METHOD AND SYSTEM FOR ADDRESS CONFLICT RESOLUTION

US 20120317252A1
Filed: 06/09/2011
Published: 12/13/2012
Est. Priority Date: 06/09/2011
Status: Active Grant

First Claim

Patent Images

1. A method for resolving conflict between addresses assigned in an internet protocol (IP) remote access system between a client and an internal network via a server connected to the client via an external communication network, the client being arranged behind a network address translation (NAT) router, the method comprises:

receiving a request from the client to the server for a virtual IP address to communicate with the internal networks of the server along with IP address information of the client for conflict resolution;

comparing the IP address information of the client with a plurality of internal network addresses of the internal networks of the server for any conflicts of addresses to determine conflicted internal network addresses;

assigning a conflict resolving network address for each conflicted internal network address conflicting with the IP address information of the client;

mapping each conflicted network address of the internal network of the server to the assigned conflict resolving network address for the client; and

sending a reply with the assigned conflict resolving network addresses and non conflicting virtual IP address to the client for enabling communication between the client and the internal network via the server.

View all claims

31 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for resolving a conflict between private internet protocol addresses assigned in a network between an internet protocol security remote access server (IRAS) and an internet protocol security remote access client (IRAC) arranged behind a network address translator (NAT) router in the network. By modifying internet key exchange version2 (IKEv2) and internet key exchange (IKE) protocol negotiations between IRAC and IRAS to include a private attribute used by IRAC to send all its internet protocol (IP) subnet addresses to IRAS, IRAS dynamically resolves any conflict of the IP addresses with that of its internal networks by mapping and assigning non-conflicting virtual IP addresses and network subnet addresses to IRAC for IRAC to access the internal networks of IRAS. The conflict resolving mechanism used in run time allows mobile virtual private networks (VPN) to access corporate networks employing IP routers implementing IP security (IPsec) remote access mechanism without access failure due to IP address conflicts.

Citations

20 Claims

1. A method for resolving conflict between addresses assigned in an internet protocol (IP) remote access system between a client and an internal network via a server connected to the client via an external communication network, the client being arranged behind a network address translation (NAT) router, the method comprises:
- receiving a request from the client to the server for a virtual IP address to communicate with the internal networks of the server along with IP address information of the client for conflict resolution;
  
  comparing the IP address information of the client with a plurality of internal network addresses of the internal networks of the server for any conflicts of addresses to determine conflicted internal network addresses;
  
  assigning a conflict resolving network address for each conflicted internal network address conflicting with the IP address information of the client;
  
  mapping each conflicted network address of the internal network of the server to the assigned conflict resolving network address for the client; and
  
  sending a reply with the assigned conflict resolving network addresses and non conflicting virtual IP address to the client for enabling communication between the client and the internal network via the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the NAT router is connected to the client for communication with the server via the external communication network, and mapping of each conflicted internal network address of the internal network of the server to each assigned respective conflict resolving network address for the client is performed in a conflict resolving module of the server.
  - 3. The method of claim 1, wherein the client and server communicate with internet key exchange (IKE) protocol for IP security (IPSec) tunnel establishment.
  - 4. The method of claim 3, wherein the request sent from the client to the server comprises a private attribute containing the IP address information of the client in an attribute payload.
  - 5. The method of claim 3, wherein the reply sent from the server to the client comprises the assigned conflict resolving network addresses as subnet addresses in an attribute payload.
  - 6. The method of claim 1, wherein the client and server use internet key exchange version 2 (IKEv2) for IP security (IPSec) tunnel establishment.
  - 7. The method of claim 6, wherein the request sent from the client to the server comprises a private attribute containing the IP address information of the client in a configuration payload (CP).
  - 8. The method of claim 6, wherein the reply sent from the server to the client comprises the assigned conflict resolving network addresses as subnet addresses in a configuration payload (CP) of type reply.

9. A system for resolving conflict between addresses assigned in the system, the system is an internet protocol (IP) remote access system comprising:
- a client and a server, the client connected with the server via an external communication network;
  
  an internal network connected to the server, the internal network comprising a plurality of internal network addresses, and the client in communication with the internal network via the server; and
  
  a network address translator (NAT) router connected to the client for communication with the server via the external communication network;
  
  the client having IP address information, and the client comprising a send and request module for sending a request to the server for a virtual IP address together with the IP address information of the client for conflict resolution;
  
  the server comprising a conflict resolution module for receiving the request from the client, comparing the IP address information of the client with the plurality of internal network addresses of the internal network of the server for any conflicts of addresses to determine conflicted internal network addresses, assigning a respective conflict resolving network address for each conflicted internal network address conflicting with the IP address information of the client, mapping each conflicted internal network address of the internal network of the server to each assigned respective conflict resolving network address for the client, and sending a reply with the assigned conflict resolving network address and non-conflicting virtual IP address to the client for enabling communication between the client and the internal network via the server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The system of claim 9, wherein the conflict resolving network addresses are conflict resolving subnet network addresses and the internal network addresses of the server are internal subnet network addresses of the internal network.
  - 11. The system of claim 9, wherein the server comprises of a one to one NAT module for mapping each conflicted internal network address of the internal network of the server to each assigned respective conflict resolving network address for the client in data communication between the client and the internal network.
  - 12. The system of claim 9, wherein the server further comprises a domain name server (DNS)-application level gateway (ALG) module for mapping the original internal network IP address information to the assigned conflict resolving network addresses in DNS response messages destined to the client.
  - 13. The system of claim 9, wherein the client is an internet protocol security remote access client (IRAC) and the server is an internet protocol security remote access server (IRAS).
  - 14. The system of claim 9, wherein the client and server communicate with internet key exchange (IKE) protocol for IP security (IPSec) tunnel establishment.
  - 15. The system of claim 14, wherein the request sent from the client to the server comprises a private attribute containing the IP address information of the client in an attribute payload.
  - 16. The system of claim 14, wherein the reply sent from the server to the client comprises the assigned conflict resolving network addresses as subnet addresses in an attribute payload.
  - 17. The system of claim 9, wherein the client and server use internet key exchange version 2 (IKEv2) for IP security (IPSec) tunnel establishment.
  - 18. The system of claim 17, wherein the request sent from the client to the server comprises a private attribute containing the IP address information of the client.
  - 19. The system of claim 17, wherein the reply sent from the server to the client comprises the assigned conflict resolving network addresses as subnet addresses in a configuration payload (CP) of type reply.

20. A server for resolving conflicts between addresses assigned in an internet protocol (IP) remote access system, the system including:
- a client having IP address information connected with the server via an external communication network;
  
  an internal network connected to the server, the internal network comprising a plurality of internal network addresses, wherein the client is in communication with the internal network via the server; and
  
  a network address translator (NAT) router connected to the client for communication with the server via the external communication network;
  
  the server comprising;
  
  a conflict resolution module for receiving a request from the client for a virtual IP address together with the IP address information of the client for conflict resolution, comparing the IP address information of the client with the plurality of internal network addresses of the internal network of the server for any conflicts of addresses to determine conflicted internal network addresses, assigning a respective conflict resolving network address for each conflicted internal network address conflicting with the IP address information of the client, mapping each conflicted internal network address of the internal network of the server to each assigned respective conflict resolving network address for the client, and sending a reply with the assigned conflict resolving network address and non-conflicting virtual IP address to the client for enabling communication between the client and the internal network via the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP USA, Inc. (NXP Semiconductors NV)
Original Assignee
Freescale Semiconductor, Inc. (NXP Semiconductors NV)
Inventors
Vemulapalli, Jyothi, Addepalli, Srinivasa R., Nittala, Satya Srinivasa Murthy

Granted Patent

US 8,805,977 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/221
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/2592   using tunnelling or encapsu...

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5046   Resolving address allocatio...

H04L 63/0272   Virtual private networks

METHOD AND SYSTEM FOR ADDRESS CONFLICT RESOLUTION

First Claim

31 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR ADDRESS CONFLICT RESOLUTION

First Claim

31 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links