While desktop computers generally remain a part of the same network for a substantial period of time, laptops or other portable computers are specifically designed to be transportable. As such, portable computers are connected to different networks at different times depending upon the location of the computer. In a common example in which the portable computer serves as an employee's desktop computer, the portable computer is configured to communicate with their employer's network, i.e., the enterprise network. When the employee travels, however, the portable computer may be connected to different networks that communicate in different manners. In this regard, the employee may connect the portable computer to the network maintained by an airport or by a hotel in order to access the enterprise network, the internet or some other on-line service. Since these other networks are configured somewhat differently, however, the portable computer must also be reconfigured in order to properly communicate with these other networks. Typically, this configuration is performed by the user/subscriber each time that the portable computer is connected to a different network. As will be apparent, this repeated reconfiguration of the portable computer is not only quite time consuming, but is also prone to errors. Further, the user/subscriber is often required to have specific software running on the portable computer in order to communicate with the enterprise network, though such communications may be in conflict with the network over which the portable computer must transfer data to reach the enterprise network.
A subscriber gateway device has been developed by Nomadix, Incorporated of Santa Monica, Calif. This universal subscriber gateway is described by U.S. patent application Ser. No. 08/816,174, entitled “Nomadic Router”, filed in the name of inventor Short et. al., on Mar. 12, 1997 and Ser. No. 09/458,602, entitled “Systems and Methods for Authorizing, Authenticating and Accounting Users Having Transparent Computer Access to a Network Using a Gateway Device”, filed in the name of inventor Short et. al., on Dec. 8, 1999. These applications have been assigned to Nomadix Incorporated, the same assignee of the present invention. The contents of both of these applications are herein incorporated by reference as if fully setforth here within. The gateway device serves as an interface connecting the user/subscriber to a number of networks or other online services. For example, the gateway device can serve as a gateway to the Internet, the enterprise network, or other networks and/or on-line services. In addition to serving as a gateway, the gateway device automatically adapts to the protocols and other parameters of the host, in order that it may communicate with the new network in a manner that is transparent both to the user/subscriber and the new network. Once the gateway device has appropriately adapted to the user's host, the host can appropriately communicate via the new network, such as the network at a hotel, at home, at an airport, or any other location, in order to access other networks, such as the enterprise network, or other online services, such as the internet.
The user/subscriber, and more specifically the remote or laptop user, benefits from being able to access a myriad of networks without having to undergo the time-consuming and all-too-often daunting task of reconfiguring their host in accordance with network specific configurations. In this fashion, the gateway device is capable of providing more efficient network access to the user/subscriber. A gateway device is also instrumental in providing the user/subscriber broadband network access that can be tailored to the user/subscriber's needs. In many instances the remote user/subscriber is concerned with being able to acquire network access to their home or enterprise network, which are most typically protected by a firewall. The firewall prevents unauthorized access to the enterprise network through a general Internet connection, such as through an Internet service provider. While some access is possible from outside the firewall, such as inbound electronic mail, access to corporate resources such as network databases and application programs are generally not made accessible to hosts located outside the firewall unless the user/subscriber has an active account with a valid username and password combination.
Moreover, as appreciated by those of ordinary skill in the art, different network protocols may be used within the Internet infrastructure and within enterprise networks that pose potential access problems for the remote user. For example, an Internet Protocol (IP) is typically used at the network protocol level to send data through the Internet. An enterprise network, on the other hand, may use any one of a variety of network protocols including IP, IPX, Appletalk, etc. If the IP protocol and the enterprise network protocol are incompatible, then the remote user may be prevented from accessing resources on the enterprise network. Additionally, when a remote user attempts to access the enterprise network through the Internet, typically through an Internet service provider, the remote user is dynamically assigned an IP address. This IP address identifies the host user/subscriber and allows IP packets to be properly routed from and to the host. However, the remote user may be denied access by the firewall of the enterprise network because the IP address assigned by the Internet service provider is not one of the authorized addresses in the corporate network.
In response to these and other problems associated with granting remote access to an enterprise network over the Internet, several techniques have been developed for creating virtual private networks (VPN), wherein a remote node of a single network is interconnected using a publicly accessible communication medium. For example, there are a number of systems that enable user/subscribers to create virtual networks using the Internet as a medium for transporting data between the enterprise network and a remote user. These systems often times include encryption and other security mechanisms to ensure that only authorized users can access the virtual network, and that the data cannot be intercepted.
The most common technique for constructing a VPN is by implementing tunneling. Tunneling works by encapsulating or wrapping a packet or a message from one network protocol in the protocol of another. The encapsulated packet is transmitted over the network via the protocol of the wrapper. This method of packet transmission avoids protocol restrictions, and enables remote users to have seamless access to their enterprise network without any apparent effects from accessing their enterprise network over another network having a different protocol. Several relatively well known tunneling protocols include Microsoft's PPTP, Cisco's Layer Two Forwarding (L2F) protocol, and IETF's L2TP which is a hybrid of L2F and PPTP. While these and other tunneling techniques have some merit, no one single tunneling protocol provides for automated configuration without the need for special client-side (i.e., remote computer) software.
Therefore, an unsatisfied need exists in the industry for a system method that dynamically creates subscriber tunnels automatically and without the need for a pre-established relationship between an Internet access point and a remote enterprise network.