Abstract: Methods and systems for securing communications with an enterprise from a remote computing system are disclosed. The enterprise is included within a community of interest. One method includes authenticating a bridge appliance with an authentication server associated with an enterprise having secure communications, and receiving a packet at the bridge appliance. The method also includes decrypting the packet to provide a decrypted packet in a case where the packet is encrypted according to a cryptographic key associated with the enterprise, and forwarding the decrypted packet to a remote computing device in communication with the bridge appliance. The method additionally includes, in a case where the packet is received from the remote computing device, encrypting the packet according to a cryptographic key associated with the enterprise, to provide an encrypted packet, and forwarding the encrypted packet to an endpoint within the enterprise.

Abstract: A method of communicatively connecting first and second endpoints across a NAT and/or PAT router to form an IPSec encrypted tunnel is disclosed. A message is received by the first endpoint from the second endpoint. The message includes an encrypted portion including a source port, a destination port, a source IP address, and a destination IP address. It is determined whether a table entry exists for the message. If Yes, it is determined by the first endpoint whether a NAT router and/or a PAT router is between the first endpoint and the second endpoint based, at least in part, on the table entry and the encrypted portion of the message. If Yes, an IPSec encrypted tunnel is created using IPSec transport mode for further communications between the first and second endpoints. An apparatus and a computer program product are also disclosed.

Abstract: Methods and systems for securing communications with an enterprise from a remote computing system are disclosed. The enterprise is included within a community of interest. One method includes authenticating a bridge appliance with an authentication server associated with an enterprise having secure communications, and receiving a packet at the bridge appliance. The method also includes decrypting the packet to provide a decrypted packet in a case where the packet is encrypted according to a cryptographic key associated with the enterprise, and forwarding the decrypted packet to a remote computing device in communication with the bridge appliance. The method additionally includes, in a case where the packet is received from the remote computing device, encrypting the packet according to a cryptographic key associated with the enterprise, to provide an encrypted packet, and forwarding the encrypted packet to an endpoint within the enterprise.

Abstract: An IPSec front-end may be configured to encrypt, decrypt and authenticate packets on behalf of a host on an insecure network and a peer on a secure network. For example, the IPSec front-end may receive internet protocol (IP) packets from the host and encrypt the data and format the data as an internet protocol security (IPsec) packet for transmission to the peer. When the peer responds with an IPSec packet, the IPSec front-end may decrypt the data and format the data as an IP packet. The IPSec front-end may be software executing on a Linux server.