Method and apparatus for configuring a virtual private network
First Claim
1. A method for establishing a virtual private network for facilitating secure communications between entities over a public data network, comprising:
- receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network;
wherein the entities reside on local networks coupled to the public data network and are addressed through local network addresses;
assembling a plurality of identifiers for the plurality of entities;
defining address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses for the local networks into corresponding addresses on the public data network;
using the plurality of identifiers to identify communications between the plurality of entities;
transferring the communications between the plurality of entities securely over the public data network; and
wherein transferring the communications involves using the address translation rules to translate local network addresses into addresses on the public data network.
19 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and an apparatus for establishing a virtual private network that operates over a public data network. One embodiment of the present invention includes a system that selects a plurality of entities coupled to the public data network to include in the virtual private network. The system next assembles a plurality of identifiers for the plurality of entities. These identifiers are used to identify communications between the plurality of entities, so that these communications can be transferred securely over the public data network. A variation on this embodiment includes defining encryption, authentication and compression parameters for the virtual private network. In another variation, selecting the plurality of entities includes, assembling entities coupled to the public data network into groups, and selecting groups of entities to include in the virtual private network. Another variation includes defining access control rules specifying types of communications that are allowed to pass through virtual private network units. These virtual private network units are typically used to couple local area networks to the public network so that secure communications on the public network pass through the virtual private network units. Yet another variation on this embodiment includes defining address translation rules for virtual private network units coupled to the public data network. These address translation rules are used to translate local network addresses to public network addresses.
347 Citations
27 Claims
-
1. A method for establishing a virtual private network for facilitating secure communications between entities over a public data network, comprising:
-
receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network;
wherein the entities reside on local networks coupled to the public data network and are addressed through local network addresses;
assembling a plurality of identifiers for the plurality of entities;
defining address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses for the local networks into corresponding addresses on the public data network;
using the plurality of identifiers to identify communications between the plurality of entities;
transferring the communications between the plurality of entities securely over the public data network; and
wherein transferring the communications involves using the address translation rules to translate local network addresses into addresses on the public data network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
receiving commands to assemble entities coupled to the public data network into groups of at least one entity; and
receiving selections for groups of entities to include in the virtual private network.
-
-
4. The method of claim 3, wherein each group is associated with a virtual private network unit through which communications between the group and the public data network are routed.
-
5. The method of claim 1, further comprising defining access control rules specifying types of communications that are allowed to pass through virtual private network units, the virtual private network units being coupled to the public network so that secure communications on the public network pass through the virtual private network units.
-
6. The method of claim 1, wherein the address translation rules facilitate communicating with multiple entities through a single Internet Protocol (IP) address.
-
7. The method of claim 1, wherein the plurality of identifiers includes an Internet Protocol (IP) address.
-
8. The method of claim 1, wherein the plurality of identifiers includes a user identifier that identifies a computer user.
-
9. The method of claim 1, wherein the plurality of entities includes a computer system.
-
10. The method of claim 1, wherein the plurality of entities includes a computer user.
-
11. The method of claim 1, wherein the plurality of entities includes a remote client that can connect to the virtual private network from a remote location.
-
12. The method of claim 1, wherein receiving selections for the plurality of entities includes receiving selections for the plurality of entities at a virtual private network manager located at a centralized site on the public data network.
-
13. A method for establishing a virtual private network for facilitating secure communications between entities over a public data network, comprising:
-
receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network, wherein selecting the plurality of entities comprises assembling entities into groups of at least one entity, and selecting groups of entities to include in the virtual private network, each group of entities being associated with a virtual private network unit through which communications between the group and the public data network are routed;
wherein the entities reside on local networks coupled to the public data network and are addressed through local network addresses;
defining encryption, authentication and compression parameters for the virtual private network;
defining address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses for the local networks into corresponding addresses on the public data network;
assembling a plurality of identifiers for the plurality of entities;
using the plurality of identifiers to identify communications between the plurality of entities;
transferring the communications between the plurality of entities securely over the public data network; and
wherein transferring the communications involves using the address translation rules to translate local network addresses into addresses on the public data network. - View Dependent Claims (14, 15)
-
-
16. An apparatus for establishing a virtual private network for facilitating secure communications between entities over a public data network, comprising:
-
a virtual private network manager coupled to the public data network;
a selection mechanism, within the virtual private network manager, for receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network, and for assembling a plurality of identifiers for the plurality of entities;
wherein the plurality of entities reside on local networks coupled to the public data network and are addressed through local network addresses;
wherein the virtual private network manager is configured to define address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses to corresponding addresses on the public data network;
a virtual private network unit, coupled to the public data network, through which communications between entities in the virtual private network are routed;
an identification mechanism, within the virtual private network unit, that uses the plurality of identifiers to identify communications between the plurality of entities;
a secure communication mechanism with the virtual private network unit for transferring the communications between the plurality of entities securely over the public data network; and
wherein the secure communication mechanism is configured to use the address translation rules to translate local network addresses into addresses on the public data network. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A program storage device storing instructions that when executed by a computer perform a method for establishing a virtual private network for facilitating secure communications between entities over a public data network, the method comprising:
-
receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network;
wherein the entities reside on local networks coupled to the public data network and are addressed through local network addresses;
assembling a plurality of identifiers for the plurality of entities;
defining address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses for the local networks into corresponding addresses on the public data network;
using the plurality of identifiers to identify communications between the plurality of entities;
transferring the communications between the plurality of entities securely over the public data network; and
wherein transferring the communications involves using the address translation rules to translate local network addresses into addresses on the public data network.
-
Specification