Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A kind of ipsec VPN gateway data processing method

A data processing and network data packet technology, applied in the field of communication security, can solve problems such as error-prone, network failure, and cumbersome policy configuration, and achieve the effects of simplifying policy configuration, improving efficiency, and simplifying the data communication process

Active Publication Date: 2016-03-02
中电科网络安全科技股份有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Since the headquarters and branches form a mesh network structure, and there may be internal LANs of a certain scale in the headquarters and branches, each IPSecVPN gateway may need to pack and configure the network information of other gateways, including other gateways The IP address of the network, the intranet addresses protected by other gateways, and even the addresses and ports of a series of intranet services protected by other gateways, and policies need to be configured based on these information and the network information protected by this gateway, and once a certain network Or the service changes, and the related IPSecVPN gateway needs to modify the corresponding policy. In this case, the configuration of the policy will be quite cumbersome and error-prone, resulting in network failure and affecting the network services provided by the IPSecVPN gateway.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A kind of ipsec VPN gateway data processing method
  • A kind of ipsec VPN gateway data processing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 2

[0065] Embodiment 2: The working computer 2 in the branch office 1 accesses the server 2 in the branch office 2 (the access data packet is routed to the IPSecVPN gateway of the branch office 1, and no permission access setting is performed at this time), the specific process is:

[0066] Step 1: The IPSecVPN gateways of branch 1 and branch 2 first publish the network services they protect to the information publishing service of the headquarters, and at the same time, obtain other IPSecVPN gateways and their protected network / service information, ( figure 2 in process "1").

[0067] Step 2: The IPSec VPN gateway of branch one judges that the network data packet should be processed according to the protocol of IPSec protection packet flow according to the information obtained from the information publishing server. The specific process is: Encapsulate the source data packet into an ESP packet according to the security parameters negotiated by IKE between the two IPSecVPN gatew...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of communication safety, in particular to a method for automatically configuring an IPSec policy of an IPSec VPN. The technological problem needing to be solved is to provide a method for processing IPSec VPN gateway data. According to the method for processing the IPSec VPN gateway data, a network and service which are protected by each IPSec VPN gateway only need to be configured, information of an information issuing center is configured, and interconnection and interworking among networks protected among the IPSec VPN gateways can be achieved. According to the method for processing the IPSec VPN gateway data, through communications of an information issuing server, the IPSec VPN and the like, the policy configuration of the IPSec VPN gateways is simplified, the information of the network / service and information issuing service protected by each IPSec VPN gate only needs to be configured, and interconnection and interworking among the networks protected among the IPSec VPN gateways can be achieved. The method for processing the IPSec VPN gateway data is applied to the field of data communication safety.

Description

technical field [0001] The invention relates to the field of communication security, in particular to an IPSec VPN automatic configuration method for IPSec policies. Background technique [0002] IPSec (Internet Protocol Security) is a network transmission protocol suite (a collection of interrelated protocols) that protects the IP protocol (a collection of interrelated protocols) by encrypting and authenticating IP protocol (Internet Protocol) packets to provide end-to-end public and private networks. Encryption and authentication services. [0003] IPsec consists of two major parts: (1) Key exchange protocol for establishing secure packet flow; (2) Protocol for protecting packet flow. The former is the Internet Key Exchange (IKE) protocol. The latter includes Encapsulating Security Payload Protocol (ESP Protocol) or Authentication Header Protocol (AH Protocol) protocol for encrypted packet flow, which is used to ensure data confidentiality, source reliability (authentica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24H04L12/46
Inventor 吴庆国
Owner 中电科网络安全科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com