In the global business environment, a large multinational enterprise may have subsidiary companies or branches all over the world. It is of great importance to remotely access internal resources of the enterprise in a secure and fast way. A Virtual Private Network (VPN) based on Secure Socket Layer (SSL) technology can ensure the security of remote access of a user to the network through the SSL, so that data can be transmitted as securely as in a private network. With the help of the SSL VPN technology, a user may access important enterprise applications through only a standard Web browser, so that an employee of the enterprise on a business trip may access enterprise resources using only a computer that accesses the Internet without carrying his/her own notebook computer. In this way, the efficiency of the enterprise is improved, and the problem of security is solved.
Currently, many institutions use SSL VPN devices to connect geographically or logically separated branch networks through a public network (such as the Internet). The SSL VPN devices are deployed at the edges between the branch networks and the public network. The SSL VPN devices have public network Internet Protocol (IP) addresses routable in the public network. Each of the branch networks uses a private network address, and all the private network addresses are allocated in a uniform way. Therefore, in the entire institution, the IP address of any branch network is different from the IP addresses of other branch networks. In this way, all terminals in the branch networks of the institution are “integrated” into an overall network.
For such an institution network, communication between private branch networks needs to be achieved, that is, data forwarding between a terminal with an allocated private network address in a branch and terminals in other branches needs to be achieved. Currently, because the SSL VPN device of each of the branches cannot resolve private network addresses of other branch networks, data to be forwarded cannot be encapsulated in a corresponding SSL tunnel to be sent to the SSL VPN device in the another branch network, where the destination address of the SSL VPN device corresponds to another branch network. To transmit communication data between private networks, a current solution used is to lease dedicated lines, that is, a private network, from an operator. Because a dedicated network can only be used by a leaser, the security of data and the bandwidth of the network can be effectively ensured.
However, in the implementation of the present invention, the inventors find that the prior art at least has the following problems: The deployment of a private network is complex, and such deployment requires great changes in the existing network device and structure. Therefore, the deployment of a private network cannot become a practical solution.