1. Field of the Invention
The present invention relates to the field of computer networks. More particularly, the present invention relates to allowing communications between a user and the Internet without passing the communications through a private network.
2. The Background
In recent years, “intranets” have been rising in popularity, especially with large companies. An intranet is an internal network that serves only a specific type of person (such as employees of a corporation, or students at a school). The intranet is usually not accessible to the general public. Intranets have become popular mainly because they allow for much more productive communication between users within the network, even when the users are dispersed over a wide geographic area (such as in multi-national corporations).
FIG. 1 is a block diagram depicting one way to connect to an intranet. Personal computer 10 connects through a link 12, generally a Point-to-Point Protocol (PPP) link, to an Internet service provider (ISP) or access point (AP) 14. The ISP or AP 14 then connects through link 16 to the Intranet 18.
Many entities that maintain intranets, however, have also wanted to offer users access to the Internet as well. There were, however, a limited number of ways that this could be accomplished. The first, and most simple, way would be for the user to first terminate the existing connection between the PC 10 and the ISP or access point 14. Then the user could log into the Internet. The major drawbacks of this solution are obvious. It does not allow for simultaneous connection to an intranet and the Internet, thus limiting the productivity of the user. Additionally, it requires termination of the link between the PC and the ISP, thus using up valuable time on the user's end, as he has to re-initiate a connection process.
The second way an entity could offer access to the Internet is to have a preconfigured connection from the intranet to the Internet, such that communications between the user and the second intranet or Internet pass through the intranet. FIG. 2 is a block diagram illustrating a connection to the Internet 62 through an intranet 58. A user at PC 50 maintains a connection 52 to ISP 54, which is connected to the intranet 58. Intranet 58 is then connected through link 60 to the Internet 62. The drawback of this solution is that the traffic from the user at PC 50 to the Internet 62 passes through the intranet 58. This increases the traffic traveling through the intranet 58 and poses a security risk to the information sent via the intranet 58.
A Virtual Private Network (VPN) is a private network configured to communicate with its users over the Internet, utilizing a technique called tunneling as to ensure that the data cannot be read by unauthorized users. Tunneling involves encapsulating a packet of data around a frame or packet of a different protocol for transport. Security protocols such as the IP Security Protocol (IPSEC) may also be utilized in order to further reduce the chances of unauthorized access. Thus, the link between the ISP and the intranet in the examples described above (16 in FIGS. 1 and 56 in FIG. 2) may be virtual private networks.
Even when using a VPN, the same problems arise in directing traffic to and from the Internet when the user is connected to an intranet.
What is needed is a method by which an entity may provide Internet access to its users without encountering the problems that arise in passing Internet traffic through the intranet.