(1) Field of the Invention
The present invention relates to a connection assistance apparatus and a gateway apparatus, and more particularly to a connection assistance apparatus for assisting in connecting a terminal and a gateway apparatus for IPSec communications therebetween and a gateway apparatus for performing IPSec communications with a terminal.
(2) Description of the Related Art
In recent years, there have been used in the art remote access systems for connecting to a gateway apparatus of a home network or an intranet such as a LAN (Local Area Network) through a network such as the Internet or the like and controlling a device such as a digital home appliance or the like.
For example, a VPN (Virtual Private Network) is known as an example of secure remote access system on the Internet. The VPN is a technology for encrypting data flowing between a user terminal (client) for making remote access and a gateway apparatus (server) for accepting a connection from the user terminal to ensure that the data sent and received between the user terminal and the gateway apparatus cannot be intercepted by the third party.
Remote access can be achieved by either one of two solutions, i.e., an SSL (Secure Sockets Layer)—VPN for allowing the user to connect to a remote gateway apparatus according to HTTPS (Secure HTTP) and an IPSec (Security Architecture for the Internet Protocol)—VPN for allowing the user to connect to a remote gateway apparatus according to the IPSec. The IPSec—VPN will be described below.
FIG. 24 of the accompanying drawings is illustrative of an example of remote access according to the IPSec—VPN. As shown in FIG. 24, a user terminal 151 and a gateway apparatus 152 are connected to each other by a network such as the Internet, for example. A plurality of devices 153, 154, 155 are connected to the gateway apparatus 152. According to the IPSec—VPN, the user terminal 151 and the gateway apparatus 152 have respective preshared keys. If the preshared keys agree with each other, then the user terminal 151 and the gateway apparatus 152 exchange keys, and the user terminal 151 is allowed to make remote access to the gateway apparatus 152 according to the IPSec. The IPSec encrypts the user ID, the password, and the data to be sent and received between the user terminal 151 and the gateway apparatus 152 to prevent them from being intercepted by the third party during the transmission.
There has heretofore been proposed a data communication network system for allowing the user to connect to a plurality of provider communication networks for improved connectability, shorter communication routes, reduced communication quality deterioration, and cost reductions (see, for example, Japanese laid-open patent publication No. 2004-242161).
Since the gateway apparatus has its ports open at all times, it is exposed to DoS (Denial of Services) attacks and dictionary attacks, and has a possibility of suffering a significant performance degradation due to unauthorized access and DoS attacks.
For remote access to different domain areas, the user needs to be conscious of different IPSec access points, and needs to store preshared keys for the respective gateway apparatus of the access points, for example.