Systems and methods for providing IIP address stickiness in an SSL VPN session failover environment
First Claim
1. A method of maintaining a user'"'"'s intranet internet protocol address upon failover of a client'"'"'s secure socket layer virtual private network (SSL VPN) session from a first appliance to a second appliance, the method comprising the steps of:
- (a) receiving, by a second appliance, information from a first appliance, the information identifying one or more intranet internet protocol addresses assigned to a first user for accessing a network via a first secure socket layer virtual private network (SSL VPN) session provided by the first appliance, each of the one or more intranet internet protocol addresses of the first user is independent from an internet protocol address assigned to a device operated by the first user;
(b) detecting, by the second appliance, that the first appliance is unavailable to provide the first SSL VPN session to the network, and providing, by the second appliance, SSL VPN connectivity to the network in response to the detection;
(c) receiving, by the second appliance, a request from the client operated by the first user to establish a second SSL VPN session with the network; and
(d) assigning, by the second appliance, to the first user a first intranet internet protocol address previously assigned to the first user from the one or more intranet internet protocol addresses as an internet protocol address on the network.
8 Assignments
0 Petitions
Accused Products
Abstract
The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session.
-
Citations
22 Claims
-
1. A method of maintaining a user'"'"'s intranet internet protocol address upon failover of a client'"'"'s secure socket layer virtual private network (SSL VPN) session from a first appliance to a second appliance, the method comprising the steps of:
-
(a) receiving, by a second appliance, information from a first appliance, the information identifying one or more intranet internet protocol addresses assigned to a first user for accessing a network via a first secure socket layer virtual private network (SSL VPN) session provided by the first appliance, each of the one or more intranet internet protocol addresses of the first user is independent from an internet protocol address assigned to a device operated by the first user; (b) detecting, by the second appliance, that the first appliance is unavailable to provide the first SSL VPN session to the network, and providing, by the second appliance, SSL VPN connectivity to the network in response to the detection; (c) receiving, by the second appliance, a request from the client operated by the first user to establish a second SSL VPN session with the network; and (d) assigning, by the second appliance, to the first user a first intranet internet protocol address previously assigned to the first user from the one or more intranet internet protocol addresses as an internet protocol address on the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for maintaining a user'"'"'s intranet internet protocol address upon failover of a client'"'"'s secure socket layer virtual private network (SSL VPN) session from a first appliance to a second appliance, the system comprising the steps of:
-
means for receiving by a second appliance information from a first appliance, the information identifying one or more intranet internet protocol addresses assigned to a first user for accessing a network via a first secure socket layer virtual private network (SSL VPN) session provided by the first appliance, each of the one or more intranet internet protocol addresses of the first user is independent from an internet protocol address assigned to a device operated by the first user; means for detecting by the second appliance that the first appliance is unavailable to provide the first SSL VPN session to the network, wherein the second appliance provides SSL VPN connectivity to the network in response to the detection; means for receiving by the second appliance a request from the client operated by the first user to establish a second SSL VPN session with the network; and means for assigning by the second appliance to the first user a first intranet internet protocol address previously assigned to the first user from the one or more intranet internet protocol addresses as an internet protocol address on the network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification