This invention relates particularly to bulk configuring a virtual private network.
LANs (Local Area Networks), Intranets, and other private networks interconnect user computers, file servers, e-mail servers, databases, and other resources. Typically, organizations want to offer remote access to private network resources to traveling employees, employees working at home, and branch offices without compromising the security of the private network.
Virtual private networks (a.k.a. Extranets) securely stitch together remote private networks and remote computers using a public network such as the Internet as a communication medium. Each private network can connect to the public network via an extranet switch such as the Contivity(trademark) Extranet switch offered by Nortel(trademark) Networks. Extranet switches provide a variety of virtual private network functions such as network packet tunneling and authentication.
For configuring the functions provided by the switch, Contivity(trademark) switches offer a web-server and web-pages programmed to configure the different virtual private network functions in response to administrator interaction with the web-pages. By using a browser to navigate to each virtual private network switch, one after another, the administrator can configure the tunneling, authentication, packet filtering, and other functions provided by the switch. Management functions provided by the Contivity(trademark) switches are described in greater detail in the New Oaks(trademark) Communications Extranet Access Switch Administrator""s Guide.
In general, in one aspect, the invention features a method of managing a virtual private network that includes transmitting configuration information for at least one virtual private network function to multiple computers providing the at least one virtual private network function.
Embodiments may include one or more of the following. The method may include receiving user input describing virtual private network function configuration and transmitting configuration information based on the received user input. The user input may be received via a preprogrammed series of dialogs.
The virtual private network functions can include authentication (e.g., RADIUS and/or LDAP), tunneling (e.g., PPTP, IPSec, L2F, and L2TP), and virtual private network security (e.g., SNMP traps). The computers providing the virtual private network function(s) may be extranet switches. The transmitted configuration information may be a script. The method may also include processing the transmitted configuration information to provide a virtual private network function corresponding to the transmitted configuration information.
In general, in another aspect, the invention features a method of configuring a virtual private network includes receiving a selection of extranet switches from a list, receiving user input describing extranet switch tunneling characteristics via a preprogrammed series of dialogs, and transmitting a script corresponding to the received user input to the selected extranet switches.
In general, in another aspect, the invention features a computer program product, disposed on a computer readable medium, for configuring a virtual private network. The computer program including instructions for causing a processor to receive user input describing at least one virtual private network function configuration, and transmit configuration information based on the user input for at least one virtual private network function to multiple computers providing the virtual private network function.
Advantages can include one or more of the following. Bulk configuration enables an administrator to configure a large number of extranet switches by specifying a single common configuration. Bulk configuration reduces the amount of time needed to configure the switches and can reduce the errors that might occur through repeated individual configuration.
Other advantages of the invention will become apparent in view of the following description, including the figures, and the claims.