Flexible automated connection to virtual private networks
First Claim
1. A method practiced at a network interface unit (NIU) directly connected to at least one local area network (LAN), said NIU also being connected to a non-secure node of a second network, which second network is in packet communication with at least one access node of a secure virtual private network (VPN), the method comprisingreceiving data packets from at least one device on said at least one LAN,multiplexing said data packets into at least one packet data stream,modifying said at least one packet data stream in a security server in said NIU in accordance with a secure communications protocol by encrypting packets in said at least one packet data stream and encapsulating resulting encrypted packets, andproviding network destination address information from a Domain Name System (DNS) server for at least selected ones of said at least one packet data stream.
3 Assignments
0 Petitions
Accused Products
Abstract
A network interface unit is provided for use intermediate a LAN and a public or private network, or a combination of both, for establishing secure links to a VPN gateway. Login by a LAN client with the network interface unit, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Illustrative network interface units include a DHCP server and provide encryption-decryption and encapsulation-decapsulation of data packets for communication with VPN nodes. Configuration and connection of a client are further enhanced by a built-in DNS server and other functional servers to provide a high degree of autonomy in establishing connections to a desired VPN gateway via an ISP or other public and/or private network links to. The interface unit then performs required authentication exchanges, and required encryption key exchanges.
-
Citations
6 Claims
-
1. A method practiced at a network interface unit (NIU) directly connected to at least one local area network (LAN), said NIU also being connected to a non-secure node of a second network, which second network is in packet communication with at least one access node of a secure virtual private network (VPN), the method comprising
receiving data packets from at least one device on said at least one LAN, multiplexing said data packets into at least one packet data stream, modifying said at least one packet data stream in a security server in said NIU in accordance with a secure communications protocol by encrypting packets in said at least one packet data stream and encapsulating resulting encrypted packets, and providing network destination address information from a Domain Name System (DNS) server for at least selected ones of said at least one packet data stream.
Specification
-
- Resources
-
Current AssigneeAT&T Intellectual Property I LP (AT&T, Inc.)
-
Original AssigneeAT&T Intellectual Property I LP (AT&T, Inc.)
-
InventorsWeber, Roy Philip, Goldman, Shelley B., Foladare, Mark Jeffrey, Chen, Yihsiu, Stone, Kevin, Schryer, Norman Loren, Killian, Thomas Joseph
-
Primary Examiner(s)Follansbee; John
-
Assistant Examiner(s)Tran; Nghi V
-
Application NumberUS09/911,061Publication NumberTime in Patent Office3,389 DaysField of Search709/229, 709/223, 709/220, 709/230, 713/201US Class Current709/229CPC Class CodesH04L 12/4641 Virtual LANs, VLANs, e.g. v...H04L 12/4675 Dynamic sharing of VLAN inf...H04L 63/0227 Filtering policies mail mes...H04L 63/0272 Virtual private networksH04L 63/0428 wherein the data content is...H04L 63/083 using passwords cryptograph...
