Firewall for gateway network elements between IP based networks
First Claim
Patent Images
1. A gateway network element that provides access to network elements that are not directly reachable, comprising:
- a processor that is directed by code;
code that receives and sends packets over a first IP based interface to a first network;
code that receives and sends packets over a second IP based interface to a second network, wherein IP addresses of network elements in the second network are not visible to network elements in the first network;
code for categorizing the received packets based on the interface over which the packet was received, type of packet, and whether the destination address specifies the gateway network element; and
code that selects and applies a set of filtering rules to the categorized packets based on a category of the received packet, wherein each set of said filtering rules differ from said other sets of filtering rules and comprises rules specifying which of said packets are accepted and which of said packets are rejected;
wherein the first network is a Data Communications Network (DCN) and the second network is a Data Communication Channel (DCC) and the code that applies said filtering rules provides separation between the DCN network and the DCC network.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for implementing a firewall in a gateway network element between two IP based networks is provided. Packets can be filtered out that specify the gateway network element as the source, where the packet comes from the network that is not visible to the other network. For example, if a packet on DCC going to the gateway network element specifies the gateway network element as the source, the packet can be discarded.
-
Citations
19 Claims
-
1. A gateway network element that provides access to network elements that are not directly reachable, comprising:
-
a processor that is directed by code; code that receives and sends packets over a first IP based interface to a first network; code that receives and sends packets over a second IP based interface to a second network, wherein IP addresses of network elements in the second network are not visible to network elements in the first network; code for categorizing the received packets based on the interface over which the packet was received, type of packet, and whether the destination address specifies the gateway network element; and code that selects and applies a set of filtering rules to the categorized packets based on a category of the received packet, wherein each set of said filtering rules differ from said other sets of filtering rules and comprises rules specifying which of said packets are accepted and which of said packets are rejected; wherein the first network is a Data Communications Network (DCN) and the second network is a Data Communication Channel (DCC) and the code that applies said filtering rules provides separation between the DCN network and the DCC network. - View Dependent Claims (2, 3, 4, 11, 12, 13, 14, 18, 19)
-
-
5. A gateway network element that provides access to network elements that are not directly reachable, comprising:
-
a processor that is directed by code; means for receiving and sending packets over a first IP based interface to a first network; means for receiving and sending packets over a second IP based interface to a second network, wherein IP addresses of network elements in the second network are not visible to network elements in the first network; means for categorizing the received packets based on the interface over which the packet was received, type of packet, and whether the destination address specifies the gateway network element; and means for selecting and applying a set of filtering rules to the categorized packets based on a category of the received packet, wherein each set of said filtering rules differ from said other sets of filtering rules and comprises rules specifying which of said packets are accepted and which of said packets are rejected; wherein the first network is a Data Communications Network (DCN) and the second network is a Data Communication Channel (DCC) and the code that applies said filtering rules provides separation between the DCN network and the DCC network. - View Dependent Claims (15, 16, 17)
-
-
6. A method for providing access to network elements that are not directly reachable, comprising:
-
receiving and sending packets over a first IP based interface to a first network; receiving and sending packets over a second IP based interface to a second network, wherein IP addresses of network elements in the second network are not visible to network elements in the first network; categorizing the received packets based on the interface over which the packet was received, type of packet, and whether the destination address specifies the gateway network element; and selecting and applying a set of filtering rules to the categorized packets based on a category of the received packet, wherein each set of said filtering rules differ from said other sets of filtering rules and comprises rules specifying which of said packets are accepted and which are rejected; wherein the first network is a Data Communications Network (DCN) and the second network is a Data Communication Channel (DCC) and applying said filtering rules provides separation between the DCN network and the DCC network. - View Dependent Claims (7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsFriedman, David, James, Stephen, Shombert, Lee, Carle, Jennifer
-
Primary Examiner(s)DONAGHUE, LARRY D
-
Application NumberUS10/690,182Time in Patent Office2,359 DaysField of Search709/249, 709/227US Class Current709/249CPC Class CodesH04L 63/0236 Filtering by address, proto...
