A method for realizing the establishment of multiple ipsec tunnels between network devices

Abstract

The invention provides a method for achieving establishment of multiple internet protocol security (IPsec) tunnels among network devices. The method for achieving the establishment of the multiple IPsec tunnels among the network devices includes the following steps that static allocation is conducted on a server side, wherein the allocation comprises a local internet protocol (IP) address of the establishment of the IP sec tunnels of the server side, a two-dimension corresponding table is allocated, and the two-dimension corresponding table comprises IP addresses of all client sides and protection subnets corresponding to the IP addresses; the server side scans the two-dimension corresponding table and judges whether information of source protection subnet and information of objective protection subnets are matched according to a received tunnel establishment request sent by a client side communication initiator, one IPsec tunnel is established between the initiator and the server side when the information of source protection subnet and the information of the objective protection subnets are matched, the server side and a client side responder conduct inverse negotiation, the client side responder judges whether the protection subnet of the client side is matched with the information of the objective protection subnets according to the establishment request information sent by the server side, when the protection subnet of the client side is matched with the information of the objective protection subnets, tunnel connection is established, and when the protection subnet of the client side is not matched with the information of the objective protection subnets, tunnel connection between the initiator and the server side is broken. Through the method for achieving the establishment of the multiple IPsec tunnels among the network devices, dynamic connection and dynamic maintenance of the multiple IPsec tunnels among the network devices are achieved.

Description

technical field [0001] The invention relates to the technical field of Internet communication, in particular to a method for realizing the establishment of multiple IPsec tunnels between network devices. Background technique [0002] n IPsec (Internet Protocol Security, Internet Security Protocol) client network devices are connected to the same IPsec server network device, so that each IPsec client network device establishes an IPsec tunnel with the IPsec server network device, and requires every two IPsec client network devices The devices can communicate, and the existing method is to configure each IPsec client network device into n-1 protection subnets, respectively corresponding to the subnets of other n-1 IPsec client network devices. However, when the number of IPsec client network devices is large, for example, there are 100 clients, you need to configure 99 protection subnets for each client network device, and configure each IPsec client network device on the IPse...

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to provide a method for establishing multiple IPsec tunnels between network devices, which solves the problem of large resource consumption and difficult maintenance when establishing multiple IPsec tunnel connections between network devices

Images