On a next generation mobile communication network, a user equipment (UE) gets access through a local radio access network (RAN). A mobility management element is responsible for implementing functions such as location management, connection management, security authentication, and gateway selection of the UE. An SGW is a local access gateway of the UE and is responsible for access technology related connection management and data forwarding. A packet data network gateway (PGW) is a gateway for the UE to access an external packet data network (PDN)
In a mobility management procedure, the SGW sends a Modify Bearer Request to the PGW; the PGW carries a PDN-connection-related APN restriction value in a Modify Bearer Response, and sends the Modify Bearer Response to the SGW. However, before the SGW sends the Modify Bearer Request, the SGW needs to judge whether to send the Modify Bearer Request. That is, in certain cases, the SGW may not send the Modify Bearer Request to the PGW. Consequently, the PGW cannot send the PDN-connection-related APN restriction value to a target mobility management element, and the target mobility management element cannot obtain a correct maximum APN restriction value. When the UE requests establishing a new PDN connection, if the target mobility management element sends an incorrect maximum APN restriction value to the PGW, the PGW may allow some PDN connections that should be rejected according to the incorrect maximum APN restriction value. This brings about security threats to some private PDNs.