Re: Deployment without VPN over 3G

cgeary · 06-28-2010

First of all, the Steelhead appliances are not designed to be run outside of a secure environment. So please keep your appliances within firewall boundaries.

We have a detailed technote discussing NAT and various options for deployment:

https://support.riverbed.com/kb/solution.htm?id=501300000007Lkv&categoryName=Install

You can substitute WA1 for your mobile client in these scenarios.

--------------------------------------------
Chris Geary - Riverbed Support
--------------------------------------------
If this answered your question, please click "Accept as Solution" ------->

freeknout · 05-26-2011

We are doing a POC with Steelhead Mobile for remote access only and our requirement is not to use a VPN and we are using strictly 3G WWAN connections. We have been able to get the client to optimize over Cisco Anyconnect so we now the inpath deployment works but our requirements are no VPN.

Based upon what I have read in the forums, using NAT creates asymmetric issues and to quote a post "The Steelheads must be able to see each other and the clients/servers with the same IP addresses at each end of the link". This creates a challenge for us as our remote access will be done through VMWare View 4.6 and currently there are no other applications (other than an Extranet) that will be publicly available.

What deployment methods would work best for this situation? Do I need to NAT (1 to 1) the Mobile Controller and Appliance to a Public IP? Can this be done out-of-path? Are we limited to a Firewall - DMZ - Firewall deployment? Or can we place an Appliance and Mobile Controller outside our firewalls?

Any suggestions or help would be greatly appreciated.

Thank you,

Eric