Initiating connections through firewalls and network address translators
First Claim
1. A method performed by a hub for enabling a first device to allow communications from a second device wherein the first device is separated from the second device by access blocking apparatus, said method comprising:
- terminating a virtual pipe from the first device, assigning an IP address to the first device and associating this IP address with the virtual pipe, receiving communications originated by the second device and addressed to said IP address, routing the communications addressed to said IP address to the virtual pipe, and tunneling the communications over the virtual pipe to the first device.
3 Assignments
0 Petitions
Accused Products
Abstract
Access to private devices that are separated from the public network by firewalls and NATs is provided without reconfiguring the firewalls and NATs. A private device wishing to provide access to external devices establishes a virtual private pipe to a secure hub, which includes functionality to terminate virtual pipes and to switch communications between these pipes and the public network. The secure hub assigns a secondary IP address to the private device/pipe and thereby provides the private device with a network appearance that is now beyond the firewall/NAT. External devices access the private device by addressing communications to the secondary IP address, which communications are routed to the secure hub and tunneled through the pipe to the private device. The private device can also restrict access through an access control list that is enforced by the secure hub.
99 Citations
15 Claims
-
1. A method performed by a hub for enabling a first device to allow communications from a second device wherein the first device is separated from the second device by access blocking apparatus, said method comprising:
-
terminating a virtual pipe from the first device, assigning an IP address to the first device and associating this IP address with the virtual pipe, receiving communications originated by the second device and addressed to said IP address, routing the communications addressed to said IP address to the virtual pipe, and tunneling the communications over the virtual pipe to the first device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for enabling communications between a first device and a second device wherein said first device is separated from said second device by access blocking apparatus, said system comprising:
-
a secure hub, and a virtual pipe between the first device and said secure hub, said secure hub including a pool of available IP addresses from which an IP address can be assigned to the first device, means for associating the assigned IP address with the virtual pipe, means for routing communications from the second device and addressed to the first device to the virtual pipe, and means for tunneling said communications over the virtual pipe to the first device. - View Dependent Claims (9, 10, 11)
-
-
12. A system for enabling communication to a first communication device through the public network from a second communication device, said first and second communication devices being separated by at least one security access blocking apparatus, said system comprising
a secure hub having routing and switching functionality and pipe termination functionality and having interfaces to said public network, and means for creating a virtual pipe between said secure hub and said first communication device for tunneling communication, said secure hub further including means for assigning an IP address to said first communication device and associating said IP address with said virtual pipe.
Specification