Systems and methods for using a client agent to manage ICMP traffic in a virtual private network environment
First Claim
1. A method for using a client agent executing on a client to send ICMP messages to an appliance connected via a virtual private network, the method comprising:
- (a) establishing, via a client agent executing on a client, a transport layer virtual private network (VPN) connection with an appliance;
(b) intercepting, by the client agent at a network layer, an ICMP request originating from the client;
(c) transmitting, by the client agent via the transport layer connection, the ICMP request to the appliance, the ICMP request comprising a destination address and a source address identifying the client;
(d) determining, by the appliance, whether the destination address corresponds to a device having a VPN connection to the appliance; and
(e) modifying, by the appliance, the source address of the ICMP request to identify an address routable back to the appliance if the destination address corresponds to a device not having a VPN connection to the appliance, and if the destination address corresponds to a device having a VPN connection to the appliance, responding by the appliance to the ICMP request on behalf of the device.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for using a client agent executing on a client to send ICMP messages to an appliance connected via a virtual private network Methods include: establishing, via a client agent executing on a client, a transport layer virtual private network connection with an appliance; intercepting, by the client agent at the network layer, an ICMP request originating from the client; and transmitting, by the client agent via a transport layer connection, the ICMP request to the appliance. Addition methods describe determining, by the appliance, the address identified by the ICMP request corresponds to a second client, the second client also connected via a virtual private network to the remote machine; and transmitting, by the appliance to the second client via the virtual private network connection, the ICMP request. Corresponding systems are also described.
-
Citations
22 Claims
-
1. A method for using a client agent executing on a client to send ICMP messages to an appliance connected via a virtual private network, the method comprising:
-
(a) establishing, via a client agent executing on a client, a transport layer virtual private network (VPN) connection with an appliance; (b) intercepting, by the client agent at a network layer, an ICMP request originating from the client; (c) transmitting, by the client agent via the transport layer connection, the ICMP request to the appliance, the ICMP request comprising a destination address and a source address identifying the client; (d) determining, by the appliance, whether the destination address corresponds to a device having a VPN connection to the appliance; and (e) modifying, by the appliance, the source address of the ICMP request to identify an address routable back to the appliance if the destination address corresponds to a device not having a VPN connection to the appliance, and if the destination address corresponds to a device having a VPN connection to the appliance, responding by the appliance to the ICMP request on behalf of the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 21)
-
-
11. A system for using a client agent residing on a local machine to send ICMP messages to an appliance connected via a virtual private network, the system comprising:
-
A client computing device; and a client agent executing on the client which establishes a virtual private network connection with an appliance;
intercepts, at a network layer, an ICMP request originating from the client; and
transmits, via a transport layer connection, the ICMP request to the appliance, the ICMP request comprising a destination address and a source address identifying the client; andan appliance determining whether the destination address corresponds to a device not having a VPN connection to the appliance, modifying the source address of the ICMP request to identify an address routable back to the appliance if the destination address corresponds to a device not having a VPN connection to the appliance, and if the destination address corresponds to a device having a VPN connection to the appliance, responding to the ICMP request on behalf of the device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
22. A method for using a client agent executing on a client to send ICMP messages to a server via a virtual private network (VPN), the method comprising:
-
(a) establishing, via a client agent executing on a client, a transport layer virtual private network (VPN) connection with an appliance; (b) intercepting, by a filter of the client agent operating at a network layer, an ICMP request originating from the client; (c) communicating, by the filter, the intercepted ICMP request to the client agent at the transport layer; (d) transmitting, by the client agent via the transport layer connection, the ICMP request to the appliance, the ICMP request comprising a destination address and a source address identifying the client; (e) determining, by the appliance, whether the destination address corresponds to a device not having a VPN connection to the appliance; (f) modifying, by the appliance, the source address of the ICMP request to identify an address routable back to the appliance prior to transmission via a network layer connection to the device identified by the destination address of the ICMP request if the destination address corresponds to a device not having a VPN connection to the appliance, and if the destination address corresponds to a device having a VPN connection to the appliance, responding by the appliance to the ICMP request on behalf of the device.
-
Specification