×

System and method for network address translation integration with IP security

  • US 7,107,614 B1
  • Filed: 05/23/2000
  • Issued: 09/12/2006
  • Est. Priority Date: 01/29/1999
  • Status: Expired due to Term
First Claim
Patent Images

1. A method of operating a virtual private network (VPN) based on IPsec that integrates network address translation (NAT) with IPsec processing, comprising the steps executed at one end of a VPN connection of:

  • configuring a VPN NAT IP address pool on a VPN gateway machine at said one end of a VPN connection employing only IP address data available at said VPN gateway machine;

    configuring at said one end of said VPN connection a VPN connection to utilize said VPN NAT IP address pool;

    obtaining at said one end of said VPN connection a specific IP address from said VPN NAT IP address pool, and allocating said specific IP address for said VPN connection;

    starting said VPN connection;

    loading to an operating system kernel at said one end of said VPN connection the security associations and connection filters for said VPN connection;

    processing at said one end of said VPN connection a IP datagram for said VPN connection;

    applying VPN NAT at one end of said VPN connection to said IP datagram with source and destination port values after the application of VPN NAT being the same as before application of VPN NAT; and

    further for integrating NAT with IPsec for dynamically-keyed internet key exchange protocol (IKE) IPsec connections, comprising the further step of;

    configuring the VPN connections to obtain their keys automatically.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×