×

System and method for network address translation integration with IP Security

  • US 7,401,354 B2
  • Filed: 03/12/2003
  • Issued: 07/15/2008
  • Est. Priority Date: 01/29/1999
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of operating a virtual private network (VPN) based On IP Sec that integrates network address translation (NAT) with IPSec processing, to enable two hosts operating in AH or ESP, and in tunnel or transport, modes to establish an IPSec connection across a NAT system, comprising the steps of:

  • operating said two hosts in AH or ESP, and in tunnel or transport, modes;

    configuring a plurality of NAT IP address pools and a VPN connection to utilize one of said plurality of NAT IP address pools;

    obtaining a specific IP address from a correct one of said NAT IP address pools, and allocating said specific IP address for said VPN connection prior to execution of an Internet Key Execution (IKE) protocol;

    a correct pool being determined by type of VPN connection that is starting;

    responsive to said allocating step, starting said VPN connection, including executing said IKE protocol to generate two local IPSec security associations required for said VPN connection and creating a message for IKE containing said IP address from said NAT pool;

    loading to an operating system kernel said IPSec security associations and connection filters for said VPN connection;

    responsive to loading said IPSec security associations and connection filters for said VPN connection, processing an IP datagram for said VPN connection and applying VPN NAT to said IP datagram.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×