System and method for using virtual local area network tags with a virtual private network
First Claim
1. A network access system comprising:
- a home agent in communication with a user device via a user session;
an initiating security gateway in communication with the home agent; and
a terminating security gateway in communication with the initiating security gateway via a tunnel,wherein a virtual local area network tag associated with the user session maps to a selector operable in a security policy database associated with an Internet Protocol Security protocol, and wherein the selector maps to a security policy stored within the security policy database.
7 Assignments
0 Petitions
Accused Products
Abstract
An exemplary system and method for using a network access system, such as a virtual private network (VPN), are provided. A user device may have a user session with a home agent. Additionally, an initiating security gateway may be in communication with the home agent, and a terminating security gateway may be in communication with the initiating security gateway via a tunnel (e.g., Internet Protocol in Internet Protocol (IP-in-IP) or Internet Protocol security (IPsec) tunnel). Further, a virtual local area network (VLAN) tag associated with the user session may map to a selector operable in a security policy database. The selector may be used to find a security policy defining an IPsec procedure, and the security policy may be applied to the tunnel. Also, the initiating security gateway may also include a Quality of Service (QoS) module that determines QoS markings for a packet traveling along the tunnel.
174 Citations
32 Claims
-
1. A network access system comprising:
-
a home agent in communication with a user device via a user session; an initiating security gateway in communication with the home agent; and a terminating security gateway in communication with the initiating security gateway via a tunnel, wherein a virtual local area network tag associated with the user session maps to a selector operable in a security policy database associated with an Internet Protocol Security protocol, and wherein the selector maps to a security policy stored within the security policy database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for transmitting a packet via an initiating security gateway, the method comprising the steps of:
-
receiving a packet including a virtual local area network tag associated with a user session; mapping the virtual local area network tag to a selector; mapping the selector to a security policy stored within a security policy database associated with an Internet Protocol Security protocol; performing an Internet Protocol security procedure based on the security policy; and transmitting the packet to a terminating security gateway across a tunnel. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A network system comprising:
-
a home agent in communication with a user device via a user session; an access server that authenticates the user device and provides a virtual local area network tag for the user session to the home agent; an initiating security gateway that receives a packet including the virtual local area network tag from the home agent, wherein the initiating security gateway includes a selector table mapping the virtual local area network tag to a selector; a security policy database that is associated with a Internet Protocol Security protocol, wherein the security policy database maps the selector to at least one security policy defining an Internet Protocol security procedure, wherein the Internet Protocol security procedure is applied to the packet; and a receiving network including a terminating security gateway that receives the packet from the initiating security gateway via a tunnel. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. An initiating security gateway comprising:
-
a selector module including a filtering mechanism for identifying a virtual local area network tag associated with a user session within a packet and a selector table for mapping the virtual local area network tag to a selector; a security policy database associated with an Internet Protocol Security protocol for mapping the selector to an Internet Protocol security policy; and an Internet Protocol Security module for applying the Internet Protocol security policy to the packet while sending the packet to a terminating security gateway. - View Dependent Claims (29, 30, 31, 32)
-
Specification