Virtual private networks provide users of a client computer with secure access to remote resources when public networks. Many virtual private networks use network appliances to provide secure connections to clients. For example, a user may access resources including applications, web sites, and files by connecting to a network appliance which manages a number of virtual private network connections. In many cases, an agent program associated with the client identifies network communications intended for the virtual private network based on the address used to send the communication.
However, this technique suffers from a number of drawbacks. Because all traffic corresponding to an address range is sent to the virtual private network, whether appropriately sent to the network or not, robust authorization policies must be created to filter appropriate virtual private network traffic from traffic that should not be sent on the virtual private network. Such policies are difficult to create and difficult to maintain. Also, blanket routing of all data communication to a virtual private network, whether appropriate or not, can increase security risks, since a malicious user may use data traffic having the correct address range to cause harm to the data center the virtual private network is meant to protect.
It would, therefore, be desirable to provide systems and methods to route data in a virtual private network environment on a more granular basis than subnet identification.