Method for operating a local computer network connected to a remote private network by an IPsec tunnel, software module and IPsec gateway

US 7,869,451 B2
Filed: 12/14/2005
Issued: 01/11/2011
Est. Priority Date: 12/16/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for operating a local network and a remote network, a local terminal of the local network being connected to a gateway of the remote network by a tunnel established in blocking mode, the method comprising:

using the gateway, receiving a flow emitted from the local terminal and routed to the gateway through the tunnel, wherein the flow has a destination address equal to an internal address of local equipment located in the local network; and

when the received flow is not intended for the remote network;

using the gateway, sending the received flow to a router of the local network for the router to re-route the received flow to the internal address of the local equipment,the gateway identifying the router using information obtained during the establishment of the tunnel.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method in particular enabling the computer terminal (T_L) of a local network (RES_L), connected to a gateway (PASS_D) of a remote network (RES_D) by an IPsec tunnel in blocking mode, to launch a print job on a printer (E_L) belonging to the local network. To do this, the gateway (PASS_D) stores the correspondence between the public address (AD_1) of the local router (ROUT_L) providing the connection of the terminal to the Internet, and the private address (ad_3) assigned to the terminal (T_L) in the addressing plan of the remote network (RES_D) during the establishment of the tunnel, and sends the print flow to the local router (ROUT_L), which directs it to the local printer (E_L) by a port translation technique.

13 Citations

16 Claims

1. A method for operating a local network and a remote network, a local terminal of the local network being connected to a gateway of the remote network by a tunnel established in blocking mode, the method comprising:
- using the gateway, receiving a flow emitted from the local terminal and routed to the gateway through the tunnel, wherein the flow has a destination address equal to an internal address of local equipment located in the local network; and
  
  when the received flow is not intended for the remote network;
  
  using the gateway, sending the received flow to a router of the local network for the router to re-route the received flow to the internal address of the local equipment,the gateway identifying the router using information obtained during the establishment of the tunnel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, further comprising analyzing, using the gateway, incoming flows so as to recognize that the received flow is not intended for the remote network.
  - 3. The method according to claim 1, further comprising:
    - during establishment of the tunnel;
      
      replacing, using the router, an address of the local terminal inside the local network with a routable address of the router during a request for connection from the local terminal to the gateway;
      
      assigning, using the gateway, a remote address inside the remote network to the local terminal during the establishment of the tunnel; and
      
      storing, using the gateway, an entry in a correspondence table that matches the routable address with the remote address of the local terminal;
      
      after establishment of the tunnel;
      
      identifying, using the gateway, the routable address of the router from the correspondence table based on the remote address of the local terminal associated with the flow; and
      
      sending, using the gateway, the received flow to the routable address of the router.
  - 4. The method according to claim 1, wherein the re-routing the received flow to the internal address of the local equipment is implemented by a port translation technique.
  - 5. The method according to claim 1, wherein the flow from the local terminal includes a print order.
  - 6. The method according to claim 1, further comprising establishing one of an IPsec tunnel and an SSL tunnel connecting the gateway to the router.
  - 7. The method according to claim 1, further comprising using the gateway to establish one of an IPsec tunnel and an SSL tunnel connecting the gateway to the local equipment, wherein the local equipment includes a printer.
  - 8. The method according to claim 1, wherein the local equipment includes a printer.
  - 9. A system that includes a processor and a non-transitory tangible computer-readable medium storing instructions that, when executed by the processor, cause the processor to implement the method of claim 1, wherein the system is implement in the gateway of the remote network.
  - 10. The system according to claim 9, wherein the gateway is an IPsec gateway.
  - 11. The system according to claim 10, wherein the tangible computer-readable medium includes instructions that analyze flows of the gateway to recognize that the flow is not intended for the remote network.
  - 12. A gateway including a processor and a non-transitory tangible computer-readable medium storing instructions that, when executed by the processor, cause the processor to implement the method of claim 1.
  - 13. A network device including a processor and a non-transitory tangible computer-readable medium storing instructions that, when executed by the processor, cause the processor to implement the method of claim 1.

14. A method of operating a gateway located between a first network and a wide area network, the method comprising:
- maintaining a table that maps local addresses of the first network to routable addresses of the wide area network;
  
  establishing a blocking tunnel with a terminal located in a second network, wherein the terminal communicates with the gateway via a router located between the second network and the wide area network, and wherein the establishing includes;
  
  assigning the terminal a first address within the first network;
  
  receiving a packet from the terminal via the blocking tunnel where a routable address of the router was stored in a source address field of the packet by the router; and
  
  creating an entry in the table that maps the assigned first address to the routable address of the router;
  
  receiving packets from the wide area network;
  
  identifying received packets that were sent by the terminal through the blocking tunnel and that have a destination address field equal to an internal address of local equipment within the second network; and
  
  forwarding the identified packets to the routable address of the router over the wide area network, wherein the routable address of the router is obtained from the table using the assigned first address of the terminal, and wherein the router forwards the identified packets to the internal address of the local equipment via the second network.
- View Dependent Claims (15, 16)
- - 15. A gateway including a processor and a non-transitory tangible computer-readable medium storing instructions that, when executed by the processor, cause the processor to implement the method of claim 14.
  - 16. A network device including a processor and a non-transitory tangible computer-readable medium storing instructions that, when executed by the processor, cause the processor to implement the method of claim 14.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Monarch Networking Solutions LLC (Acacia Research Corporation)
Original Assignee
Orange S.A.
Inventors
Veysset, Franck, Butti, Laurent, Charles, Olivier
Primary Examiner(s)
Ryman, Daniel J
Assistant Examiner(s)
Tran, Thinh D

Application Number

US11/300,107
Publication Number

US 20060171401A1
Time in Patent Office

1,854 Days
Field of Search

370/401, 370/397, 370/399, 370/409, 370/389, 370/392, 713151-153
US Class Current

370/409
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

Method for operating a local computer network connected to a remote private network by an IPsec tunnel, software module and IPsec gateway

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method for operating a local computer network connected to a remote private network by an IPsec tunnel, software module and IPsec gateway

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links