System and method for on-demand access concentrator for virtual private networks
First Claim
1. A method for an Access Concentrator to provide on-demand services for Virtual Private Network (VPN) subscribers, comprising the steps of:
- performing a first PPP negotiation with a host machine of a dial-up user when receiving a connection request from said dial-up user;
determining the authenticity of said dial-up user by looking up a VPN user database to check whether said dial-up user within said VPN user database;
assigning a network address to said dial-up user when said dial-up user is determined to be authentic;
performing a NCP negotiation to determine either said dial-up user demanding VPN services or non-VPN services;
if said dial-up user demanding a non-VPN service, providing the non-VPN service to said dial-up user by reference to said network address; and
if said dial-up user demanding a VPN-service, performing a second PPP negotiation with a VPN server and assigning a legal VPN network address for said dial-up user to access said VPN server.
1 Assignment
0 Petitions
Accused Products
Abstract
Two stages of PPP negotiations are adopted for users to access a virtual private network (VPN). The access concentrator for providing PPP connections is designed to provide the two-stage connection. In the first stage, a user is verified as an authenticated VPN user, and a first network address is assigned. In the second stage, a service requested by the authenticated user is decoded for determining either the service being a VPN service or a non-VPN service. If the service is a non-VPN service, the request is processed by reference to the network address. Otherwise, a second PPP negotiation is executed between the access concentrator and a server in a VPN, and then the server of the VPN assigns the user a VPN address for providing VPN service.
-
Citations
9 Claims
-
1. A method for an Access Concentrator to provide on-demand services for Virtual Private Network (VPN) subscribers, comprising the steps of:
-
performing a first PPP negotiation with a host machine of a dial-up user when receiving a connection request from said dial-up user;
determining the authenticity of said dial-up user by looking up a VPN user database to check whether said dial-up user within said VPN user database;
assigning a network address to said dial-up user when said dial-up user is determined to be authentic;
performing a NCP negotiation to determine either said dial-up user demanding VPN services or non-VPN services;
if said dial-up user demanding a non-VPN service, providing the non-VPN service to said dial-up user by reference to said network address; and
if said dial-up user demanding a VPN-service, performing a second PPP negotiation with a VPN server and assigning a legal VPN network address for said dial-up user to access said VPN server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
building a database for storing VPN user information.
-
-
3. The method as claimed in claim 1, further comprising the step of:
rejecting said first PPP negotiation when said dial-up user is determined to be authentic.
-
4. The method as claimed in claim 1, wherein said network address is an IP address.
-
5. The method as claimed in claim 1, wherein said non-VPN service comprises:
TELNET, FTP, WWW, and BBS.
-
6. The method as claimed in claim 1, wherein said legal VPN network address is an IP address.
-
7. The method as claimed in claim 1, wherein said legal VPN network address is an IPX address.
-
8. The method as claimed in claim 1, further comprising the step of:
forwarding packets of said dial-up user to their destinations when said dial-up requests a non-VPN service.
-
9. The method as claimed in claim 1, wherein said second PPP negotiation is based on user information obtained from said first PPP negotiation.
Specification