Method for operating a local computer network connected to a remote private network by an IPsec tunnel, software module and IPsec gateway

US 20060171401A1
Filed: 12/14/2005
Published: 08/03/2006
Est. Priority Date: 12/16/2004
Status: Active Grant

First Claim

Patent Images

1. Method for operating a local network (RES_L) comprising a local terminal connected to a gateway of a remote network by a blocking tunnel, which method includes an operation of routing flows from the terminal (T_L) to the gateway (PASS_D) through the blocking tunnel, characterized in that it also includes:

an operation of sending a flow not intended for said network implemented in the gateway (PASS_D) and consisting of sending said flow from the terminal (T_L) intended for an apparatus of the local network to said local equipment (E_L, ad_—2).

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method in particular enabling the computer terminal (T_L) of a local network (RES_L), connected to a gateway (PASS_D) of a remote network (RES_D) by an IPsec tunnel in blocking mode, to launch a print job on a printer (E_L) belonging to the local network. To do this, the gateway (PASS_D) stores the correspondence between the public address (AD_1) of the local router (ROUT_L) providing the connection of the terminal to the Internet, and the private address (ad_3) assigned to the terminal (T_L) in the addressing plan of the remote network (RES_D) during the establishment of the tunnel, and sends the print flow to the local router (ROUT_L), which directs it to the local printer (E_L) by a port translation technique.

18 Citations

View as Search Results

13 Claims

1. Method for operating a local network (RES_L) comprising a local terminal connected to a gateway of a remote network by a blocking tunnel, which method includes an operation of routing flows from the terminal (T_L) to the gateway (PASS_D) through the blocking tunnel, characterized in that it also includes:
- an operation of sending a flow not intended for said network implemented in the gateway (PASS_D) and consisting of sending said flow from the terminal (T_L) intended for an apparatus of the local network to said local equipment (E_L, ad_—2).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. Method according to claim 1, characterized in that the sending operation comprises:
    - the reception of said flow by a router (ROUT_L) of the local network, the directing by said router of said flow to said equipment.
  - 3. Method according to claim 1 characterized in that the sending operation comprises:
    - the analysis by the gateway of the flows so as to recognize a flow not intended for said remote network.
  - 4. Method according to claim 2 in which the local router (ROUT_L), to which a routable address (AD_L) is assigned, substitutes its own routable address (AD_L) for an address (ad_l) of the terminal (T_L) inside the local network during a request for connection to the remote private network from the terminal (T_L) intended for the gateway (PASS_D), and in which the IPsec gateway (PASS_D) assigns the local terminal an address (ad_—
    - 3) inside the remote network during the establishment of the blocking tunnel, which method also includes a correlation operation implemented in the gateway (PASS_D) during the establishment of the blocking tunnel and consisting of storing a correspondence table putting the routable address (AD_!) of the local router and the address (ad_—3) of the terminal inside the remote network in mutual correspondence, wherein the operation of sending the control and/or data flow uses the correspondence table and consists of sending to the routable address (AD_—1) of the local router the control and/or data flow from the terminal (T_L) identified by the address (ad_—3) inside the remote network.
  - 5. Method according to claim 2, characterized in that the directing operation is implemented by a port translation technique.
  - 6. Method according to claim 2, characterized in that the flow sent includes a print order.
  - 7. Method according to claim 2, characterized in that it includes an operation implemented by the gateway (PASS_D) and consisting of establishing a second IPsec or SSL tunnel, connecting said gateway (PASS_D) to the local router (ROUT_L).
  - 8. Method according to claim 2, characterized in that it includes an operation implemented by the gateway (PASS_D) and consisting of establishing a second IPsec or SSL tunnel connecting said gateway (PASS_D) to the local equipment (E, L, ad_—
    - 2) constituted by a printer.
  - 9. Method according to claim 2, characterized in that it includes an operation implemented by the local router (ROUT_L) and consisting of reserving, for the gateway (PASS_D), the access to the local equipment (E, L, ad_—
    - 2) constituted by a printer.
  - 10. Software module useful in carrying out the method of claim 1, characterized in that it includes instructions that, when said module is loaded on a gateway of a remote network, said module is capable of implementing the sending operation.
  - 11. Software module according to claim 10, characterized in that it also includes instructions that, when said module is loaded on an IPsec gateway, said software module can implement at analysis by the gateway of the flows so as to recognize a flow not intended for said remote network.
  - 12. Software module according to claim 10, characterized in that it also includes instructions that, when added said module is loaded on an IPsec gateway, said module is capable of implementing the sending operation.
  - 13. Gateway of a remote network, according to claim 10, characterized in that it is at least partially controlled by a software module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Monarch Networking Solutions LLC (Acacia Research Corporation)
Original Assignee
Orange S.A.
Inventors
Butti, Laurent, Charles, Olivier, Veysset, Franck

Granted Patent

US 7,869,451 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/401
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

Method for operating a local computer network connected to a remote private network by an IPsec tunnel, software module and IPsec gateway

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for operating a local computer network connected to a remote private network by an IPsec tunnel, software module and IPsec gateway

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links