Fortinet, Inc.
AUTOMATIC VIRTUAL PRIVATE NETWORK (VPN) ESTABLISHMENT

Abstract:

Systems and methods for automatic VPN establishment are provided. According to one embodiment, a P1 message is received by a hub network device (ND) a remote device (RD) of a spoke. P1 specifies VPN connection attributes corresponding to a lowest ENC/AUTH suite supported by RD. A VPN tunnel entry is automatically created by ND based on the VPN connection attributes. A P2 message is transmitted by ND specifying ENC/AUTH attributes based on corresponding ENC/AUTH of the VPN connection attributes. A third message is received by ND from RD indicating a highest level ENC/AUTH suite supported by RD. ND determines its compatibility with the proposed ENC/AUTH suite. If compatible, ND transmits a random PSK to enable creation of a permanent tunnel and establishment of the VPN connection; otherwise, compatibility with a lower level ENC/AUTH suite is determined by RD iteratively reducing the proposed suite until a match is found.