Methods and systems for routing packets in a VPN-client-to-VPN-client connection via an SSL/VPN network appliance

US 9,246,878 B2
Filed: 10/04/2013
Issued: 01/26/2016
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for routing packets between clients on a virtual private network, the method comprising:

(a) identifying, by a device, from a packet of a first application of a first client of a plurality of clients received via a first virtual private network connection between the first client and the device, a second client corresponding to a destination of the packet and a type of transport layer connection to communicate with the second client,(b) establishing, by the device, via a second virtual private network connection determined by the device to be already established between the device and the second client corresponding to the destination, a transport layer connection with an agent on the second client that corresponds to the type of transport layer connection, to provide a peer-to-peer channel between the first client and the second client using the established transport layer connection; and

(c) transmitting, by the device, the packet via the transport layer connection within the second virtual private network connection to the agent on the second client for communicating the packet to a second application on the second client.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type.

65 Citations

View as Search Results

20 Claims

1. A method for routing packets between clients on a virtual private network, the method comprising:
- (a) identifying, by a device, from a packet of a first application of a first client of a plurality of clients received via a first virtual private network connection between the first client and the device, a second client corresponding to a destination of the packet and a type of transport layer connection to communicate with the second client,(b) establishing, by the device, via a second virtual private network connection determined by the device to be already established between the device and the second client corresponding to the destination, a transport layer connection with an agent on the second client that corresponds to the type of transport layer connection, to provide a peer-to-peer channel between the first client and the second client using the established transport layer connection; and
  
  (c) transmitting, by the device, the packet via the transport layer connection within the second virtual private network connection to the agent on the second client for communicating the packet to a second application on the second client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising communicating, by the agent, the packet to the second application via a second transport layer connection established between the agent and the second application.
  - 3. The method of claim 1, wherein step (a) further comprises inspecting, by the device, the packet to determine the type of connection and the destination.
  - 4. The method of claim 1, wherein step (a) further comprises determining, by the device, that the second client corresponding to the destination has the second virtual private network connection with the device.
  - 5. The method of claim 1, wherein step (a) further comprises receiving, by the device, the packet from a second agent of the first client, the second agent intercepting the packet transmitted by the first application to the second application.
  - 6. The method of claim 1, wherein the first virtual private network connection and the second virtual private network connection comprises a secure socket layer.
  - 7. The method of claim 1, wherein the type of transport layer connection comprises a transport control protocol (TCP).
  - 8. The method of claim 1, wherein the type of transport layer connection comprises a user datagram protocol (UDP).
  - 9. The method of claim 1, wherein step (b) further comprises communicating, by the device, via the second virtual private network connection, a request to the agent to establish the transport layer connection of the type of transport layer connection with the device.
  - 10. The method of claim 1, further comprising the first application of the first client and the second application of the second client communicating over the secure virtual private network connection and the second virtual private network connection using the transport layer connection of the identified type.

11. A system for routing packets between clients on a virtual private network, the system comprising:
- a circuitry configured to identify from a packet of a first application of a first client of a plurality of clients received via a first virtual private network connection between the first client and the circuitry, a second client corresponding to a destination of the packet and a type of transport layer connection to communicate with the second client,wherein the circuitry is configured to establish via a second virtual private network connection determined by the circuitry to be already established between the circuitry and the second client corresponding to the destination, a transport layer connection with an agent on the second client that corresponds to the type of transport layer connection, to provide a peer-to-peer channel between the first client and the second client using the established transport layer connection; and
  
  wherein the circuitry is configured to transmit the packet via the transport layer connection within the second virtual private network connection to the agent on the second client for communicating the packet to a second application on the second client.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the agent is further configured to communicate the packet to the second application via a second transport layer connection established between the agent and the second application.
  - 13. The system of claim 11, wherein the circuitry is further configured to inspect the packet to determine the type of connection and the destination.
  - 14. The system of claim 11, wherein the agent is further configured to determine that the second client corresponding to the destination has the second virtual private network connection with the circuitry.
  - 15. The system of claim 11, wherein the agent is further configured to receive the packet from a second agent of the first client, the second agent intercepting the packet transmitted by the first application to the second application.
  - 16. The system of claim 11, wherein the first virtual private network connection and the second virtual private network connection comprises a secure socket layer.
  - 17. The system of claim 11, wherein the type of transport layer connection comprises a transport control protocol (TCP).
  - 18. The system of claim 11, wherein the type of transport layer connection comprises a user datagram protocol (UDP).
  - 19. The system of claim 11, wherein the agent is further configured to communicate via the second virtual privation network connection, a request to the agent to establish the transport layer connection of the type of transport layer connection with the circuitry.
  - 20. The system of claim 11, wherein the circuitry is configured to have the first application of the first client and the second application of the second client communicate over the secure virtual private network connection and the second virtual private network connection using the transport layer connection of the identified type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Kumar, Arkesh, Harris, James, Soni, Ajay
Primary Examiner(s)
Abyaneh, Ali
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US14/045,922
Publication Number

US 20140041014A1
Time in Patent Office

844 Days
Field of Search

726/15
US Class Current

1/1
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/166   at the transport layer

Methods and systems for routing packets in a VPN-client-to-VPN-client connection via an SSL/VPN network appliance

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for routing packets in a VPN-client-to-VPN-client connection via an SSL/VPN network appliance

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links