Method and apparatus for providing adaptive VPN to enable different security levels in virtual private networks (VPNs)
First Claim
1. A method of providing at least two virtual private network (VPN) tunnels from a client device in a VPN network comprising an enterprise VPN gateway and a network VPN gateway, said method comprising:
- establishing said at least two tunnels using an encryption key exchange protocol;
downloading respective enterprise security policies for each of said at least two tunnels, wherein a first tunnel is an end-to-end VPN tunnel to said enterprise VPN gateway, and a second tunnel is a network-based tunnel to said network VPN gateway; and
routing packets over one of said at least two tunnels selected based on said downloaded policies.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing at least two virtual private network VPN tunnels from a client device in a VPN network having an enterprise gateway and a network VPN gateway. The method and apparatus includes a client device having an Internet Key Exchange (IKE) module for establishing the at least two tunnels using an IKE protocol wherein a first tunnel is an end-to-end VPN tunnel to the enterprise gateway, and a second tunnel is a network-based tunnel to the network VPN gateway. An IPsec Network Driver Interface interfaces with the IKE module, which includes a security authentication database (SADB) that stores downloaded enterprise security policies respectively for each of the at least two tunnels. A routing table stores IP addresses of local presences and hosts respectively associated with the at least two tunnels, whereby packets are routed over the at least two tunnels based on the downloaded policies.
124 Citations
27 Claims
-
1. A method of providing at least two virtual private network (VPN) tunnels from a client device in a VPN network comprising an enterprise VPN gateway and a network VPN gateway, said method comprising:
-
establishing said at least two tunnels using an encryption key exchange protocol; downloading respective enterprise security policies for each of said at least two tunnels, wherein a first tunnel is an end-to-end VPN tunnel to said enterprise VPN gateway, and a second tunnel is a network-based tunnel to said network VPN gateway; and routing packets over one of said at least two tunnels selected based on said downloaded policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A client apparatus for providing at least two virtual private network (VPN) tunnels, comprising:
-
an Internet key exchange (IKE) module; an IPsec Network Driver Interface Specification (NDIS) driver interfacing with said IKE module, said IPsec NDIS driver comprising a security authentication database (SADB) that stores policy information for each of said at least two tunnels; and a routing table for respectively storing IP addresses of local presences and hosts respectively associated with said at least two tunnels, said routing table for use in routing packets over one of said at least two tunnels selected based on said downloaded policies. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A client apparatus for providing at least two virtual private network (VPN) tunnels, comprising:
-
means for establishing said at least two tunnels using an encryption key exchange protocol; means for downloading respective enterprise security policies for each of said at least two tunnels, wherein a first tunnel is an end-to-end VPN tunnel to said enterprise gateway, and a second tunnel is a network-based tunnel to said network VPN gateway; and means for routing packets over one of said at least two tunnels selected based on said downloaded policies. - View Dependent Claims (27)
-
Specification