Systems and methods for pinging a user's intranet IP address

US 8,451,806 B2
Filed: 08/21/2006
Issued: 05/28/2013
Est. Priority Date: 08/21/2006
Status: Active Grant

First Claim

Patent Images

1. A method for determining an intranet internet protocol address assigned to a user logged into a network via a secure socket layer virtual private network connection (SSL VPN), the method comprising the steps of:

(a) assigning, by an appliance providing access to a network, a unique intranet internet protocol address on the network to each SSL VPN session of each user of a plurality of users, the unique intranet internet protocol address from a plurality of internet protocol addresses designated to the respective user for accessing the network via the appliance, each user establishing a respective SSL VPN session via the appliance to the network, each unique intranet internet protocol address hosted by the appliance and different from an internet protocol address of a device operated by the respective user of the plurality of users, the appliance assigning the unique intranet internet protocol address to subsequent SSL VPN sessions of the respective user while the user roams from the device to another device of the respective user for connecting to the network;

(b) storing, by the appliance, in a domain name service an association of an intranet internet protocol address assigned to an SSL VPN session of a first user of the plurality of users with a user domain name unique to the SSL VPN session of the first user, the user domain name comprising a domain name suffix appended to an identifier of the first user;

(c) receiving, by the appliance, a request for the intranet internet protocol address of the user domain name;

(d) determining, by the appliance, from the domain name service the intranet internet protocol address associated with the user domain name; and

(e) providing, by the appliance, in response to the request, the intranet internet protocol address assigned to the SSL VPN session of the first user.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The intranet IP address management solution of the appliance and/or client described herein provides an environment for efficiently assigning, managing and querying virtual private network addresses, referred to as intranet IP (IIP) addresses of virtual private network users, such as a multitude of SSL VPN users on an enterprise network. The appliance provides techniques and policies for assigning previously assigned virtual private network addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. This technique is referred to IIP stickiness as the appliance attempts to provide the same IIP address to a roaming VPN user. The appliance also provides a configurable user domain naming policy so that one can ping or query the virtual private network address of a user by an easily referenceable host name identifying the user. The appliance and/or client agent also provide techniques to allow applications to seamlessly and transparently communicate on the virtual private network using the virtual private network address of the user or client on the private network.

40 Citations

View as Search Results

26 Claims

1. A method for determining an intranet internet protocol address assigned to a user logged into a network via a secure socket layer virtual private network connection (SSL VPN), the method comprising the steps of:
- (a) assigning, by an appliance providing access to a network, a unique intranet internet protocol address on the network to each SSL VPN session of each user of a plurality of users, the unique intranet internet protocol address from a plurality of internet protocol addresses designated to the respective user for accessing the network via the appliance, each user establishing a respective SSL VPN session via the appliance to the network, each unique intranet internet protocol address hosted by the appliance and different from an internet protocol address of a device operated by the respective user of the plurality of users, the appliance assigning the unique intranet internet protocol address to subsequent SSL VPN sessions of the respective user while the user roams from the device to another device of the respective user for connecting to the network;
  
  (b) storing, by the appliance, in a domain name service an association of an intranet internet protocol address assigned to an SSL VPN session of a first user of the plurality of users with a user domain name unique to the SSL VPN session of the first user, the user domain name comprising a domain name suffix appended to an identifier of the first user;
  
  (c) receiving, by the appliance, a request for the intranet internet protocol address of the user domain name;
  
  (d) determining, by the appliance, from the domain name service the intranet internet protocol address associated with the user domain name; and
  
  (e) providing, by the appliance, in response to the request, the intranet internet protocol address assigned to the SSL VPN session of the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 24, 25, 26)
- - 2. The method of claim 1, comprising identifying, by the appliance, a policy specifying the domain name suffix to append to an identifier of a user.
  - 3. The method of claim 1, comprising configuring, by a user via the appliance, the domain name suffix of the policy.
  - 4. The method of claim 1, wherein the domain name suffix comprises a domain name of the network.
  - 5. The method of claim 1, comprising pinging, by a second user, the intranet internet protocol address of the first user using the user domain name.
  - 6. The method of claim 5, wherein the second user is connected to the network via a SSL VPN connection.
  - 7. The method of claim 1, comprising querying, by an application the domain name service, the intranet internet protocol address of the first user using the user domain name.
  - 8. The method of claim 1, comprising assigning, by the appliance, to the first user a first intranet internet protocol address from a plurality of intranet internet protocol addresses associated with the first user.
  - 9. The method of claim 8, comprising assigning, by the appliance, a most recently used intranet internet protocol address of the first user as the first intranet internet protocol address.
  - 10. The method of claim 1, comprising storing, by the appliance, the user domain name associated with the intranet internet protocol address of the first user on a domain name service cache of the appliance.
  - 11. The method of claim 1, wherein the appliance includes the domain name service.
  - 24. The method of claim 1, comprising assigning, via application of a policy, the unique intranet internet protocol address from the plurality of internet protocol addresses, to the respective user'"'"'s SSL VPN session.
  - 25. The method of claim 1, further comprising determining, from the plurality of internet protocol addresses, a most frequently or most recently assigned internet protocol address, to assign to the respective user'"'"'s SSL VPN session.
  - 26. The method of claim 1, further comprising determining if the unique intranet internet protocol address from the plurality of internet protocol addresses may be assigned to the respective user'"'"'s SSL VPN session.

12. A system for determining an intranet internet protocol address assigned to a user logged into a network via a secure socket layer virtual private network connection (SSL VPN), the system comprising:
- means for assigning, by an appliance providing access to a network, a unique intranet internet protocol address on the network to each SSL VPN session of each user of a plurality of users, the unique intranet internet protocol address from a plurality of internet protocol addresses designated to the respective user for accessing the network via the appliance, each user establishing a respective SSL VPN session via the appliance to the network, each unique intranet internet protocol address is hosted by the appliance and different from an internet protocol address of a device operated by the respective user of the plurality of users, the appliance assigning the unique intranet internet protocol address to subsequent SSL VPN sessions of the respective user while the user roams from the device to another device of the respective user for connecting to the network;
  
  means for storing, by the appliance, in a domain name service an association of the intranet internet protocol address assigned to an SSL VPN session of a first user of the plurality of users with a user domain name unique to the SSL VPN session of the first user, the user domain name comprising a domain name suffix appended to an identifier of the first user;
  
  means for receiving, by the appliance, a request for the intranet internet protocol address of the user domain name;
  
  means for determining, by the appliance, from the domain name service the intranet internet protocol address associated with the user domain name; and
  
  means for providing, by the appliance, in response to the request, the intranet internet protocol address assigned to the SSL VPN session of the first user.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12, comprising means for identifying, by the appliance, a policy specifying the domain name suffix to append to an identifier of a user.
  - 14. The system of claim 12, comprising means for configuring, by a user via the appliance, the domain name suffix of the policy.
  - 15. The system of claim 12, wherein the domain name suffix comprises a domain name of the network.
  - 16. The system of claim 12, comprising means for pinging, by a second user, the intranet internet protocol address of the first user using the user domain name.
  - 17. The system of claim 16, wherein the second user is connected to the network via a SSL VPN connection.
  - 18. The system of claim 12, comprising means for querying, by an application. the domain name service, the intranet internet protocol address of the first user using the user domain name.
  - 19. The system of claim 12, comprising means for assigning, by the appliance, to the first user a first intranet internet protocol address from a plurality of intranet internet protocol addresses associated with the first user.
  - 20. The system of claim 19, comprising means for assigning, by the appliance, a most recently used intranet internet protocol address of the first user as the first intranet internet protocol address.
  - 21. The system of claim 12, comprising means for storing, by the appliance, the user domain name associated with the intranet internet protocol address of the first user on a domain name service cache of the appliance.
  - 22. The system of claim 12, wherein the appliance includes the domain name service.

23. A method for determining an intranet internet protocol address assigned to a user logged into a network via a secure socket layer virtual private network connection (SSL VPN), the method comprising the steps of:
- (a) assigning, by an appliance providing access to a network, a unique intranet internet protocol address on the network to each user of a plurality of users, the unique intranet internet protocol address from a plurality of internet protocol addresses designated to the respective user for accessing the network via the appliance, each user establishing a respective SSL VPN session via the appliance to the network, each unique intranet internet protocol address is hosted by the appliance and different from an internet protocol address of a device operated by the respective user of the plurality of users, the appliance assigning the unique intranet internet protocol address to subsequent SSL VPN sessions of the respective user while the user roams from the device to another device of the respective user for connecting to the network;
  
  (b) storing, by the appliance, in a domain name service an association of the intranet internet protocol address assigned to an SSL VPN session of a first user of the plurality of user with a user domain name unique to the SSL VPN session of the first user, the user domain name comprising a domain name suffix appended to an identifier of the first user;
  
  (c) maintaining, by the appliance, the same intranet internet protocol address for the first user while the first user roams between devices or access points for connecting to the network;
  
  (d) receiving, by the appliance, a request for the intranet internet protocol address of the user domain name;
  
  (e) determining, by the appliance, from the domain name service the intranet internet protocol address associated with the user domain name; and
  
  (f) providing, by the appliance, in response to the request, the intranet internet protocol address assigned to the SSL VPN session of the first user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Kumar, Arkesh, Harris, James
Primary Examiner(s)
Harper, Kevin C
Assistant Examiner(s)
CHOUDHRY, SAMINA F

Application Number

US11/465,963
Publication Number

US 20080043761A1
Time in Patent Office

2,472 Days
Field of Search

370/351, 370/389, 370/392, 370/393, 370/395.1, 370396-399, 3703952-39532, 370/395.5, 370/395.6, 370/401, 709223-225, 709/217, 709/218, 709238-242, 709/249
US Class Current

370/338
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 61/4511   using domain name system [DNS]

H04L 61/5061   Pools of addresses

H04L 61/5084   Providing for device mobili...

Systems and methods for pinging a user's intranet IP address

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for pinging a user's intranet IP address

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links