Determining security of local area network
US-2024372862-A1 · Nov 7, 2024 · US
Methods for associating an IP address to a user via an appliance
US9154328B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9154328-B2 |
| Application number | US-201213486850-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 1, 2012 |
| Priority date | Aug 21, 2006 |
| Publication date | Oct 6, 2015 |
| Grant date | Oct 6, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure describes methods and systems for efficiently assigning, managing and querying virtual private network (VPN) addresses intranet IP (IIP) addresses of users, such as SSL VPN users on an enterprise network. The disclosure describes techniques and policies for assigning previously-assigned VPN addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. The disclosure also describes a configurable user domain naming policy so that one can query the VPN address of a user by an easily referable host name identifying the user. The appliance and/or client agent provides techniques for applications to seamlessly and transparently communicate on the VPN using the VPN address of the user or client on the private network.
First claim
Opening claim text (preview).
What is claimed: 1. A method for assigning an intranet address to a user by an intermediary device, the method comprising: (a) receiving, by a device intermediary to at least one client and at least one server, a request to establish a session of a first user with a first network; (b) determining, by the device responsive to a policy, one or more intranet addresses to assign to the first user, the one or more intranet addresses for assigning to one or more sessions of the first user and different from addresses of processors supporting a session of the first user; and (c) assigning, by the device, to the established session of the first user as an internet protocol address on the first network, a first intranet address from the one or more intranet addresses, the first intranet address previously assigned to another session of the first user, each of the one or more intranet addresses different from a second intranet address assigned by the device to a second user. 2. The method of claim 1 , comprising applying the policy to the request, the policy assigning a most recently used intranet address of the first user to the established session of the first user. 3. The method of claim 1 , comprising determining a most recently used intranet address of the first user for the first intranet address. 4. The method of claim 1 , comprising determining an inactive intranet address from the one or more intranet address as the first intranet address. 5. The method of claim 1 , comprising determining that the one or more intranet address of the first user are active, and in response to the determination, requesting the first user to transfer to a session of the first user assigned an active intranet address. 6. The method of claim 1 , comprising determining that the one or more intranet address of the first user are active, and in response to the determination, providing a mapped internet protocol address to the first user. 7. The method of claim 1 , comprising hosting, by the device, the one or more intranet addresses. 8. The method of claim 1 , comprising determining the one or more intranet addresses as a range of internet protocol addresses identified via a subnet mask. 9. The method of claim 1 , comprising allocating a pool of intranet addresses to assign to a plurality of users accessing the first network via one or more sessions. 10. The method of claim 1 , comprising obtaining the one or more intranet addresses from a Domain Name Server of the first network. 11. A system for assigning one of a plurality of intranet addresses to a user by an intermediary device, comprising: a receiver of a device intermediary to at least one client and at least one server, receiving a request to establish a session of a first user with a first network; and a policy engine executing on the device, determining based on a policy one or more intranet addresses to assign to the first user, the one or more intranet addresses for assigning to one or more sessions of the first user and different from addresses of processors supporting a session of the first user, and assigning to the established session of the first user as an internet protocol address on the first network, a first intranet address from the one or more intranet addresses, the first intranet address previously assigned to another session of the first user, each of the one or more intranet addresses different from a second intranet address assigned by the device to a second user. 12. The system of claim 11 , wherein the policy engine applies the policy to the request, the policy assigning a most recently used intranet address of the first user to the established session of the first user. 13. The system of claim 11 , wherein the policy engine determines a most recently used intranet address of the first user for the first intranet address. 14. The system of claim 11 , wherein the policy engine determines an inactive intranet address from the one or more intranet address as the first intranet address. 15. The system of claim 11 , wherein the policy engine determines that the one or more intranet address of the first user are active, and in response to the determination, requesting the first user to transfer to a session of the first user assigned an active intranet address. 16. The system of claim 11 , wherein the policy engine determines that the one or more intranet address of the first user are active, and in response to the determination, providing a mapped internet protocol address to the first user. 17. The system of claim 11 , wherein the device hosts the one or more intranet addresses. 18. The system of claim 11 , wherein the policy engine determines the one or more intranet addresses as a range of internet protocol addresses identified via a subnet mask. 19. The system of claim 11 , wherein the device allocates a pool of intranet addresses to assign to a plurality of users accessing the first network via one or more sessions. 20. The system of claim 11 , wherein the device obtains the one or more intranet addresses from a Domain Name Server of the first network.
Assignees
Inventors
Classifications
- H04L12/4641Primary
Virtual LANs, VLANs, e.g. virtual private networks [VPN] (LAN interconnection over a bridge based backbone H04L12/462; encapsulation techniques H04L12/4633; routing of packets H04L45/00; packet switches H04L49/00; virtual private networks for security H04L63/0272) · CPC title
Electricity · mapped topic
Electricity · mapped topic
Address allocation · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9154328B2 cover?
- The present disclosure describes methods and systems for efficiently assigning, managing and querying virtual private network (VPN) addresses intranet IP (IIP) addresses of users, such as SSL VPN users on an enterprise network. The disclosure describes techniques and policies for assigning previously-assigned VPN addresses of a user to subsequent sessions of the user as the user logs in multipl…
- Who is the assignee on this patent?
- Suganthi Josephine, Nanjundaswamy Shashi, Rajashekhar Manjunath, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification H04L12/4641. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 06 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).