1. Field of the Invention
The present invention relates generally to wireless Internet. In particular, the present invention relates to a method and apparatus for enabling a Mobile Node (MN) to access a Virtual Private Network (VPN) using a Mobile Internet Protocol (IP) address.
2. Description of the Related Art
Conventional Internet to which hosts fixed to a wired network are connected has recently evolved to support MNs roaming between networks in the environment where a wired network interworks with a wireless network. A protocol developed to support the mobility of the MNs over the Internet is Mobile IP. The Mobile IP enables an MN to continue communications with a Correspondent Node (CN) even though it changes its Access Point (AP) of attachment to the Internet.
For mobile Internet services, a mobile communication network is configured to include a Home Agent (HA) residing within the home network of an MN, for receiving a packet instead of the MN and delivering the packet to a foreign network where the MN is now located, and a Foreign Agent (FA) for receiving the packet from the HA to the MN in the foreign network.
The MN has a unique local IP address identifying the MN in the home network, Home of Address (HoA). As the MB moves out of the home network and connects to the foreign network, it acquires a forwarding IP address by which the home network forwards a packet to the foreign network, Care of Address (CoA) and notifies the HA of the CoA. This procedure is called registration. When the MN registers the CoA, the HA supports the mobility of the MN by Binding Updates. After it detects that it is outside the home network, the MN sends the CoA to the HA using a Security Association (SA) established between the MN and the HA.
Generation and integration of network environments evolved in diverse manners add security risks to an integrated network as well as the existing wired environment. One of required service scenarios is MNs' connection to a VPN. In this scenario, an MN must be allowed to continue communications, while roaming within the internal network of the VPN or moving to an external network. For this purpose, a VPN technology interworks with a Mobile IP technology.
To access the VPN in a foreign network, the MN performs a Mobile IP registration for continuous communications over the VPN. The MN first establishes an IPsec tunnel with a VPN gateway using a local IP address allocated by the foreign network, and then performs a Mobile IP registration within the VPN using an IP address used in the IPsec tunnel, Co-located CoA (Co-CoA).
In the IPsec tunnel establishing procedure with the VPN gateway, the VPN gateway or another VPN node, for example, a Dynamic Host Configuration Protocol (DHCP) server allocates an IP address (i.e. Co-CoA) to be used in the VPN to the MN. Upon receipt of an agent advertisement message from the VPN gateway after establishing the IPsec tunnel with the VPN gateway, the MN registers the Co-CoA to the HA. The MN is dynamically allocated a HoA from the HA during the Mobile IP registration and then is able to communicate with another MN within the VPN using the HoA.
As described above, the conventional VPN-Mobile IP interworking technology supports the mobility of the MN using the Mobile IP within the VPN. However, a distinctive shortcoming with this interworking technology is that three IP addresses are required for each MN, that is, a local IP address used in the foreign network, the Co-CoA used to create the IPsec tunnel between the MN and the VPN gateway, and the HoA of the MN. In addition, since a packet passing through the IPsec tunnel is encapsulated in a Mobile IP tunneling header, packet transmission overhead is large between the MN and the VPN gateway.