One of the most utilized networks for interconnecting distributed computer systems is the Internet. The Internet allows user of computer systems to exchange data throughout the world. In addition, many private networks in the form of corporate or commercial networks are connected to the Internet. These private networks are typically referred to as an “intranet.” To facilitate data exchange, the intranet generally uses the same communications protocols as the Internet. These Internet protocols (IP) dictate how data is formatted and communicated. In addition, access to corporate networks or intranets can be controlled by virtual private network gateways or devices.
As the popularity of the Internet has grown, businesses have turned to the Internet as a means of extending their own networks. First came the intranet, which was an access-controlled site designed for use only by company employees. Now, many companies are creating their own VPN (virtual private network) comprised of a plurality of network nodes to accommodate the needs of remote employees and distant offices. The VPN is a generally a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as a leased line, a VPN uses “virtual” connections routed through the Internet from the company's private network to the remote site or employee.
In a typical configuration, a local network uses one of the designated “private” IP address subnets (such as 192.168.x.x, 20.x.x.x or 172.16.x.x-172.31.x.x), and a router on that network has a private address (such as 192.168.0.1) in that address space. The router is also connected to the Internet with a single “public” address or multiple “public” addresses assigned by an Internet Service Provider (ISP). As traffic passes from the local network to the Internet, the source address in each packet is translated on the fly from the private addresses to the public address(es). The router tracks basic data about each active connection (particularly the destination address and port). When a reply returns to the router, it uses the connection tracking data it stored during the outbound phase to determine where on the internal network to forward the reply.
Since, it is very common to have several clients, which will access a single server having a plurality of applications, it would be desirable to provide a method and system for dynamically provisioning resources hosted at one site (the server site) on another site (the client site) in a transparent manner without requiring either administrator knowing the topography of the other's network.