System and method for using virtual local area network tags with a virtual private network
First Claim
1. A network access system comprising:
- a home agent in communication with a user device via a user session;
an initiating security gateway in communication with the home agent; and
a terminating security gateway in communication with the initiating security gateway via a tunnel, wherein a virtual local area network tag associated with the user session maps to a selector operable in a security policy database.
7 Assignments
0 Petitions
Accused Products
Abstract
An exemplary system and method for using a network access system, such as a virtual private network (VPN), are provided. A user device may have a user session with a home agent. Additionally, an initiating security gateway may be in communication with the home agent, and a terminating security gateway may be in communication with the initiating security gateway via a tunnel (e.g., Internet Protocol in Internet Protocol (IP-in-IP) or Internet Protocol security (IPsec) tunnel). Further, a virtual local area network (VLAN) tag associated with the user session may map to a selector operable in a security policy database. The selector may be used to find a security policy defining an IPsec procedure, and the security policy may be applied to the tunnel. Also, the initiating security gateway may also include a Quality of Service (QoS) module that determines QoS markings for a packet traveling along the tunnel.
-
Citations
32 Claims
-
1. A network access system comprising:
-
a home agent in communication with a user device via a user session;
an initiating security gateway in communication with the home agent; and
a terminating security gateway in communication with the initiating security gateway via a tunnel, wherein a virtual local area network tag associated with the user session maps to a selector operable in a security policy database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for transmitting a packet via an initiating security gateway, the method comprising the steps of:
-
receiving a packet including a virtual local area network tag;
mapping the virtual local area network tag to a selector;
mapping the selector to a security policy stored within a security policy database;
performing an Internet Protocol security procedure based on the security policy; and
transmitting the packet to a terminating security gateway across a tunnel. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A network system comprising:
-
a home agent in communication with a user device via a user session;
an access server that authenticates the user device and provides a virtual local area network tag for the user session to the home agent, an initiating security gateway that receives a packet including the virtual local area network tag from the home agent, wherein the initiating security gateway includes a selector table mapping the virtual local area network tag to a selector;
a security policy database that maps the selector to at least one security policy defining an Internet Protocol security procedure, wherein the Internet Protocol security procedure is applied to the packet; and
a receiving network including a terminating security gateway that receives the packet from the initiating security gateway via a tunnel. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. An initiating security gateway comprising:
-
a selector module including a filtering mechanism for identifying a virtual local area network tag within a packet and a selector table for mapping the virtual local area network tag to a selector;
a security policy database for mapping the selector to an Internet Protocol security policy; and
an Internet Protocol Security module for applying the Internet Protocol security policy to the packet while sending the packet to a terminating security gateway. - View Dependent Claims (29, 30, 31, 32)
-
Specification