Steelhead Mobile

turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Fry jeric
Fry
jeric
Posts: 21
Registered: 11-30-2007
0

Using Steelhead Mobile with Cisco VPN with ASA 5500 Series

Options

12-20-2007 09:48 AM

For Steelhead Mobile to work with Cisco VPN Client with ASA 5500 series, you have to either configure an in-path pass-through rule in the acceleration policy (as described in the Management Console User Guide), or execute the following commands to configure Cisco PIX to allow TCP options in traffic:

PIconfig)# access-list TCP extended permit tcp any any
PIconfig)# tcp-map tmap
PIconfig-tcp-map)# tcp-options range 76 76 allow
PIconfig)# class-map cmap
PIconfig-cmap)# match access-list TCP
PIconfig)# policy-map pmap
PIconfig-pmap)# class cmap
PIconfig-pmap)# set connection advanced-options tmap
PIconfig)# service-policy pmap global
Message 11 of 12 (2,535 Views)
 
Reply
Fry jeric
Fry
jeric
Posts: 21
Registered: 11-30-2007
0

VPN Requirements for Steelhead Mobile

Options

12-20-2007 09:46 AM

VPN environments require that the VPN tunnel not be optimized. When you configure the acceleration policy, add a pass-through rule for the endpoint client VPN port number. This rule must be the first rule on the list.

The Mobile Client has been tested with the following VPN software:

  • Cisco VPN Client v4.8 and v5.0 (with Cisco PIX 500 Series Security Appliances with Cisco PIX Firewall Version 6.3)
  • Cisco VPN Client v4.x and v5.x (with Cisco ASA 5500 Series with Cisco Adaptive Security Appliance Software Version 8.0) The Cisco ASA 5500 series requires additional configuration to be compatible with Steelhead Mobile. You can either configure an in-path, fixed-target rule for the Steelhead Mobile acceleration policy, or you can make configuration changes on the Cisco ASA. For details about configuring in-path, fixed-target rules for acceleration policies, see "Configuring Optimization Rules for Acceleration Policies" on page 53. For details about configuring the Cisco ASA, consult this Knowledge Base article.

  • Citrix Access Gateway Standard Edition v4.5

  • Citrix Access Gateway Standard Edition v4.5 requires additional configuration to be compatible with Steelhead Mobile. You must add a subnet for each of the following: the data center, the server being accessed, the Steelhead appliance, and the Mobile Controller. The server-side Steelhead appliance must be configured out-of-path.

  • Nortel Contivity VPN Client v4.8
  • Juniper SSL VPN - Secure Access 700
  • Juniper NetScreen-Remote VPN Client v8.0
  • OpenVPN v2.0.7
  • Aventail Connect with Smart Tunneling v8.8.1.191
  • Array Networks VPN Client v8.1.0.154

The Steelhead Mobile is known to be incompatible with the following VPNs:

  • Juniper VPN deployed using WSAM (Windows Secure Application Manager).
    Juniper VPN with WSAM/JSAM uses a proxy link so CIFS/NFS traffic is proxied and then transferred using HTTPS. Steelhead Mobile sees encrypted HTTPS traffic and cannot optimize it.
  • NetMotion wireless VPN - Mobility XE
  • Fortinet
  • Citrix Access Gateway (ICA works fine)
Message 12 of 12 (1,196 Views)
 
Reply

© Copyright 2012 Riverbed Technology. All rights reserved Riverbed.com | Contact Us | Technical Support | Terms & Conditions | Privacy Policy

‬‪‬‪‬‪