HANDLING MULTIPATH IPSEC IN NAT ENVIRONMENT
Some embodiments provide a method for establishing a virtual private network (VPN) session between a first gateway router located at a first site and a second gateway router located at a second site. The VPN session for exchanging packets along multiple paths between the first and second sites. The...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | Some embodiments provide a method for establishing a virtual private network (VPN) session between a first gateway router located at a first site and a second gateway router located at a second site. The VPN session for exchanging packets along multiple paths between the first and second sites. The method is performed at the second gateway router located at the second site. The method determines whether any intermediate network address translation (NAT) device processes packets on the multiple paths between the first and second sites during the VPN session. Upon determining that no NAT device processes packets on the multiple paths between the first and second sites, the method builds a source port pool at the second site for sending probe packets during the VPN session (1) to identify the multiple paths and (2) to collect metrics associated with each of the identified paths. Upon determining that a NAT device processes packets on the multiple paths between the first and second sites, the method uses destination port identifiers used in probe packets sent by the first gateway at the first site as source port identifiers for sending probe packets during the VPN session (1) to identify the multiple paths and (2) to collect metrics associated with each of the identified paths. |
|---|