Methods and systems for routing packets in a VPN-client-to-VPN-client connection via an SSL/VPN network appliance
First Claim
1. A method for routing packets between clients on a virtual private network, the method comprising:
- (a) identifying, by a device, from a packet of a first application of a first client of a plurality of clients received via a first virtual private network connection between the first client and the device, a second client corresponding to a destination of the packet and a type of transport layer connection to communicate with the second client,(b) establishing, by the device, via a second virtual private network connection determined by the device to be already established between the device and the second client corresponding to the destination, a transport layer connection with an agent on the second client that corresponds to the type of transport layer connection, to provide a peer-to-peer channel between the first client and the second client using the established transport layer connection; and
(c) transmitting, by the device, the packet via the transport layer connection within the second virtual private network connection to the agent on the second client for communicating the packet to a second application on the second client.
7 Assignments
0 Petitions
Accused Products
Abstract
In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type.
65 Citations
20 Claims
-
1. A method for routing packets between clients on a virtual private network, the method comprising:
-
(a) identifying, by a device, from a packet of a first application of a first client of a plurality of clients received via a first virtual private network connection between the first client and the device, a second client corresponding to a destination of the packet and a type of transport layer connection to communicate with the second client, (b) establishing, by the device, via a second virtual private network connection determined by the device to be already established between the device and the second client corresponding to the destination, a transport layer connection with an agent on the second client that corresponds to the type of transport layer connection, to provide a peer-to-peer channel between the first client and the second client using the established transport layer connection; and (c) transmitting, by the device, the packet via the transport layer connection within the second virtual private network connection to the agent on the second client for communicating the packet to a second application on the second client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for routing packets between clients on a virtual private network, the system comprising:
-
a circuitry configured to identify from a packet of a first application of a first client of a plurality of clients received via a first virtual private network connection between the first client and the circuitry, a second client corresponding to a destination of the packet and a type of transport layer connection to communicate with the second client, wherein the circuitry is configured to establish via a second virtual private network connection determined by the circuitry to be already established between the circuitry and the second client corresponding to the destination, a transport layer connection with an agent on the second client that corresponds to the type of transport layer connection, to provide a peer-to-peer channel between the first client and the second client using the established transport layer connection; and wherein the circuitry is configured to transmit the packet via the transport layer connection within the second virtual private network connection to the agent on the second client for communicating the packet to a second application on the second client. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification