公开(公告)号：US6079020A

公开(公告)日：2000-06-20

申请号：US013743

申请日：1998-01-27

申请人： Quentin C. Liu

发明人： Quentin C. Liu

IPC分类号： H04L12/24 ,  H04Q3/00 ,  G06F11/30

CPC分类号： H04L41/22 ,  H04Q3/0029

摘要： The present invention provides a method and an apparatus for managing a virtual private network operating over a public data network. This public data network has been augmented to include a plurality of virtual private network gateways so that communications across the virtual private network are channeled through the virtual private network gateways. One embodiment of the present invention includes a system that operates by receiving a command specifying an operation on the virtual private network. The system determines which virtual private network gateways are affected by the command. The system then automatically translates the command into configuration parameters for virtual private network gateways affected by the command. These configuration parameters specifying how the virtual private network gateways handle communications between specific groups of addresses on the public data network. The system then transmits the configuration parameters to the virtual private network gateways affected by the command, so that the virtual private network gateways are configured to implement the command.

摘要翻译： 本发明提供一种用于管理在公共数据网络上运行的虚拟专用网络的方法和装置。 该公共数据网络已被扩充以包括多个虚拟专用网络网关，使得跨虚拟专用网络的通信通过虚拟专用网络网关被引导。 本发明的一个实施例包括通过接收指定虚拟专用网络上的操作的命令来操作的系统。 系统确定哪个虚拟专用网络网关受命令影响。 然后系统自动将命令转换为受该命令影响的虚拟专用网关的配置参数。 这些配置参数指定虚拟专用网关如何处理公共数据网络上的特定地址组之间的通信。 然后系统将配置参数发送到受该命令影响的虚拟专用网络网关，从而配置虚拟专用网关实现该命令。

公开(公告)号：US06226751B1

公开(公告)日：2001-05-01

申请号：US09062507

申请日：1998-04-17

申请人： Leslie J. Arrow ,  Henk J. Bots ,  Mark R. Hoke ,  William E. Hunt ,  Russell C. Jones ,  Quentin C. Liu

发明人： Leslie J. Arrow ,  Henk J. Bots ,  Mark R. Hoke ,  William E. Hunt ,  Russell C. Jones ,  Quentin C. Liu

IPC分类号： G06F1516

CPC分类号： H04L63/0272 ,  H04L12/4641 ,  H04L29/12367 ,  H04L29/12481 ,  H04L61/2514 ,  H04L61/2557

摘要： The present invention provides a method and an apparatus for establishing a virtual private network that operates over a public data network. One embodiment of the present invention includes a system that selects a plurality of entities coupled to the public data network to include in the virtual private network. The system next assembles a plurality of identifiers for the plurality of entities. These identifiers are used to identify communications between the plurality of entities, so that these communications can be transferred securely over the public data network. A variation on this embodiment includes defining encryption, authentication and compression parameters for the virtual private network. In another variation, selecting the plurality of entities includes, assembling entities coupled to the public data network into groups, and selecting groups of entities to include in the virtual private network. Another variation includes defining access control rules specifying types of communications that are allowed to pass through virtual private network units. These virtual private network units are typically used to couple local area networks to the public network so that secure communications on the public network pass through the virtual private network units. Yet another variation on this embodiment includes defining address translation rules for virtual private network units coupled to the public data network. These address translation rules are used to translate local network addresses to public network addresses.

摘要翻译： 本发明提供一种用于建立在公共数据网络上操作的虚拟专用网络的方法和装置。 本发明的一个实施例包括选择耦合到公共数据网络以包括在虚拟专用网络中的多个实体的系统。 系统接下来汇集多个实体的多个标识符。 这些标识符用于识别多个实体之间的通信，使得可以通过公共数据网络安全地传送这些通信。 该实施例的变型包括定义用于虚拟专用网络的加密，认证和压缩参数。 在另一个实施例中，选择多个实体包括：将耦合到公共数据网络的实体组合成组，以及选择要包括在虚拟专用网络中的实体组。 另一变型包括定义指定允许通过虚拟专用网单元的通信类型的访问控制规则。 这些虚拟专用网络单元通常用于将局域网耦合到公共网络，使得公共网络上的安全通信通过虚拟专用网络单元。 该实施例的另一变型包括为耦合到公共数据网络的虚拟专用网单元定义地址转换规则。 这些地址转换规则用于将本地网络地址转换为公网地址。