Systems and methods of providing server initiated connections on a virtual private network
First Claim
1. A method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection, the method comprising the steps of:
- (a) receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network, the transport layer connection request identifying a client destination internet protocol address and a client destination port on the first network;
(b) establishing, by the appliance, a first transport layer connection to the server on the first network;
(c) determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network;
(d) transmitting, by the appliance, connection information identifying the client destination port to an agent on the client;
(e) establishing, by the agent, a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network;
(f) establishing, by the agent, a third transport layer connection to the appliance and associating the third transport layer connection with the second transport layer connection;
(g) linking, by the appliance, the first transport layer connection to the server with the third transport layer connection to the agent of the client; and
(h) associating, by the appliance, a first connection record for the first transport layer connection to the server with a second connection record for the third transport layer connection.
10 Assignments
0 Petitions
Accused Products
Abstract
The present invention is related to a method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection. The method includes the step of receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network. The transport layer connection request identifies a client destination internet protocol address and a client destination port on the first network. The method includes establishing, by the appliance, a first transport layer connection to the server on the first network, determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network, and transmitting, by the appliance, connection information identifying the client destination port to an agent on the client. The agent establishes a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network and establishes a third transport layer connection to the appliance, which it associates with the second transport layer connection.
-
Citations
22 Claims
-
1. A method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection, the method comprising the steps of:
-
(a) receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network, the transport layer connection request identifying a client destination internet protocol address and a client destination port on the first network; (b) establishing, by the appliance, a first transport layer connection to the server on the first network; (c) determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network; (d) transmitting, by the appliance, connection information identifying the client destination port to an agent on the client; (e) establishing, by the agent, a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network; (f) establishing, by the agent, a third transport layer connection to the appliance and associating the third transport layer connection with the second transport layer connection; (g) linking, by the appliance, the first transport layer connection to the server with the third transport layer connection to the agent of the client; and (h) associating, by the appliance, a first connection record for the first transport layer connection to the server with a second connection record for the third transport layer connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection, the system comprising:
-
means for receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network, the transport layer connection request identifying a client destination internet protocol address and a client destination port on the first network; means for establishing, by the appliance, a first transport layer connection to the server on the first network; means for determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network; means for transmitting, by the appliance, connection information identifying the client destination port to an agent on the client; means for establishing, by the agent, a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network; means for establishing, by the agent, a third transport layer connection to the appliance and associating the third transport layer connection with the second transport layer connection; means for linking, by the appliance, the first transport layer connection to the server with the third transport layer connection to the agent of the client; and means for associating, by the appliance, a first connection record for the first transport layer connection to the server with a second connection record for the third transport layer connection. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification