Methods for Associating an IP Address to a User Via an Appliance

US 20080043749A1
Filed: 08/21/2006
Published: 02/21/2008
Est. Priority Date: 08/21/2006
Status: Active Grant

First Claim

Patent Images

1. A method for assigning, by an appliance, one of a plurality of multiple intranet internet protocol addresses of a network to a user when the user accesses the network via a secure socket layer virtual private network connection (SSL VPN), the method comprising the steps of:

(a) designating, via an appliance, a plurality of intranet internet protocol addresses of a first network to a user accessing the first network via a SSL VPN connection, the appliance providing SSL VPN connectivity between the first network and a client on a second network;

(b) receiving, by the appliance, a request from the client operated by the user to establish a SSL VPN connection with the first network; and

(c) assigning, by the appliance, to the client as an internet protocol address on the first network a first intranet internet protocol address of the first user from the plurality of intranet internet protocol addresses, the first intranet internet protocol address previously assigned to the first user.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The intranet IP address management solution of the appliance and/or client described herein provides an environment for efficiently assigning, managing and querying virtual private network addresses, referred to as intranet IP (IIP) addresses of virtual private network users, such as a multitude of SSL VPN users on an enterprise network. The appliance provides techniques and policies for assigning previously assigned virtual private network addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. This technique is referred to IIP stickiness as the appliance attempts to provide the same IIP address to a roaming VPN user. The appliance also provides a configurable user domain naming policy so that one can ping or query the virtual private network address of a user by an easily referenceable host name identifying the user. The appliance and/or client agent also provide techniques to allow applications to seamlessly and transparently communicate on the virtual private network using the virtual private network address of the user or client on the private network.

Citations

28 Claims

1. A method for assigning, by an appliance, one of a plurality of multiple intranet internet protocol addresses of a network to a user when the user accesses the network via a secure socket layer virtual private network connection (SSL VPN), the method comprising the steps of:
- (a) designating, via an appliance, a plurality of intranet internet protocol addresses of a first network to a user accessing the first network via a SSL VPN connection, the appliance providing SSL VPN connectivity between the first network and a client on a second network;
  
  (b) receiving, by the appliance, a request from the client operated by the user to establish a SSL VPN connection with the first network; and
  
  (c) assigning, by the appliance, to the client as an internet protocol address on the first network a first intranet internet protocol address of the first user from the plurality of intranet internet protocol addresses, the first intranet internet protocol address previously assigned to the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, comprising determining, by the appliance, the first intranet internet protocol address to assign to the user based on a policy.
  - 3. The method of claim 2, wherein the policy indicates to assign to the user a most recently used intranet internet protocol address of the user.
  - 4. The method of claim 1, comprising determining, by the appliance, a most recently used intranet internet protocol address of the user for the first intranet internet protocol address.
  - 5. The method of claim 4 comprising assigning to a second client of the user establishing a SSL VPN connection with the first network a next most recently used intranet internet protocol address of the user.
  - 6. The method of claim 1, comprising determining, by the appliance, an inactive intranet internet protocol address from the plurality of multiple intranet internet protocol addresses as the first intranet internet protocol address.
  - 7. The method of claim 1, comprising determining, by the appliance, the plurality of intranet internet protocol address of the user are active, and in response to the determination, requesting the user to transfer to a virtual private network connection of the user assigned an active intranet internet protocol address.
  - 8. The method of claim 1, comprising determining, by the appliance, the plurality of intranet internet protocol address of the user are active, and in response to the determination, providing a mapped internet protocol address to the client.
  - 9. The method of claim 1, comprising hosting, by the appliance, the first intranet protocol address of the client on the first network.
  - 10. The method of claim 1, comprising establishing, by an agent on the client, the virtual private network connection via the appliance.
  - 11. The method of claim 1, comprising assigning, via the appliance, the plurality of intranet internet protocol addresses as a range of internet protocol addresses identified via a subnet mask.
  - 12. The method of claim 1, comprising allocating, by the appliance, a pool of intranet internet protocol addresses to assign to a plurality of users accessing the first network via a SSL VPN connection.
  - 13. The method of claim 1, comprising obtaining, by the appliance, the plurality of intranet internet protocol addresses from a Domain Name Server of the first network.
  - 14. The method of claim 1, comprising identifying, by the appliance, the user via a login request to the appliance.

15. A system for assigning one of a plurality of multiple intranet internet protocol addresses of a network to a user when the user accesses the network via a secure socket layer virtual private network connection (SSL VPN), the system comprising:
- means for designating, via an appliance, a plurality of intranet internet protocol addresses of a first network to a user accessing the first network via a SSL VPN connection, the appliance providing SSL VPN connectivity between the first network and a client on a second network;
  
  means for receiving, by the appliance, a request from the client operated by the user to establish a SSL VPN connection with the first network; and
  
  means for assigning, by the appliance, to the client as an internet protocol address on the first network a first intranet internet protocol address of the first user from the plurality of intranet internet protocol addresses, the first intranet internet protocol address previously assigned to the first user.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The system of claim 15, comprising means for determining, by the appliance, the first intranet internet protocol address to assign to the user based on a policy.
  - 17. The system of claim 16, wherein the policy indicates to assign to the user a most recently used intranet internet protocol address of the user.
  - 18. The system of claim 15, comprising means for determining, by the appliance, a most recently used intranet internet protocol address of the user for the first intranet internet protocol address.
  - 19. The system of claim 18, comprising means for assigning to a second client of the user establishing a SSL VPN connection with the first network a next most recently used intranet internet protocol address of the user.
  - 20. The system of claim 15, comprising means for determining, by the appliance, an inactive intranet internet protocol address from the plurality of multiple intranet internet protocol addresses as the first intranet internet protocol address.
  - 21. The system of claim 15, comprising means for determining, by the appliance, the plurality of intranet internet protocol address of the user are active, and in response to the determination, requesting the user to transfer to a virtual private network connection of the user assigned an active intranet internet protocol address.
  - 22. The system of claim 15, comprising means for determining, by the appliance, the plurality of intranet internet protocol address of the user are active, and in response to the determination, providing a mapped internet protocol address to the client.
  - 23. The system of claim 15, wherein the appliance hosts the first intranet protocol address of the client on the first network.
  - 24. The system of claim 15, comprising an agent on the client establishing the virtual private network connection via the appliance.
  - 25. The system of claim 15, comprising means for assigning, via the appliance, the plurality of intranet internet protocol addresses as a range of internet protocol addresses identified via a subnet mask.
  - 26. The system of claim 15, comprising means for allocating, by the appliance, a pool of intranet internet protocol addresses to assign to a plurality of users accessing the first network via a SSL VPN connection.
  - 27. The system of claim 15, comprising means for obtaining, by the appliance, the plurality of intranet internet protocol addresses from a Domain Name Server of the first network.
  - 28. The system of claim 15, comprising means for identifying, by the appliance, the user via a login request to the appliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Nanjundaswamy, Shashi, Suganthi, Josephine

Granted Patent

US 8,213,393 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/395.52
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

H04L 61/50 Address allocation

Methods for Associating an IP Address to a User Via an Appliance

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for Associating an IP Address to a User Via an Appliance

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links