Policy based network address translation
First Claim
Patent Images
1. A method for applying an access rule to select a user based network address translation maps for accessing an internal network from an external network, the method comprising:
- (a) authenticating, by an access management system executing on a device deployed between an external network and an in internal network, a first external user of a plurality of external users;
(b) selecting, by the access management system based on an access rule associated with one or more parameters of the first external user, a first network address translation map from a plurality of different network address translation maps of the plurality of external users; and
(c) determining, by the access management system from the first network address translation map selected for the first external user, an internal internet protocol (IP) address of a resource to be accessed by the first external user.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method is described for providing policy-based Network Address Translation (NAT) configurations wherein each user/resource policy within a network protection device may use a different set of address translation mappings.
208 Citations
20 Claims
-
1. A method for applying an access rule to select a user based network address translation maps for accessing an internal network from an external network, the method comprising:
-
(a) authenticating, by an access management system executing on a device deployed between an external network and an in internal network, a first external user of a plurality of external users; (b) selecting, by the access management system based on an access rule associated with one or more parameters of the first external user, a first network address translation map from a plurality of different network address translation maps of the plurality of external users; and (c) determining, by the access management system from the first network address translation map selected for the first external user, an internal internet protocol (IP) address of a resource to be accessed by the first external user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for using policies to apply a user specific address bind for accessing an internal network from an external network, the method comprising:
-
(a) determining, by a processor deployed between an external network and an internal network, a flow identifier from a packet received by the processor from an external user; (b) determining, by the processor via the flow identifier, that the packet is part of a new flow of network traffic between the external user and a resource of the internal network; and (c) applying, by the processor one or more policies pertaining to the external user and the resource being accessed, to identify a user specific address bind to apply to the new flow of network traffic, the user specific address bind comprising a first mapping of a user internal internet protocol (IP) address to an external source IP address of the packet and a second mapping of an internal IP address of the resource to an external destination IP address of the packet. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification