VPN deep packet inspection
First Claim
Patent Images
1. A method for establishing a connection, the method comprising:
- receiving a packet from a client through a virtual private network (VPN) connection;
determining application information from a the source of the packet;
sending an access request with the application information to a gateway server; and
allowing a proxied VPN session based on results of the access request, wherein a connection identifier for the proxied VPN session is sent to a proxy that allows the proxy to send requests to the gateway server in the same context as the tunnel server and to receive the results, and wherein an administrator views the state of the VPN session at a management console, and the gateway server tracks the state of the VPN session in a data store.
11 Assignments
0 Petitions
Accused Products
Abstract
Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunne based VPNs have over their proxy based VPN counterparts.
26 Citations
15 Claims
-
1. A method for establishing a connection, the method comprising:
-
receiving a packet from a client through a virtual private network (VPN) connection; determining application information from a the source of the packet; sending an access request with the application information to a gateway server; and allowing a proxied VPN session based on results of the access request, wherein a connection identifier for the proxied VPN session is sent to a proxy that allows the proxy to send requests to the gateway server in the same context as the tunnel server and to receive the results, and wherein an administrator views the state of the VPN session at a management console, and the gateway server tracks the state of the VPN session in a data store. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method for establishing a connection, the method comprising:
-
receiving a packet from a client through a virtual private network (VPN) connection; determining application information from a source of the packet; sending an access request with the application information to a gateway server; and allowing a proxied VPN session based on results of the access request, wherein a connection identifier for the proxied VPN session is sent to a proxy that allows the proxy to send requests to the gateway server in the same context as the tunnel server and to receive the results, wherein the gateway server tracks the state of the VPN session in a data store and an administrator views the state of the VPN session in a management console. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for establishing a connection, the system comprising:
-
a processor; a memory; and one or more modules stored in memory and executable by the processor to; receive a packet from a client through a virtual private network (VPN) connection, determine application information from a source of the packet, send an access request with the application information to a gateway server, and allow a proxied VPN session based on results of the access request, wherein a connection identifier for the proxied VPN session is sent to a proxy that allows the proxy to send requests to the gateway server in the same context as the tunnel server and to receive the results, wherein the gateway server tracks the state of the VPN session in a data store and an administrator views the state of the VPN session in a management console. - View Dependent Claims (14, 15)
-
Specification