Method of network communication
First Claim
1. A method of network communication between a secure network and remote clients by way of an intermediate transport network, wherein the remote clients share a common source address on the intermediate transport network;
- wherein in the secure network, the method comprises;
a) analyzing packets received from a remote client to identify packets that start a new secure communication session;
b) assigning a session-unique address to the new secure communication session; and
c) translating subsequent packets in the secure communication session by exchanging the source address with the local session address.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of network communication and a network gateway are disclosed. The method and gateway operate between a secure network and remote clients by way of an intermediate transport network, such as the Internet. The remote clients connect through a NAT router so share a common source address on the intermediate transport network. In the secure network, the method analyses packets received from a remote client to identify packets that start a new secure communication session. Then, the method assigns a session-unique address and port to the new secure communication session. Subsequent packets are translated in the secure communication session by exchanging the source address with the local session address. Thus, the secure network perceived each session as originating from a distinct address and port, whereby several such sessions can coexist simultaneously.
-
Citations
21 Claims
-
1. A method of network communication between a secure network and remote clients by way of an intermediate transport network, wherein the remote clients share a common source address on the intermediate transport network;
wherein in the secure network, the method comprises;
a) analyzing packets received from a remote client to identify packets that start a new secure communication session;
b) assigning a session-unique address to the new secure communication session; and
c) translating subsequent packets in the secure communication session by exchanging the source address with the local session address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 21)
-
13. A method according to claim 13 in which the variable time is determined according to the state of the session.
-
17. A method of network address and port translation according to 14 in which a multiple location strategy consist of client IP address and client port location strategy in conjunction with SPI and sequence number of ESP packets location strategy.
Specification