Systems and methods of providing server initiated connections on a virtual private network
First Claim
1. A method comprising:
- (a) receiving, by a device intermediary to a server operating on a first network and a plurality of clients, a transport layer connection request from the server to connect to a client, the client operating on a second network, the transport layer connection request identifying a destination internet protocol address and a destination port of the client on the first network;
(b) establishing, by the device, a first transport layer connection to the server on the first network;
(c) determining, by the device, an internet protocol address of the client on the second network corresponding to the destination internet protocol address of the client on the first network;
(d) establishing, by the device, a second transport layer connection with an agent on the client at the internet protocol address on the second network, the agent establishing a third transport layer connection to the identified destination port; and
(e) associating, by the device, a first connection record for the first transport layer connection with a second connection record for the second transport layer connection linked to the first transport layer connection.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention is related to a method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection. The method includes the step of receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network. The transport layer connection request identifies a client destination internet protocol address and a client destination port on the first network. The method includes establishing, by the appliance, a first transport layer connection to the server on the first network, determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network, and transmitting, by the appliance, connection information identifying the client destination port to an agent on the client. The agent establishes a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network and establishes a third transport layer connection to the appliance, which it associates with the second transport layer connection.
66 Citations
20 Claims
-
1. A method comprising:
-
(a) receiving, by a device intermediary to a server operating on a first network and a plurality of clients, a transport layer connection request from the server to connect to a client, the client operating on a second network, the transport layer connection request identifying a destination internet protocol address and a destination port of the client on the first network; (b) establishing, by the device, a first transport layer connection to the server on the first network; (c) determining, by the device, an internet protocol address of the client on the second network corresponding to the destination internet protocol address of the client on the first network; (d) establishing, by the device, a second transport layer connection with an agent on the client at the internet protocol address on the second network, the agent establishing a third transport layer connection to the identified destination port; and (e) associating, by the device, a first connection record for the first transport layer connection with a second connection record for the second transport layer connection linked to the first transport layer connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a device, intermediary to a server operating on a first network and a plurality of clients, receiving a transport layer connection request from the server to connect to a client, the client operating on a second network, the transport layer connection request identifying a destination internet protocol address and a destination port of the client on the first network; and a virtual server of the device establishing a first transport layer connection to the server on the first network, determining an internet protocol address of the client on the second network corresponding to the destination internet protocol address of the client on the first network, and establishing a second transport layer connection with an agent on the client at the internet protocol address on the second network, the agent establishing a third transport layer connection to the identified destination port, wherein the device associates a first connection record for the first transport layer connection with a second connection record for the second transport layer connection linked to the first transport layer connection. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification
-
- Resources
-
Current AssigneeCitrix Systems, Inc. (Cloud Software Group)
-
Original AssigneeCitrix Systems, Inc. (Cloud Software Group)
-
InventorsHarris, James, Kumar, Arkesh, Venkatraman, Charu, Soni, Ajay, He, Junxiao
-
Primary Examiner(s)WON, MICHAEL YOUNG
-
Application NumberUS12/823,643Publication NumberTime in Patent Office816 DaysField of Search709/203, 709/227, 709/230, 709/238, 709/218, 709/228, 709/244, 709/249, 709/202US Class Current709/227CPC Class CodesH04L 12/4641 Virtual LANs, VLANs, e.g. v...H04L 63/0272 Virtual private networksH04L 63/166 at the transport layerH04L 69/16 Implementation or adaptatio...H04L 69/161 Implementation details of T...H04L 69/163 In-band adaptation of TCP d...H04L 69/164 Adaptation or special uses ...
