The desire and possibility to use wireless terminals for accessing the Internet is expected to grow rapidly during the coming years. Such access will be greatly improved by the third generation (3G) mobile networks which the mobile network operators have introduced, or are about to introduce, around the world. Also, existing mobile networks have recently been upgraded with additional functionality to facilitate such access, for example GSM (Global System for Mobile communications) networks upgraded with GPRS (General Packet Radio Service) functionality.
At the same time, the number of employees wishing to use their wireless terminals to access resources of their company when they are outside of the office are continuously growing, especially with the introduction of more and more powerful wireless devices that provide functionality which make them suitable as a remote working tool.
The desire for wireless access to corporate network resources, together with the increasing possibilities for wireless access to the Internet, will increase the companies deployment of Virtual Private Networks (VPN) designed to provide clients with wireless access to company resources.
In general, a Virtual Private Network (VPN) is a concept which builds a secure, private communication infrastructure on top of a public network. The logical concept VPN tunnel replaces a private line and the tunnel may interconnect two corporate network sites, a so-called site-to-site VPN, or interconnect a remote user with a corporate network, a so-called remote access VPN.
In a remote access VPN a VPN gateway server typically interconnects the corporate network with the Internet. Thus, a user may use a dial-up Internet connection, provided by an Internet Service Provider, in order to connect to a corporate network through the VPN gateway server. Since the user connects over a public network, certain security measures need to be taken, typically encryption of the connection and authentication of the user. After the VPN gateway server successfully has authenticated a user over the encrypted connection between the client and the corporate VPN gateway, the user is provided with access to the corporate network over a so called secure VPN tunnel. Using the tunnel, the user is able to access different resources in the company network. Similarly, if the users use wireless client terminals having Internet access via a wireless network, secure VPN tunnels may be established between the wireless clients and a VPN gateway through the wireless network and the Internet, thereby enabling wireless remote access to a corporate network resources.
As stated, access to a corporate network over a secure VPN tunnel connection implies encryption of the connection and authentication of the accessing user. However, once the secure tunnel connection is established there are no user specific accessing rules within the tunnel. Instead, the tunnel enables a wireless client to use all TCP ports that are constantly opened for any authenticated accessing user.
To have constantly opened TCP ports within a secure tunnel connection for all authenticated users is not in line with the fact that many employees using wireless client terminals only need access to certain applications within a corporate network. Moreover, some employees may not even be authorized to access certain corporate applications. Therefore, it is desirable to provide a design which in a simple way enables a company to control to what extent wireless clients are allowed to access a corporate network within a secure VPN tunnel.