Abstract
An end-to-end virtual private network (VPN) session provides complete privacy and data integrity for enterprise users who access the enterprise network from outside the intranet. However, because packets are encrypted end-to-end from the client to the enterprise VPN gateway, it is not possible for network service providers (NSPs) to provide value-added services to these enterprise VPN users, because such services require visibility into packet headers and application data. A network-based VPN allows a user VPN session to be terminated at an IP service switch (IPSS) within the NSP's network. Another VPN session from the IPSS to the enterprise VPN gateway is used to carry traffic from the IPSS to the enterprise. Because packet headers and application data are visible in the clear at the IPSS, the NSP can provide value-added services. In this paper we discuss a new VPN mechanism — which we call adaptive VPN — that enables enterprises to selectively trade off end-to-end security for value-added services that can be outsourced to an NSP. Adaptive VPN makes it possible for traffic from a specific user to be carried on an end-to-end VPN session and/or a network-based VPN session, based on the network access identifier (NAI) of the user and the application that is being accessed. We also describe the implementation of adaptive VPN in Lucent's VPN security products.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
