Virtual private network and tunnel gateway with multiple overlapping, remote subnets
First Claim
1. A method for providing local gateway support for multiple overlapping remote networks using source-in VPN NAT, comprising the steps of:
- loading a plurality of overlapping connections, each including an inbound packet having a conflicting source IP address;
for each said connection, binding said source IP address or VPN connection name in a bind table with an internally routable and system-wide unique source IP address from an internal address pool; and
VPN network address translating outbound packets, each said outbound packet having a destination IP address, to determine a virtual private network connection for receiving said outbound packet.
0 Assignments
0 Petitions
Accused Products
Abstract
Local gateway support for multiple overlapping remote networks. The local gateway includes a pool of unique, internally routable system-wide addresses, an address bind table, a filter rules table, and a collection of security association databases. A plurality of overlapping connections are received at the local gateway from remote networks, each including an inbound packet having a source IP address. For each connection, the source IP address is bound with an address from the address pool in a bind table. Outbound packets are processed through the bind table to determine the destination IP address corresponding to a correct one of the plurality of overlapping connections.
36 Citations
26 Claims
-
1. A method for providing local gateway support for multiple overlapping remote networks using source-in VPN NAT, comprising the steps of:
-
loading a plurality of overlapping connections, each including an inbound packet having a conflicting source IP address;
for each said connection, binding said source IP address or VPN connection name in a bind table with an internally routable and system-wide unique source IP address from an internal address pool; and
VPN network address translating outbound packets, each said outbound packet having a destination IP address, to determine a virtual private network connection for receiving said outbound packet.
-
-
2. (canceled)
-
3. (canceled)
-
4. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform method steps for providing local gateway support for multiple overlapping remote networks using source-in VPN NAT, said method steps comprising:
-
loading a plurality of overlapping connections, each including an inbound packet having a conflicting source IP address;
for each said connection, binding said source IP address in a bind table with an internally routable and system-wide unique source IP address from an internal address pool; and
VPN network address translating outbound packets, each said outbound packet having a destination IP address, to determine a virtual private network connection for receiving said outbound packet.
-
-
5. (canceled)
-
6. A computer program product or computer program element for providing local gateway support for multiple overlapping remote networks using source-in VPN NAT, according to method steps comprising:
-
loading a plurality of overlapping connections, each including an inbound packet having a conflicting source IP address;
for each said connection, binding said source IP address in a bind table with an internally routable and system-wide unique source IP address from an internal address pool; and
VPN network address translating outbound packets, each said outbound packet having a destination IP address, to determine a virtual private network connection for receiving said outbound packet.
-
-
7. (canceled)
-
8. (canceled)
-
9. A method for operating a local gateway using source-in VPN NAT, comprising the steps of:
-
receiving an inbound packet having a conflicting source-in IP address on a network connection from a remote node; and
applying source-in network address translation to establish dynamic binding of the source IP address of said inbound packet with an internally routable and system wide unique source-in IP address and a connection name.
-
-
10-12. -12. (canceled)
-
13. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform method steps for providing local gateway support for multiple overlapping remote networks using source-in VPN NAT, said method steps comprising:
-
receiving an inbound packet having a conflicting source-in IP address on a network connection from a remote node; and
applying VPN source-in network address translation to establish dynamic binding of the source IP address of said inbound packet with an internally routable and system wide unique source-in IP address and a connection name.
-
-
14-19. -19. (canceled)
-
20. A method for operating a local gateway for controlling communication between a local node and a remote node using source-in VPN NAT, comprising the steps of:
-
receiving an inbound packet on a network connection from a remote node, said inbound packet characterized by a conflicting first source address identifying said remote node and a first destination address identifying said local node; and
applying VPN source-in network address translation to establish dynamic binding of said first source address with an internally routable and system wide unique second source address and a first connection name.
-
-
21-24. -24. (canceled)
-
25. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform method steps for providing local gateway support for multiple overlapping remote networks using source-in VPN NAT, said method steps comprising:
-
receiving an inbound packet on a network connection from a remote node, said inbound packet characterized by a conflicting first source address identifying said remote node and a first destination address identifying said local node; and
applying VPN source-in network address translation to establish dynamic binding of said first source address with an internally routable and system wide unique second source address and a first connection name.
-
-
26-28. -28. (canceled)
Specification