DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application filed on 01/29/2021. Claims 1-8, and 14-22 are cancelled.  Claims 9-13, 23-27, 30, and 32 are amended. Claims 9-13, 23-27, and 30-33 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
Terminal Disclaimer

The terminal disclaimer filed on 12/20/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of U.S. Patent application No. 10567347 has been reviewed and is accepted.  The terminal disclaimer has been recorded.
EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via email with Mani Adeli (Reg. No. 39585) on 03/02/2022. 

1-8.	(Canceled).
9.	(Previously Presented) For facilitating virtual private network (VPN) connections, a method for forwarding a packet from a logical network that is defined over a physical network of a datacenter to a VPN client outside of the datacenter through a particular VPN connection between a host computer inside of the datacenter and the VPN client outside of the datacenter, the method comprising:
receiving, at a computing device in the datacenter, a packet comprising an encapsulating first outer header and a payload, the encapsulating first outer header storing a logical network identifier that identifies the logical network to which the packet is associated, and the payload of the packet comprising an unencrypted portion and an encrypted portion that was encrypted by the host computer for the particular VPN connection with the VPN client;
identifying, from said unencrypted portion of the encapsulated payload, a network address of the VPN client outside of the datacenter as a destination of the received packet;
replacing the encapsulating first outer header of the packet with an encapsulating second outer VPN header for the particular VPN connection, the second outer VPN header specifying the identified network address of the VPN client as the destination address of the packet; and
forwarding the packet with the encapsulating second outer VPN header to the VPN client outside of the datacenter, wherein the VPN client decapsulates the packet and decrypts the encrypted portion of the payload of the packet.
10.	(Previously Presented) The method of claim 9, wherein said computing device is an edge node of the datacenter that comprises a plurality of host computers executing machines connected to the logical network.

12.	(Previously Presented) The method of claim 11, wherein the computing device is a VPN gateway that negotiated with the VPN client for an encryption key that is used to encrypt the encrypted portion of the packet, wherein the encryption key is provided to the host computer for encrypting the packet.
13.	(Previously Presented) The method of claim 9, wherein the encapsulating first outer header is a header added to the packet when the packet is sent by a machine executing on the host computer in order to produce the received encapsulated packet, the packet further comprising a first header storing network addresses defined for the logical network, said encapsulating first outer header allowing the packet to traverse through the physical network of the datacenter while preserving network addresses defined for the logical network.
14-22.	(Canceled).
23.	(Previously Presented) A non-transitory machine readable medium storing a program for facilitating virtual private network (VPN) connections by forwarding a packet from a logical network that is defined over a physical network of a datacenter to a VPN client outside of the datacenter through a particular VPN connection between a host computer inside of the datacenter and the VPN client outside of the datacenter, the program for execution by at least one processing unit of a computing device, the program comprising sets of instructions for:
receiving, at a computing device in the datacenter, a packet comprising an encapsulating first outer header and a payload, the encapsulating first outer header storing a logical network identifier that identifies the logical network to which the packet is associated, and the payload of 
identifying, from said unencrypted portion of the encapsulated payload, a network address of the VPN client outside of the datacenter as a destination of the received packet;
replacing the encapsulating first outer header of the packet with an encapsulating second outer VPN header for the particular VPN connection, the second outer VPN header specifying the identified network address of the VPN client as the destination address of the packet; and
forwarding the packet with the encapsulating second outer VPN header to the VPN client outside of the datacenter, wherein the VPN client decapsulates the packet and decrypts the encrypted portion of the payload of the packet.
24.	(Previously Presented) The non-transitory machine readable medium of claim 23, wherein said computing device is an edge node of the datacenter that comprises a plurality of host computers executing machines connected to the logical network.
25.	(Previously Presented) The non-transitory machine readable medium of claim 24, wherein the received encapsulated packet is tunneled to the computing device from the host computer, wherein the host computer and the computing device are tunnel endpoints of an overlay logical network.
26.	(Previously Presented) The non-transitory machine readable medium of claim 25, wherein the computing device is a VPN gateway that negotiated with the VPN client for an encryption key that is used to encrypt the encrypted portion of the packet, wherein the encryption key is provided to the host computer for encrypting the packet.
27.	(Previously Presented) The non-transitory machine readable medium of claim 23, wherein the encapsulating first outer header is a header added to the packet when the packet is 
28-29.	(Canceled).
Please cancel claims 30-33.

Allowable Subject Matter
Claims 9-13, and 23-27 are allowed.
The invention relates to a novel method of providing virtual private access to a software defined data center (SDDC) is provided. The SDDC uses distributed VPN tunneling to allow external access to application services hosted in the SDDC. The SDDC includes host machines for providing computing and networking resources and a VPN gateway for providing external access to those resources. The host machines that host the VMs running the applications that VPN clients are interested in connecting performs the VPN encryption and decryption. The VPN gateway does not perform any encryption and decryption operations. The packet structure is such that the VPN gateway can read the IP address of the VM without decrypting the packet.
This communication warrants No Examiner's Reason for Allowance, applicant's
reply make evident the reasons for allowance, satisfying the "record as a whole" proviso
of the rule 37 CFR 1.104(e). Specifically, the substance of applicant's arguments filed on 08/09/2021 pages 1-5 are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP1302.14).

the payment of the Issue Fee and to avoid processing delays, should preferable
accompany the Issue Fees. Such submission should be clearly labeled "Comments on
Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS,
312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production
Control branch in Publications or faxed to post-allowance papers correspondence
branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if
any questions at (703) 305-8497.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496