1. Field of the Invention
This invention relates to an address access system and method thereof, and specifically to an address access system that allows for accessing a private address located on a remote station from a center station, and method thereof.
2. Description of the Related Art
Global addresses such as an IP address (a network address and host address) that is an address on the Internet are limited by the total number. This causes shortage of global addresses. In many cases, therefore, only one global address can be assigned to each station (hosts, for example station routers, etc.) to be accessed.
In order to address such a situation, a controlled side (hereinafter referred to as a remote station) that may be accessed from a controlling side (hereinafter referred to as a center station) has employed a private address, aside from global addresses, as an internal address. In particular, a private address is assigned to a segment (e.g. gateway) of the remote station, and Network Address Translation (NAT) is performed in a connecting router etc. at the remote station. In this case, the address translation constitutes a 1-to-n address translation because of the existence of n private addresses for each global address.
As described above, because the 1-to-n address translation is performed in many cases, an access (creation of a TCP session) from a remote station to a center station is possible, while usually the creation of a TCP session from the center station to the remote station often may not be possible.
In order to provide a bi-directional, transparent access, each port is mapped to the segment (port mapping) in the connecting router etc. where NAT is performed at a remote station. This allows for creating a TCP session from a center station. If a port cannot be mapped in the connecting router etc. by any reason, however, the creation of a TCP session may not be possible from a center station. The mapping of a port in the connecting router etc. also impairs the security of the segment because it can be connected to from the Internet. Although using a security filter for protection may be considered, the connecting router etc. may be subject to an excessive load. Furthermore, addition of any segment (e.g. gateway) in a remote station or modification of any address in private addresses makes its administration complicate because the mapping of a port mapping in the connecting router etc. (and the setting of the security filter, if any) must be changed.
Means such as a Virtual Private Network (VPN) with IPSec etc. also provides for a bidirectional communication between a remote station and a center station. Similarly to the aforementioned case, an access (creation of a VPN session) from a remote station to a center station is possible, while usually the creation of a VPN session from the center station to the remote station has not been possible.