Methods and apparatus for virtual private network based mobility

US 7,246,373 B1
Filed: 03/10/2006
Issued: 07/17/2007
Est. Priority Date: 09/19/2001
Status: Expired due to Term

First Claim

Patent Images

1. A VPN server, comprising:

an interface operable to receive a first message and a second message from a VPN client, the first message having a first address associated with a first subnetwork as a source address and an enterprise address as an encapsulated address, the second message having a second address associated with a second subnetwork as the source address and the enterprise address as the encapsulated address;

a processor operable to maintain an association between the enterprise address and the VPN client when the VPN client moves from the first subnetwork to the second subnetwork.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for enabling VPN based mobility are provided. A VPN client having a client subnetwork address corresponding to a particular subnetwork can create a VPN tunnel using an enterprise address from a VPN server. Using the VPN tunnel, the VPN client can establish sessions with a variety of destination nodes including destination nodes on a private or enterprise network associated with the VPN server. When the client moves, the VPN client can acquire a new address that may correspond to a new subnetwork, but the VPN server provides the VPN client with the same enterprise address. Accordingly, the VPN client can maintain existing sessions with destination nodes using the same enterprise address.

97 Citations

View as Search Results

20 Claims

1. A VPN server, comprising:
- an interface operable to receive a first message and a second message from a VPN client, the first message having a first address associated with a first subnetwork as a source address and an enterprise address as an encapsulated address, the second message having a second address associated with a second subnetwork as the source address and the enterprise address as the encapsulated address;
  
  a processor operable to maintain an association between the enterprise address and the VPN client when the VPN client moves from the first subnetwork to the second subnetwork.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The VPN server of claim 1, wherein the interface is further operable to provide the VPN client with an access list identifying one or more destinations that can be accessed through the VPN server.
  - 3. The VPN server of claim 1, wherein the first and second messages are associated with an established VPN tunnel.
  - 4. The VPN server of claim 1, wherein the enterprise address is a private network IP address.
  - 5. The VPN server of claim 1, wherein using the same enterprise address allows VPN based mobile communications to continue seamlessly.
  - 6. The VPN server of claim 1, wherein maintaining an association between the enterprise address and the VPN client comprises associating the enterprise address with a username.
  - 7. The VPN server of claim 6, wherein the enterprise address is further associated with a password.
  - 8. The VPN server of claim 1, wherein the interface is further operable to provide the enterprise address associated with the user to the VPN client.
  - 9. The VPN server of claim 8, wherein the processor is further operable to authenticate the VPN client prior to the interface providing the enterprise address associated with the VPN client to the VPN client.
  - 10. The VPN server of claim 8, wherein the enterprise address is provided by accessing the client association table.

11. A method for allowing VPN based mobility, the method comprising:
- maintaining an association between a plurality of VPN client identifiers and enterprise addresses, wherein a first VPN client identifier is associated with a first enterprise address;
  
  receiving a registration request from a VPN client, the registration request associated with a first VPN client identifier and a first VPN subnetwork identifier;
  
  determining that the first enterprise address correspond to the first VPN client identifier;
  
  sending the first enterprise address to the VPN client to allow the VPN client to access a VPN server using the first enterprise address when the VPN client moves from a first subnetwork associated with the first VPN subnetwork identifier to a second subnetwork associated with a second VPN subnetwork identifier.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The VPN server of claim 11, further comprising providing the VPN client with an access list identifying one or more destinations that can be accessed through the VPN sever.
  - 13. The VPN server of claim 11, wherein the registration request is associated with an established VPN tunnel.
  - 14. The VPN server of claim 11, wherein the encapsulated address is encrypted.
  - 15. The VPN server of claim 11, wherein the enterprise address is a private network IP address.
  - 16. The VPN server of claim 11, wherein using the same enterprise address allows VPN based mobile communications to continue seamlessly.
  - 17. The VPN server of claim 11, wherein maintaining an association between the enterprise address and the VPN client comprises associating the enterprise address with a username.

18. A server, comprising:
- means for maintaining an association between a plurality of VPN client identifiers and enterprise addresses, wherein a first VPN client identifier is associated with a first enterprise address;
  
  means for receiving a registration request from a VPN client, the registration request associated with a first VPN client identifier and a first VPN subnetwork identifier;
  
  means for determining that the first enterprise address corresponds to the first VPN client identifier;
  
  means for sending the first enterprise address to the VPN client to allow the VPN client to access a VPN server using the first enterprise address when the VPN client moves from a first subnetwork associated with the first VPN subnetwork identifier to a second subnetwork associated with a second VPN subnetwork identifier.

19. An enterprise network, comprising:
- a plurality of VPN clients;
  
  a VPN server operable to receive a registration request from a VPN client, the registration request associated with a first VPN client identifier and a first VPN subnetwork identifier, determine that a first enterprise address corresponds to the first VPN client identifier, and send the first enterprise address to the VPN client to allow the VPN client to access a VPN server using the first same enterprise address when the VPN client moves from a first subnetwork associated with the first VPN subnetwork identifier to a second subnetwork associated with a second VPN subnetwork identifier.
- View Dependent Claims (20)
- - 20. The enterprise network of claim 19, wherein the enterprise address is a private network IP address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Patel, Alpesh S., Leung, Keng
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US11/372,551
Time in Patent Office

494 Days
Field of Search

None
US Class Current

726/15
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/164   at the network layer

Methods and apparatus for virtual private network based mobility

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for virtual private network based mobility

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links