715C (zh) * 2004-09-30 2008-02-06 迈普(四川)通信技术有限公司 一种实现通信负载均衡的方法及网关、上端网关
CN101262350B (zh) * 2008-04-23 2012-02-08 杭州华三通信技术有限公司 一种Portal双机热备份的实现方法、系统及设备

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060236382A1 (en) * 2005-04-01 2006-10-19 Hinton Heather M Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment
CN101166173A (zh) * 2006-10-20 2008-04-23 北京直真节点技术开发有限公司 一种单点登录系统、装置及方法
CN101075875A (zh) * 2007-06-14 2007-11-21 中国电信股份有限公司 在门户/系统之间实现单点登录的方法及其系统
CN101478485A (zh) * 2009-01-19 2009-07-08 成都市华为赛门铁克科技有限公司 局域网访问控制的方法以及网关设备

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113625589A (zh) * 2021-09-15 2021-11-09 云茂互联智能科技(厦门)有限公司 一种设备控制方法、装置、电子设备和存储介质
CN113625589B (zh) * 2021-09-15 2023-12-12 云茂互联智能科技(厦门)有限公司 一种设备控制方法、装置、电子设备和存储介质
CN113992440A (zh) * 2021-12-28 2022-01-28 北京安博通科技股份有限公司 一种网关设备和将本地数据传入IPsec隧道的方法
CN113992440B (zh) * 2021-12-28 2022-08-19 北京安博通科技股份有限公司 一种网关设备和将本地数据传入IPsec隧道的方法

Also Published As

Publication number Publication date
CN101478485A (zh) 2009-07-08
CN101478485B (zh) 2012-04-04

Similar Documents

Publication Publication Date Title
WO2010081380A1 (fr) Procédé et dispositif de passerelle pour un contrôle d'accès de réseau local
US6976177B2 (en) Virtual private networks
JP3844762B2 (ja) Eponにおける認証方法及び認証装置
JP5239341B2 (ja) ゲートウェイ、中継方法及びプログラム
US20050125692A1 (en) 802.1X authentication technique for shared media
US20070055752A1 (en) Dynamic network connection based on compliance
CN102461265B (zh) 位置确定的网络访问
JP2004213632A (ja) コンピュータシステムがネットワークにアクセスするように準備する際に自動化のレベルを高める方法、コンピュータプログラム及び記録媒体
JP2009533932A (ja) キー導出におけるパラメータ結合に基づくチャネル結合機構
WO2014021870A1 (fr) Détermination d'activation ou de désactivation de caractéristique basée sur un message de découverte
WO2010063242A1 (fr) Procédé, dispositif et système de réseau de synchronisation d’horloge
CN101102188B (zh) 一种移动接入虚拟局域网的方法与系统
CN105915550A (zh) 一种基于SDN的Portal/Radius认证方法
JP2018514956A (ja) データをルーティングするために証明書データを使用する装置と方法
JP4920878B2 (ja) 認証システム、ネットワーク集線装置及びそれらに用いる認証方法並びにそのプログラム
CN109040059B (zh) 受保护的tcp通信方法、通信装置及存储介质
WO2010091579A1 (fr) Procédé et client destinés à transmettre des paquets sur la base d'un tunnel de réseau privé virtuel
CN101288063A (zh) 无线设备发现和配置
US8819790B2 (en) Cooperation method and system between send mechanism and IPSec protocol in IPV6 environment
CN100544348C (zh) 代理检测方法
JP4630296B2 (ja) ゲートウェイ装置および認証処理方法
CN104244210A (zh) 一种应急通信方法、移动终端、认证服务器和无线接入点
CN100556027C (zh) 一种基于网络密钥交换协议的地址更新方法
CN111586017A (zh) 通信用户认证的方法和装置
CN111416824A (zh) 一种网络接入认证控制系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09838167

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC OF 031111

122 Ep: pct application non-entry in european phase

Ref document number: 09838167

Country of ref document: EP

Kind code of ref document: A1