Abstract: An apparatus and method for sharing a resource (such as a modem or virtual private network) allow virtualizing the shared resource in a simple and efficient manner that allows both accepting and initiating virtual or physical connections through the shared resource across logical partitions or systems. An L2TP tunnel is established between the server that owns the shared resource and the client that desires to use the shared resource. Messages are defined that allow the client to initiate an outgoing connection through the shared resource, and that allow the client to accept an incoming connection received from the shared resource. Once the connection is made, the client and ultimate destination communicate through the shared resource via point-to-point communications.

Abstract: An apparatus and method for sharing a resource (such as a modem or virtual private network) allow virtualizing the shared resource in a simple and efficient manner that allows both accepting and initiating virtual or physical connections through the shared resource across logical partitions or systems. An L2TP tunnel is established between the server that owns the shared resource and the client that desires to use the shared resource. Messages are defined that allow the client to initiate an outgoing connection through the shared resource, and that allow the client to accept an incoming connection received from the shared resource. Once the connection is made, the client and ultimate destination communicate through the shared resource via point-to-point communications.

Abstract: An apparatus and method for sharing a resource (such as a modem or virtual private network) allow virtualizing the shared resource in a simple and efficient manner that allows both accepting and initiating virtual or physical connections through the shared resource across logical partitions or systems. An L2TP tunnel is established between the server that owns the shared resource and the client that desires to use the shared resource. Messages are defined that allow the client to initiate an outgoing connection through the shared resource, and that allow the client to accept an incoming connection received from the shared resource. Once the connection is made, the client and ultimate destination communicate through the shared resource via point-to-point communications.

Abstract: An apparatus and method for sharing a resource (such as a modem or virtual private network) allow virtualizing the shared resource in a simple and efficient manner that allows both accepting and initiating virtual or physical connections through the shared resource across logical partitions or systems. An L2TP tunnel is established between the server that owns the shared resource and the client that desires to use the shared resource. Messages are defined that allow the client to initiate an outgoing connection through the shared resource, and that allow the client to accept an incoming connection received from the shared resource. Once the connection is made, the client and ultimate destination communicate through the shared resource via point-to-point communications.

Abstract: An apparatus and method for sharing a resource (such as a modem or virtual private network) allow virtualizing the shared resource in a simple and efficient manner that allows both accepting and initiating virtual or physical connections through the shared resource across logical partitions or systems. An L2TP tunnel is established between the server that owns the shared resource and the client that desires to use the shared resource. Messages are defined that allow the client to initiate an outgoing connection through the shared resource, and that allow the client to accept an incoming connection received from the shared resource. Once the connection is made, the client and ultimate destination communicate through the shared resource via point-to-point communications.

Abstract: An apparatus and method for sharing a resource (such as a modem or virtual private network) allow virtualizing the shared resource in a simple and efficient manner that allows both accepting and initiating virtual or physical connections through the shared resource across logical partitions or systems. An L2TP tunnel is established between the server that owns the shared resource and the client that desires to use the shared resource. Messages are defined that allow the client to initiate an outgoing connection through the shared resource, and that allow the client to accept an incoming connection received from the shared resource. Once the connection is made, the client and ultimate destination communicate through the shared resource via point-to-point communications.

Abstract: IP security is provided in a virtual private network using network address translation (NAT) by performing one or a combination of the three types of VPN NAT, including VPN NAT type a outbound source IP NAT, VPN NAT type c inbound source IP NAT, and VPN NAT type d inbound destination IP NAT. This involves dynamically generating NAT rules and associating them with the manual or dynamically generated (IKE) Security Associations, before beginning IP security that uses the Security Associations. Then, as IP Sec is performed on outbound and inbound datagrams, the NAT function is also performed.

Abstract: A communication network includes a plurality of nodes, selectively including a client, a remote gateway Internet service provider, the Internet, a local enterprise gateway, and an enterprise internal network. A local coincident endpoint is established at the local gateway for an outer connection with a remote node and an inner connection with the same or a different remote node. Nested traffic received at the gateway on the outer connection is decapsulated and then source-in NATed. Traffic received at the gateway for transmission on the outer connection is first source-in NATed, and then encapsulated for communication on the outer connection.

Abstract: A communication network includes a plurality of nodes, selectively including a client, a remote gateway Internet service provider, the Internet, a local enterprise gateway, and an enterprise internal network. A local coincident endpoint is established at a first node for an outer connection with a remote node and an inner connection with a different remote node. The nodes participate in negotiations on the outer connection to set up the inner connection as a secure connection. Thereafter, responsive to communications on the inner connection, the first node establishes links to the outer connection selectively to receive or send communications double nested on the outer connection.

Abstract: An apparatus and method for sharing a resource (such as a modem or virtual private network) allow virtualizing the shared resource in a simple and efficient manner that allows both accepting and initiating virtual or physical connections through the shared resource across logical partitions or systems. An L2TP tunnel is established between the server that owns the shared resource and the client that desires to use the shared resource. Messages are defined that allow the client to initiate an outgoing connection through the shared resource, and that allow the client to accept an incoming connection received from the shared resource. Once the connection is made, the client and ultimate destination communicate through the shared resource via point-to-point communications.

Abstract: A method, apparatus and computer program product are provided for implementing enhanced proxy Address Resolution Protocol (ARP) for Virtual Internet protocol (IP) addresses. A Virtual Internet protocol (IP) interface requiring proxy ARP is identified and a proxy agent for the Virtual Internet protocol (IP) interface is dynamically selected. An IP address for the Virtual Internet protocol (IP) interface is added to an address list of a physical adapter for the selected proxy agent. Utilizing the physical adapter for the selected proxy agent, the added IP address for the Virtual Internet protocol (IP) interface is broadcast with a media access control (MAC) address of the physical adapter for the selected proxy agent.

Abstract: An address management system and method. ADDRESS statements and HIDE rule statements are processed to generate a file of masquerade rules for associating subsets of internal addresses among a plurality of public addresses. Responsive to these masquerade rules, network address translation is performed for incoming and outgoing IP datagrams. IP Network Address Translation (NAT) and IP Filtering functions provide firewall-type capability to a gateway system, such as the IBM AS/400 system. A customer's system administrator specifies specific NAT and Filtering rules (via the AS/400 Operational Navigator GUI). A type of NAT, called masquerade NAT, defines a many-to-one mapping in such a way as to allow the ‘many’ to specify subsets of IP addresses. This allows traffic separation, which improves throughput to and from external networks (e.g. the Internet), and also improves flexibility in IP address management.

Abstract: A system and method for dedicating an externally configurable modem under system software control at a local peer for communication with one, single, predetermined remote peer, thereby providing the equivalent of a dedicate line by operating a single modem at the local node. The modem to be dedicated to the predetermined, single remote node is initialized to answer mode and reconfigured to originate mode when needed. The process of configuring the modem of the local node establishes a point-to-point protocol (PPP) route for establishing a physical connection path to the remote node.

Abstract: IP security is provided in a virtual private network using network address translation (NAT) by performing one or a combination-of the three types of VPN NAT, including VPN NAT type a outbound source IP NAT, VPN NAT type c inbound source IP NAT, and VPN NAT type d inbound destination IP NAT. This involves dynamically generating NAT rules and associating them with the manual or dynamically generated (IKE) Security Associations, before beginning IP security that uses the Security Associations. Then, as IP Sec is performed on outbound and inbound datagrams, the NAT function is also performed.

Abstract: IP security is provided in a virtual private network using network address translation (NAT) by performing one or a combination of the three types of VPN NAT, including VPN NAT type a outbound source IP NAT, VPN NAT type c inbound source IP NAT, and VPN NAT type d inbound destination IP NAT. This involves dynamically generating NAT rules and associating them with the manual or dynamically generated (IKE) Security Associations, before beginning IP security that uses the Security Associations. Then, as IP Sec is performed on outbound and inbound datagrams, the NAT function is also performed.

Abstract: A communication network includes a plurality of nodes, selectively including a client, a remote gateway Internet service provider, the Internet, a local enterprise gateway, and an enterprise internal network. A local coincident endpoint is established at the local gateway for an outer connection with a remote node and an inner connection with the same or a different remote node. Nested traffic received at the gateway on the outer connection is decapsulated and then source-in NATed. Traffic received at the gateway for transmission on the outer connection is first source-in NATed, and then encapsulated for communication on the outer connection.

Abstract: A communication network includes a plurality of nodes, selectively including a client, a remote gateway Internet service provider, the Internet, a local enterprise gateway, and an enterprise internal network. A local coincident endpoint is established at a first node for an outer connection with a remote node and an inner connection with a different remote node. The nodes participate in negotiations on the outer connection to set up the inner connection as a secure connection. Thereafter, responsive to communications on the inner connection, the first node establishes links to the outer connection selectively to receive or send communications double nested on the outer connection.

Abstract: Communications between peer nodes interconnected over a single line in a point-to-point dial up network. During an a job initialization phase, a dial-on-demand (DOD) job which includes a data queue is registered, a DOD interface created, a modem initialized to answer calls, and the DOD job is waited on the data queue. During an originate session phase responsive to a start session request, a data packet for communication to a dedicated remote peer is received and loaded into the data queue; the modem dials the remote node and a connection is activated over which the data packet is transferred to the remote node. During a session end phase, the connection is deactivated; the modem is initialized to answer calls; and the DOD job waited on the data queue for an incoming call or a start session request.

Abstract: A data model for abstracting customer-defined VPN security policy information. By employing this model, a VPN node (computer system existing in a Virtual Private Network) can gather policy configuration information for itself through a GUY, or some distributed policy source, store this information in a system-defined database, and use this information to dynamically negotiate, create, delete, and maintain secure connections at the IP level with other VPN nodes.