公开(公告)号：US20200007507A1

公开(公告)日：2020-01-02

申请号：US16564327

申请日：2019-09-09

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoming Zhu ,  Wenxin Bai ,  Jin Kong

IPC: H04L29/06 ,  H04L12/66 ,  H04L12/46

Abstract: This application discloses an Internet Protocol Security tunnel maintenance method, apparatus, and system. A terminal device negotiates with a VPN gateway based on a first IP address and according to the IKE protocol, and establishing an IPsec tunnel based on SAs obtained through negotiation; determines, the first IP address changes to a second IP address; sends a first request packet to the VPN gateway, where the first request packet carries the second IP address and a first tunnel identifier, the first request packet is used to request to update a first SA record, and the first SA record includes a correspondence between the SAs, the first IP address, and the first tunnel identifier; generates a second tunnel identifier based on the second IP address and a predefined algorithm; and replaces the first tunnel identifier in a second SA record with the second tunnel identifier.

公开(公告)号：US11038846B2

公开(公告)日：2021-06-15

申请号：US16564327

申请日：2019-09-09

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoming Zhu ,  Wenxin Bai ,  Jin Kong

IPC: H04L29/06 ,  H04L12/66 ,  H04L12/46

Abstract: An Internet Protocol Security tunnel maintenance method, apparatus, and system including a terminal device that negotiates with a VPN gateway based on a first IP address and according to the IKE protocol, and establishes an IPsec tunnel based on SAs obtained through negotiation; determines, the first IP address changes to a second IP address; sends a first request packet to the VPN gateway, where the first request packet carries the second IP address and a first tunnel identifier, where the first request packet is used to request to update a first SA record, and where the first SA record includes a correspondence between the SAs, the first IP address, and the first tunnel identifier; generates a second tunnel identifier based on the second IP address and a predefined algorithm; and replaces the first tunnel identifier in a second SA record with the second tunnel identifier.