VPN deep packet inspection

US 10,432,587 B2
Filed: 02/21/2013
Issued: 10/01/2019
Est. Priority Date: 02/21/2012
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a connection, the method comprising:

receiving a packet from a client through a virtual private network (VPN) connection;

determining application information from a the source of the packet;

sending an access request with the application information to a gateway server; and

allowing a proxied VPN session based on results of the access request, wherein a connection identifier for the proxied VPN session is sent to a proxy that allows the proxy to send requests to the gateway server in the same context as the tunnel server and to receive the results, and wherein an administrator views the state of the VPN session at a management console, and the gateway server tracks the state of the VPN session in a data store.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunne based VPNs have over their proxy based VPN counterparts.

26 Citations

View as Search Results

15 Claims

1. A method for establishing a connection, the method comprising:
- receiving a packet from a client through a virtual private network (VPN) connection;
  
  determining application information from a the source of the packet;
  
  sending an access request with the application information to a gateway server; and
  
  allowing a proxied VPN session based on results of the access request, wherein a connection identifier for the proxied VPN session is sent to a proxy that allows the proxy to send requests to the gateway server in the same context as the tunnel server and to receive the results, and wherein an administrator views the state of the VPN session at a management console, and the gateway server tracks the state of the VPN session in a data store.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising providing a tunnel of the VPN with a scan list.
  - 3. The method of claim 2, wherein the scan list includes an address and port information.
  - 4. The method of claim 1, further comprising determining whether the received packet matches an entry in the scan list.
  - 5. The method of claim 1, further comprising determining whether the received packet matches an existing VPN session.
  - 6. The method of claim 1, wherein the session is allowed up to the next application-level request.

7. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method for establishing a connection, the method comprising:
- receiving a packet from a client through a virtual private network (VPN) connection;
  
  determining application information from a source of the packet;
  
  sending an access request with the application information to a gateway server; and
  
  allowing a proxied VPN session based on results of the access request, wherein a connection identifier for the proxied VPN session is sent to a proxy that allows the proxy to send requests to the gateway server in the same context as the tunnel server and to receive the results, wherein the gateway server tracks the state of the VPN session in a data store and an administrator views the state of the VPN session in a management console.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer readable storage medium of claim 7, the program further executable to provide a tunnel of the VPN with a scan list.
  - 9. The non-transitory computer readable storage medium of claim 8, wherein the scan list includes an address and port information.
  - 10. The non-transitory computer readable storage medium of claim 7, further comprising determining whether the received packet matches an entry in the scan list.
  - 11. The non-transitory computer readable storage medium of claim 7, further comprising determining whether the received packet matches an existing VPN session.
  - 12. The non-transitory computer readable storage medium of claim 7, wherein the session is allowed up to the next application level request.

13. A system for establishing a connection, the system comprising:
- a processor;
  
  a memory;
  
  and one or more modules stored in memory and executable by the processor to;
  
  receive a packet from a client through a virtual private network (VPN) connection, determine application information from a source of the packet, send an access request with the application information to a gateway server, and allow a proxied VPN session based on results of the access request, wherein a connection identifier for the proxied VPN session is sent to a proxy that allows the proxy to send requests to the gateway server in the same context as the tunnel server and to receive the results, wherein the gateway server tracks the state of the VPN session in a data store and an administrator views the state of the VPN session in a management console.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein the processor provides a tunnel of the VPN with a scan list.
  - 15. The system of claim 14, wherein the scan list includes an address and port information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aventail LLC, SonicWALL US Holdings, Inc. (SonicWall Holdings Ltd.)
Original Assignee
Aventail LLC
Inventors
Work, Steven C., Masanagi, Prakash N., Peterson, Christopher D.
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Holmes, Angela

Application Number

US13/773,475
Publication Number

US 20130219486A1
Time in Patent Office

2,413 Days
Field of Search

709225, 726 15, 713151
US Class Current
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

VPN deep packet inspection

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

VPN deep packet inspection

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links