METHOD AND SYSTEM FOR ADDRESS CONFLICT RESOLUTION
First Claim
1. A method for resolving conflict between addresses assigned in an internet protocol (IP) remote access system between a client and an internal network via a server connected to the client via an external communication network, the client being arranged behind a network address translation (NAT) router, the method comprises:
- receiving a request from the client to the server for a virtual IP address to communicate with the internal networks of the server along with IP address information of the client for conflict resolution;
comparing the IP address information of the client with a plurality of internal network addresses of the internal networks of the server for any conflicts of addresses to determine conflicted internal network addresses;
assigning a conflict resolving network address for each conflicted internal network address conflicting with the IP address information of the client;
mapping each conflicted network address of the internal network of the server to the assigned conflict resolving network address for the client; and
sending a reply with the assigned conflict resolving network addresses and non conflicting virtual IP address to the client for enabling communication between the client and the internal network via the server.
31 Assignments
0 Petitions
Accused Products
Abstract
A method and system for resolving a conflict between private internet protocol addresses assigned in a network between an internet protocol security remote access server (IRAS) and an internet protocol security remote access client (IRAC) arranged behind a network address translator (NAT) router in the network. By modifying internet key exchange version2 (IKEv2) and internet key exchange (IKE) protocol negotiations between IRAC and IRAS to include a private attribute used by IRAC to send all its internet protocol (IP) subnet addresses to IRAS, IRAS dynamically resolves any conflict of the IP addresses with that of its internal networks by mapping and assigning non-conflicting virtual IP addresses and network subnet addresses to IRAC for IRAC to access the internal networks of IRAS. The conflict resolving mechanism used in run time allows mobile virtual private networks (VPN) to access corporate networks employing IP routers implementing IP security (IPsec) remote access mechanism without access failure due to IP address conflicts.
-
Citations
20 Claims
-
1. A method for resolving conflict between addresses assigned in an internet protocol (IP) remote access system between a client and an internal network via a server connected to the client via an external communication network, the client being arranged behind a network address translation (NAT) router, the method comprises:
-
receiving a request from the client to the server for a virtual IP address to communicate with the internal networks of the server along with IP address information of the client for conflict resolution; comparing the IP address information of the client with a plurality of internal network addresses of the internal networks of the server for any conflicts of addresses to determine conflicted internal network addresses; assigning a conflict resolving network address for each conflicted internal network address conflicting with the IP address information of the client; mapping each conflicted network address of the internal network of the server to the assigned conflict resolving network address for the client; and sending a reply with the assigned conflict resolving network addresses and non conflicting virtual IP address to the client for enabling communication between the client and the internal network via the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for resolving conflict between addresses assigned in the system, the system is an internet protocol (IP) remote access system comprising:
-
a client and a server, the client connected with the server via an external communication network; an internal network connected to the server, the internal network comprising a plurality of internal network addresses, and the client in communication with the internal network via the server; and a network address translator (NAT) router connected to the client for communication with the server via the external communication network; the client having IP address information, and the client comprising a send and request module for sending a request to the server for a virtual IP address together with the IP address information of the client for conflict resolution; the server comprising a conflict resolution module for receiving the request from the client, comparing the IP address information of the client with the plurality of internal network addresses of the internal network of the server for any conflicts of addresses to determine conflicted internal network addresses, assigning a respective conflict resolving network address for each conflicted internal network address conflicting with the IP address information of the client, mapping each conflicted internal network address of the internal network of the server to each assigned respective conflict resolving network address for the client, and sending a reply with the assigned conflict resolving network address and non-conflicting virtual IP address to the client for enabling communication between the client and the internal network via the server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A server for resolving conflicts between addresses assigned in an internet protocol (IP) remote access system, the system including:
-
a client having IP address information connected with the server via an external communication network; an internal network connected to the server, the internal network comprising a plurality of internal network addresses, wherein the client is in communication with the internal network via the server; and a network address translator (NAT) router connected to the client for communication with the server via the external communication network; the server comprising; a conflict resolution module for receiving a request from the client for a virtual IP address together with the IP address information of the client for conflict resolution, comparing the IP address information of the client with the plurality of internal network addresses of the internal network of the server for any conflicts of addresses to determine conflicted internal network addresses, assigning a respective conflict resolving network address for each conflicted internal network address conflicting with the IP address information of the client, mapping each conflicted internal network address of the internal network of the server to each assigned respective conflict resolving network address for the client, and sending a reply with the assigned conflict resolving network address and non-conflicting virtual IP address to the client for enabling communication between the client and the internal network via the server.
-
Specification