Flexible automated connection to virtual private networks
First Claim
1. A method performed at a network interface unit (NIU) for communicating data packets over a non-secure network between client devices on a local area network (LAN) and an access node for a secure virtual private network (VPN) comprising authenticating at least one of said client devices seeking to access said VPN, thereby establishing at least one authenticated client device, sending configuration information from a configuration server at said NIU to said authenticated client devices, sending at least one menu from a GUI server at said NIU to authenticated client devices, receiving at least a first message reflecting at least one selection at at least one of said authenticated client devices from said at least one menu, and means for accessing said non-secure network using information in said at least a first message, and establishing a secure connection between said non-secure network and said access node using a security server at said NIU.
0 Assignments
0 Petitions
Accused Products
Abstract
A network interface unit is provided for use intermediate a LAN and a public or private network, or a combination of both, for establishing secure links to a VPN gateway. Login by a LAN client with the network interface unit, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Illustrative network interface units include a DHCP server and provide encryption-decryption and encapsulation-decapsulation of data packets for communication with VPN nodes. Configuration and connection of a client are further enhanced by a built-in DNS server and other functional servers to provide a high degree of autonomy in establishing connections to a desired VPN gateway via an ISP or other public and/or private network links to. The interface unit then performs required authentication exchanges, and required encryption key exchanges.
-
Citations
31 Claims
-
1. A method performed at a network interface unit (NIU) for communicating data packets over a non-secure network between client devices on a local area network (LAN) and an access node for a secure virtual private network (VPN) comprising
authenticating at least one of said client devices seeking to access said VPN, thereby establishing at least one authenticated client device, sending configuration information from a configuration server at said NIU to said authenticated client devices, sending at least one menu from a GUI server at said NIU to authenticated client devices, receiving at least a first message reflecting at least one selection at at least one of said authenticated client devices from said at least one menu, and means for accessing said non-secure network using information in said at least a first message, and establishing a secure connection between said non-secure network and said access node using a security server at said NIU.
-
22. A method practiced at a network interface unit (NIU) for communicating data packets over a non-secure network between client devices on at least one local area networl (LAN) and at least one access node of a secure virtual private network (VPN), the method comprising
receiving data packets from said devices by way of said LANs, multiplexing said data packets into at least one packet data stream, modifying said packet data streams in a security server in accordance with a secure communications protocol by encrypting packets in said data streams and encapsulating resulting encrypted packets, providing network destination address information from a DNS server for at least selected ones of said data streams.
-
26. A method for securely communicating data packets over a non-secure network between client devices on a local area network (LAN) and a secure network, the method performed at a network interface unit (NIU) appearing as a device on said LAN, the method comprising
(1) authenticating at least one of said client devices seeking to access said secure network, thereby establishing at least one authenticated client device, (2) sending configuration information from a configuration server in said NIU to at least one of said at least one authenticated client device, thereby establishing at least one configured client device, (3) in response to a request from at least one configured client device to connect to said secure network, providing destination address resolution information from a Domain Name System (DNS) server in said NIU, (4) establishing a secure VPN connection between said at least one configured client device and an access node at an address provided by said DNS server, said secure VPN connection using a security server in said NIU.
Specification