System and method for integrating mobile networking with security-based VPNs
First Claim
Patent Images
1. A method for providing a secure network path between network nodes, the method comprising:
- providing a home agent module on a network device on a foreign network side of an external firewall and providing a foreign agent module within a network zone created by the external firewall and an internal firewall, the home agent module and the foreign agent module creating a mobile IP proxy;
establishing a secure data tunnel between the home agent module and the foreign agent module of the mobile IP (MIP) proxy;
receiving a first registration request from a mobile node, said registration request including a permanent network address for the mobile node;
sending a second registration request to a home agent specifying the permanent network address and a proxy care-of address;
creating a network data tunnel between the mobile node and the mobile IP proxy;
creating a first security association between the mobile node and a VPN gateway using the permanent network address for the mobile node;
creating a second security association between the home agent and the VPN gateway;
utilizing, by the home agent, a mobile IP proxy IP address as the care-of address for the VPN gateway;
processing, by the mobile IP proxy, network data received from the mobile node as a surrogate home agent;
receiving by the home agent a packet of data from a corresponding node;
routing the packet of data to the mobile IP proxy;
processing, by the mobile IP proxy, the packet of data received from the home agent as a surrogate mobile node, the processing including routing the packet of data by the mobile IP proxy to the VPN gateway;
encapsulating the packet of data in a security layer by the VPN gateway;
receiving the encapsulated data by the mobile IP proxy from the VPN gateway; and
routing the encapsulated data from the mobile IP proxy to the mobile node.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods provide a secure network path through an inner and outer firewall pair between a mobile node on a foreign network and a corresponding node on a home network. One aspect of the systems and methods includes providing a mobile IP proxy between the mobile node and a VPN gateway inside the firewalls. The mobile IP proxy acts as a surrogate home agent to the mobile node, and acts as a surrogate mobile node to a home agent residing on the home network.
-
Citations
18 Claims
-
1. A method for providing a secure network path between network nodes, the method comprising:
-
providing a home agent module on a network device on a foreign network side of an external firewall and providing a foreign agent module within a network zone created by the external firewall and an internal firewall, the home agent module and the foreign agent module creating a mobile IP proxy; establishing a secure data tunnel between the home agent module and the foreign agent module of the mobile IP (MIP) proxy; receiving a first registration request from a mobile node, said registration request including a permanent network address for the mobile node; sending a second registration request to a home agent specifying the permanent network address and a proxy care-of address; creating a network data tunnel between the mobile node and the mobile IP proxy; creating a first security association between the mobile node and a VPN gateway using the permanent network address for the mobile node; creating a second security association between the home agent and the VPN gateway; utilizing, by the home agent, a mobile IP proxy IP address as the care-of address for the VPN gateway; processing, by the mobile IP proxy, network data received from the mobile node as a surrogate home agent; receiving by the home agent a packet of data from a corresponding node; routing the packet of data to the mobile IP proxy; processing, by the mobile IP proxy, the packet of data received from the home agent as a surrogate mobile node, the processing including routing the packet of data by the mobile IP proxy to the VPN gateway; encapsulating the packet of data in a security layer by the VPN gateway; receiving the encapsulated data by the mobile IP proxy from the VPN gateway; and routing the encapsulated data from the mobile IP proxy to the mobile node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A tangible computer-readable medium encoded with a computer program including instructions to cause one or more processors to perform a method for providing a secure network path between nodes in a network, the method comprising:
-
providing a home agent module on a network device on a foreign network side of an external firewall and providing a foreign agent module within a network zone created by the external firewall and an internal firewall, the home agent module and the foreign agent module creating a mobile IP proxy; establishing a secure data tunnel between the home agent module and the foreign agent module of the mobile IP proxy; receiving a first registration request from a mobile node, said registration request including a permanent network address for the mobile node; sending a second registration request to a home agent specifying the permanent network address and a proxy care-of address; creating a network data tunnel between a mobile node and the mobile IP proxy; creating a first security association between the mobile node and a VPN gateway using the permanent network address associated for the mobile node; creating a second security association between the home agent and the VPN gateway; utilizing by the home agent a mobile IP proxy IP address as the care-of address for the VPN gateway; processing, by the mobile IP proxy, network data received from the mobile node as a surrogate home agent; receiving by the home agent a packet of data from a corresponding node; routing the packet of data to the MIP proxy; processing, by the mobile IP proxy, packet of data received from the home agent as a surrogate mobile node, the processing including routing the packet of data by the mobile IP proxy to the VPN gateway; encapsulating the packet of data in a security layer by the VPN gateway; receiving the encapsulated data by the MIP proxy from the VPN gateway; and routing the encapsulated data from the MIP proxy to the mobile node. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification