公开(公告)号：US20180191669A1

公开(公告)日：2018-07-05

申请号：US15398601

申请日：2017-01-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Robert Edgar Barton ,  Patrick Grossetete ,  Laurent Aubert ,  Frederic Detienne ,  Graham Bartlett ,  Amjad Inamdar

IPC: H04L29/12 ,  H04L12/751

CPC classification number: H04L45/02 ,  H04L61/251 ,  H04L61/6068

Abstract: A method is described and in one embodiment includes identifying at an initiator element a list of Internet protocol (“IP”) prefixes corresponding to routes designated as interesting routes, wherein the IP prefixes are included in a Routing Information Base (“RIB”) of the initiator; monitoring the RIB for a change in the list of IP prefixes; and, responsive to detection of a change in the list of IP prefixes, injecting at least a portion of the changed list of IP prefixes into a payload of an IKEv2 NOTIFY message and sending the IKEv2 NOTIFY message to a responder element peered with the initiator element, wherein the responder element updates an RIB of the responder element using the IP prefixes included in the received IKEv2 NOTIFY message.

公开(公告)号：US09674285B2

公开(公告)日：2017-06-06

申请号：US14505161

申请日：2014-10-02

Applicant: Cisco Technology, Inc.

Inventor： Frederic Detienne ,  Mark Comeadow ,  Padmakumar Av ,  Thamilarasu Kandasamy

IPC: H04L29/08 ,  H04L29/14 ,  H04L29/06

CPC classification number: H04L67/142 ,  H04L63/0272 ,  H04L69/40

Abstract: In an embodiment, a method comprises using a first hub device: establishing one or more secure connections with one or more spoke devices logically arranged as spokes with respect to a data processing system; generating and sending via a high-speed link a hub probe to a second hub device; in response to determining that the second hub device is nonresponsive, transmitting, to the one or more spoke devices a first communication indicating that the second hub device is nonresponsive; using a spoke device, receiving the first communication indicating that the second hub device is nonresponsive; determining whether the spoke device has established a secure connection with the second hub device; in response to determining that the spoke device has established the secure connection with the second hub device, selecting a third hub device, establishing a secure connection with the third hub device, and communicating with the third hub device.

公开(公告)号：US11258694B2

公开(公告)日：2022-02-22

申请号：US15398601

申请日：2017-01-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Robert Edgar Barton ,  Patrick Grossetete ,  Laurent Aubert ,  Frederic Detienne ,  Graham Bartlett ,  Amjad Inamdar

IPC: H04L12/751 ,  H04L29/12 ,  H04L45/02 ,  H04L61/251 ,  H04L101/668

Abstract: A method is described and in one embodiment includes identifying at an initiator element a list of Internet protocol (“IP”) prefixes corresponding to routes designated as interesting routes, wherein the IP prefixes are included in a Routing Information Base (“RIB”) of the initiator; monitoring the RIB for a change in the list of IP prefixes; and, responsive to detection of a change in the list of IP prefixes, injecting at least a portion of the changed list of IP prefixes into a payload of an IKEv2 NOTIFY message and sending the IKEv2 NOTIFY message to a responder element peered with the initiator element, wherein the responder element updates an RIB of the responder element using the IP prefixes included in the received IKEv2 NOTIFY message.

公开(公告)号：US10972434B2

公开(公告)日：2021-04-06

申请号：US16124233

申请日：2018-09-07

Applicant: Cisco Technology, Inc.

Inventor： Piotr Jerzy Kupisiewicz ,  Frederic Detienne

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  H04L12/46

Abstract: A security gateway security gateway provisions a web browser hosted on a user device with a proxy auto-configuration file configured to automatically redirect the web browser to the security gateway as a proxy server for clientless virtual private network (VPN) operation when the web browser browses any uniform resource locator including a particular domain name that encompasses a private network. Upon receiving from the web browser over a public network a request to access a private resource on the private network, the security gateway establishes a secure public connection to the web browser, establishes a private connection to the private resource, and associate the private connection with the secure public connection to form a clientless VPN connection between the web browser and the private resource. The security gateway forwards content between the private resource and the web browser over the clientless VPN connection without performing any content rewrite operations.

公开(公告)号：US20190386961A1

公开(公告)日：2019-12-19

申请号：US16124233

申请日：2018-09-07

Applicant: Cisco Technology, Inc.

Inventor： Piotr Jerzy Kupisiewicz ,  Frederic Detienne

IPC: H04L29/06 ,  H04L12/46 ,  H04L29/08 ,  H04L29/12

Abstract: A security gateway security gateway provisions a web browser hosted on a user device with a proxy auto-configuration file configured to automatically redirect the web browser to the security gateway as a proxy server for clientless virtual private network (VPN) operation when the web browser browses any uniform resource locator including a particular domain name that encompasses a private network. Upon receiving from the web browser over a public network a request to access a private resource on the private network, the security gateway establishes a secure public connection to the web browser, establishes a private connection to the private resource, and associate the private connection with the secure public connection to form a clientless VPN connection between the web browser and the private resource. The security gateway forwards content between the private resource and the web browser over the clientless VPN connection without performing any content rewrite operations.