Remote Access to Secure Network Devices
First Claim
1. A system for communicating between a client coupled to a first network and first and second target devices coupled to a second network, the first and second network including a secure gateway between the networks, comprising:
- an internal processor having a network adapter coupled to the second network;
an external processor having a network adapter coupled to the first network, the network adapter including a plurality of ports; and
code associated with the internal processor and the external processor, the code enabling the internal processor to initiate a persistent first communication connection with the external processor at a first one of the plurality of ports, to map a second one of the plurality of ports to the first one of the plurality of ports to an internal network address of the first target device, and to map a third one of the plurality of ports to the first one of the plurality of ports to an internal network address of second target device; and
, upon receiving a communication from the client on the second one of the plurality of ports, the code enabling;
the external processor to authorize a second communication connection with the client;
the internal processor to initiate a third communication connection with the first target device; and
the internal and external processors to enable a logical fourth communication connection between the client and the first target device using the first, second, and third communication connections.
0 Assignments
0 Petitions
Accused Products
Abstract
An illustrative communication system provides remote access to target devices located behind a firewall or other network security gateway. The system includes an internal processor and target devices coupled to a network located inside the gateway, and an external processor and clients coupled to a network located outside the network security gateway, for example the Internet. The internal processor includes an application and a database containing the internal processor node number, the shared secret, and a static IP address of the external processor. The external processor includes an application and database containing the internal processor node number, the shared secret, port to port to target device address mapping, and authentication data for clients. Upon activation the internal processor initiates a persistent TCP session with the external processor. Client access to the targeted devices is provided upon a client connecting to a port of the external processor, the port associated with a target device. Multiple logical sessions between various clients and targeted devices are supported over and transparent to the single persistent TCP session.
100 Citations
20 Claims
-
1. A system for communicating between a client coupled to a first network and first and second target devices coupled to a second network, the first and second network including a secure gateway between the networks, comprising:
-
an internal processor having a network adapter coupled to the second network; an external processor having a network adapter coupled to the first network, the network adapter including a plurality of ports; and code associated with the internal processor and the external processor, the code enabling the internal processor to initiate a persistent first communication connection with the external processor at a first one of the plurality of ports, to map a second one of the plurality of ports to the first one of the plurality of ports to an internal network address of the first target device, and to map a third one of the plurality of ports to the first one of the plurality of ports to an internal network address of second target device; and
, upon receiving a communication from the client on the second one of the plurality of ports, the code enabling;the external processor to authorize a second communication connection with the client; the internal processor to initiate a third communication connection with the first target device; and the internal and external processors to enable a logical fourth communication connection between the client and the first target device using the first, second, and third communication connections. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A communication device for providing communication with a first client and a second client located outside of a network gateway and target devices located inside of the network gateway, comprising:
-
a processor; a network adapter coupled to the processor; and code associated with the processor and network adapter, the code including a shared secret, a network address and port number for the first client, and executable instructions; and wherein the code enables; the processor to initiate a first communication connection with the first client located outside of the network gateway, the first communication connection including a persistent transport layer session; and upon the second client communicating with the first client and requesting access to the first target device; the processor to initiate a second communication connection with a first target device; and the processor to enable a logical third communication connection between the second client and the first target device using the first and second communication connection. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method of providing a reverse network connection through a network gateway securing a first network from access over a second network, comprising:
-
identifying a node number of an internal processor coupled to the first network; providing to the internal processor a network address and connection port number of an external processor coupled to the second network; providing to the external processor the node number of the internal processor and a plurality of network addresses corresponding to a plurality of target devices coupled to the first network; and mapping in the external processor each of a plurality of ports of the external processor to the connection port number to one of the plurality of network addresses corresponding to one of the plurality of target devices. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification