The present invention is related to a connection control system which is connected via a communication network to a plurality of communication terminals, and related to a connection control apparatus and a connection management apparatus, which constitute this connection control system, and also related to an operating program of this connection management apparatus.
While communication networks are being expanded and are being applied to business fields, technical ideas capable of restricting connections have been developed in order to protect secret information such as enterprise confidential matters. VPN (Virtual Private Network) is known as a typical connection restricting technique. This VPN contains various technical realizing systems such as MPLS (Multi Protocol Label Switching), IPSec (IP (Internet Protocol) SECurity protocol), and L2TP (Layer 2 Tunneling Protocol). A basic operation of this VPN technique is carried out as follows: That is, while a connection restriction is provided in communication networks, a communication is permitted only to such communication networks, the connections of which are permitted. A connection permission is given in such a manner that when a system is constructed, a corresponding relationship between a connection source network and a connection destination network, whose connections are permitted, is registered in a connection policy database. In the most case, in order to obtain connection permission, such a condition cannot sufficiently satisfy this permission requirement, under which a connection source terminal merely belongs to a connection source network and also a connection destination terminal merely belongs to a connection destination network. In order to obtain such a connection permission, authentication process operations such as user authentication and terminal authentication are required.
For instance, Japanese Laid-open Patent Application No. JP-A-2003-8607 describes the collective managing method for managing the remote VPN bridged over the plural ISPs (Internet Service Providers). Also in this collective managing method, the authentication process operation is necessarily required.