Under the environments in which there are a plurality of different networks which are undesirable to be mutually accessed from one another for the reasons of security or the like, e.g., environments where there are a plurality of networks in each of units such as organizations like enterprises, schools, etc., or environments where there are a plurality of networks in each of users or communication line providers such as ISPs (Internet Services Providers), wholesale providers (who do not operate ISP business on their own but provide communication lines connecting between users and ISPs), etc., techniques such as VLAN (Virtual Local Area Network), tunneling protocols represented by L2TP (Layer 2 Tunneling Protocol) and so on are widely used for ensuring security between networks.
FIG. 12 is an example of ensuring security by using a VLAN. In this figure, a network 1a and a network 1b are different from each other, so communication packets from a user terminal 12a are output from the network 1a, and communication packets from a user terminal 12b are output from the network 1b. A repeater 19 illustrated severs to repeat communications from the networks 1a, 1b connected thereto. In general, the repeater 19 is a switching hub corresponding to a VLAN or the like and has a function to accommodate packets input thereto from specific ports into the set VLAN. In an example shown in this figure, packets input from the network 1a are accommodated in the virtual network 5a, and packets input from the network 1b are accommodated in the virtual network 5b. According to such a technique, it is possible to sent communication packets to an external network 10 through an externally connected network 18a or 18b, while avoiding mutual access between the network 1a and the network 1b. 
FIG. 13 is an example of ensuring security by using L2TP. A repeater 20 in this figure is generally an L2TP-enabled server, an L2TP-enabled switch or the like, and serves to encapsulate packets input thereto under a preset condition and forward them to gateways or server switches existing in prescribed externally connected networks 18a, 18b. In the example illustrated in this figure, packets input from the network 1a are forwarded to the externally connected network 18a by using a layer 2 tunneling 21a, and packets input from the network 1b are forwarded to the externally connected network 18b by using a layer 2 tunneling 21b. According to such a technique, it is possible to sent communication packets to the external network 10 through the externally connected networks 18a and 18b, while avoiding mutual access between the network 1a and the network 1b. 
In actuality, wholesale providers provide connection to IPSs or the like using VLANs and tunneling protocols after conducting user authentication and network connection by performing authentication through a PPPoE (PPP over Ethernet) protocol, etc., or authentication through MAC (Media Access Control) addresses, or delivery of IP addresses to connection units by using BASs (Broadband Access Servers), etc.
Although security is ensured in this manner by using the above-mentioned technique in environments where there exit different networks, there are further required devices and/or techniques which enable access to a common device while keeping security between networks without generating unnecessary or wasteful traffic such as transmission by way of external networks as well as without performing complicated settings such as setting a plurality of discrete addresses to a device to be accessed.
When access is made to a common device from networks in a state where security is ensured between the networks, there are the following conventional methods: a method in which each of the networks is once returned to a state where security is not ensured or in which the common device is provided with a plurality of security-equipped interfaces corresponding to the addresses of the networks, respectively; a method of accessing the common device by way of external networks: and a method of accessing the common device with address translation being carried out by a gateway installed for each of the networks.
FIG. 14 is a view that illustrates a technique of returning a network to a state thereof where security is not ensured temporarily. In this figure, there is illustrated the case where routing from a VLAN to a network 23 through a router 22 is carried out in order to make access from the VLAN to a device 6 that is a common access destination. Under such a condition, securities of a virtual network 5a and a virtual network 5b are not kept.
FIG. 15 is a view that illustrates a technique in which a common device is provided with a plurality of security-equipped interfaces corresponding to the addresses of networks, respectively. In this figure, it is configured that in order to enable access from a VLAN to a device 6 that is a common access destination, the device 6 is provided with an interface 24a for a virtual network 5a and an interface 24b for a virtual network 5b. In this case, it is necessary to allocate the addresses belonging to the virtual networks 5a, 5b to the interfaces 24a, 24b. In this configuration, a DNS (Domain Name System server (not shown) for returning different addresses to input networks, respectively, is needed, but it is difficult for a general DNS server to change the addresss to be answered according to inquiry sources. In addition, a technique of providing a DNS server for each ISP can be considered, but it will not be practical.
FIG. 16 is a view that illustrates a technique of making access through an external network. In this configuration, the address of a device 6, being a common access destination, becomes one that is unrelated to input networks unlike the case of FIG. 15. In this case, however, communication packets flow through wasteful or unnecessary routes. That is, wasteful or unnecessary traffic is generated and throughput is reduced. In cases where this technique is applied to wholesale providers, the quality of services cannot be maintained because of the intervention of low-quality external networks, unlike networks comprising high-speed communication lines within the premises of the wholesale providers.
The present invention is intended to solve the problems as referred to above, and is intended to provide a network repeater apparatus, a network repeater method and a network repeater program which are capable of making access to a common device while keeping the security of networks.