Remote access vpn mediation method and mediation device
First Claim
1. A remote-access VPN mediating method in a system wherein:
- a virtual private network, hereinafter referred to as VPN, client units and a VPN gateway unit are connected to an IP network;
communication units are connected to a local area network placed under the management of the VPN gateway unit; and
a remote-access VPN by a tunneling protocol is implemented between an arbitrary one of VPN client units and the VPN gateway unit connected to said IP network and an arbitrary one of the communication units connected to the local area network placed under the management of the VPN gateway unit;
said method comprising the steps of;
(a) sending an access control list containing information indicative of a private IP address assigned to said communication unit to a mediating apparatus on said IP network from said VPN gateway unit;
(b) storing said access control list by said mediating apparatus in correspondence to said VPN gateway unit;
(c) retrieving an IP private address corresponding to said VPN gateway unit in response to a request from said VPN client unit, acquiring the private IP address of the corresponding communication unit from said access control list, sending the acquired private IP address to said VPN client unit, sending the IP address of said VPN client unit to said VPN gateway unit, generating mutual authentication information for setting up an authenticated encrypted tunnel between said client VPN unit and said gateway unit, and sending said mutual authentication information to both of said VPN client unit and said gateway unit; and
(d) setting up said authenticated encrypted tunnel between said VPN client unit and said gateway unit by use of said mutual authentication information, and implementing remote access through said encrypted tunnel by use of the private IP address of said communication unit.
1 Assignment
0 Petitions
Accused Products
Abstract
A mediating apparatus is provided on an IP network, and stores an access control list (ACL) retained in a VPN gateway unit. The mediating apparatus: receives a retrieval request from a VPN client unit; acquires a private IP address of a communication unit by reference to ACL; searches DNS to acquire therefrom an IP address of the VPN gateway unit; generates a common key that is used for authentication between the VPN client unit and the VPN gateway unit and for encrypted communication therebetween; sends the IP address of the VPN gateway unit, the private IP address of the communication unit, and the common key to the VPN client unit; and sends the IP address of the VPN client unit and the common key to the VPN gateway unit.
-
Citations
15 Claims
-
1. A remote-access VPN mediating method in a system wherein:
- a virtual private network, hereinafter referred to as VPN, client units and a VPN gateway unit are connected to an IP network;
communication units are connected to a local area network placed under the management of the VPN gateway unit; and
a remote-access VPN by a tunneling protocol is implemented between an arbitrary one of VPN client units and the VPN gateway unit connected to said IP network and an arbitrary one of the communication units connected to the local area network placed under the management of the VPN gateway unit;
said method comprising the steps of;
(a) sending an access control list containing information indicative of a private IP address assigned to said communication unit to a mediating apparatus on said IP network from said VPN gateway unit;
(b) storing said access control list by said mediating apparatus in correspondence to said VPN gateway unit;
(c) retrieving an IP private address corresponding to said VPN gateway unit in response to a request from said VPN client unit, acquiring the private IP address of the corresponding communication unit from said access control list, sending the acquired private IP address to said VPN client unit, sending the IP address of said VPN client unit to said VPN gateway unit, generating mutual authentication information for setting up an authenticated encrypted tunnel between said client VPN unit and said gateway unit, and sending said mutual authentication information to both of said VPN client unit and said gateway unit; and
(d) setting up said authenticated encrypted tunnel between said VPN client unit and said gateway unit by use of said mutual authentication information, and implementing remote access through said encrypted tunnel by use of the private IP address of said communication unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- a virtual private network, hereinafter referred to as VPN, client units and a VPN gateway unit are connected to an IP network;
-
9. A remote-access VPN mediating apparatus which built on an IP network to implement a remote-access VPN in a system wherein:
- VPN client units and a VPN gateway unit are connected to the IP network;
communication units are connected to a local area network placed under the management of the VPN gateway unit; and
a remote-access VPN by a tunneling protocol is implemented between an arbitrary one of said VPN client units and said VPN gateway unit connected to said IP network and an arbitrary one of said communication units connected to said local area network placed under the management of said VPN gateway unit;
said apparatus comprising;
ACL storage means for storing an access control list, hereinafter referred to as ACL, sent from said VPN gateway unit and containing information indicative of the private IP address assigned to said communication unit;
authentication/access authorization control means for authenticating said VPN client unit and said gateway unit, and for executing access authorization control;
IP address acquiring means for referring to said access control list to acquire the private IP address assigned to said communication unit, and for searching a domain name server to acquire the IP address assigned to said VPN gateway unit;
authentication information generating means for generating mutual authentication information for setting up an encrypted tunnel between said VPN client unit and said VPN gateway unit; and
communication means for sending the IP address of said VPN gateway unit, the private IP address of said communication unit and said mutual authentication information to said VPN client unit, and for sending the IP address of said PN client unit and said mutual authentication information to said VPN gateway unit. - View Dependent Claims (10, 11, 12, 13, 14, 15)
- VPN client units and a VPN gateway unit are connected to the IP network;
Specification