A METHOD AND SYSTEM FOR AUTOMATICALLY CONFIGURING AN IPSEC-BASED VIRTUAL PRIVATE NETWORK

摘要

A method and system for automatically configuring an IPsec-based VirtualPrivateNetwork. Each node in the Virtual Private Network is configured as an IPsecpeer node andmaintains a Security Policy Database (SPD) that includes information about thedata flowbetween each pair of networks known to the node. An advertisement packet isdistributedwhenever a node detects a new network connected to the node, a change in itsnetworkconfiguration or in the list of trusted networks known to the node. If theadvertisementconcerns a new network, then the receiving node adds the new network to itsSPD if it is notalready in the SPD. The receiving node also updates its SPD with the networkpath between thenew network and the sending node if the network path is shorter than what iscurrently in thedatabase. If the advertisement concerns a new host in a trusted networkconnected to thesending node, then the new host name is added to the list of known host namesmaintained bythe receiving node.