VPN 3005 SSL "clientless" and VPN client performance

Discussion in 'Cisco' started by Evan Wagner, Apr 3, 2004.

  1. Evan Wagner

    Evan Wagner Guest

    Evan Wagner, Apr 3, 2004
    #1
    1. Advertising

  2. Evan Wagner <> wrote:
    > Can anyone comment on 3005 performance when running both simultaneously?


    I haven't rolled it out widely enough to detect performance problems,
    partially because implementation bugs prevented me from using anything
    more sophisticated than the basic https proxying.

    - The e-mail proxying is not suitable in our environment because we use
    one-time-password tokens and the imaps/pop3s proxies work by prepending your
    RAS password to your email password in the email client -- requiring a reauth
    with every new imap session.

    - The generic TCP forwarding only works with a specific version of the Sun JRE,
    and even that version gave Java exceptions left and right when I tried to use
    it.

    I was able to make it work for the users who needed this service by doing
    everything through the https proxy -- I set up a webmail server and a
    MindTerm ssh gateway for logins.. but its pretty hackish. Caveat sysadmin.

    --
    Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation
     
    Eric Sorenson, Apr 4, 2004
    #2
    1. Advertising

  3. Evan Wagner

    Evan Wagner Guest

    Eric Sorenson <> wrote:
    > Evan Wagner <> wrote:
    >> Can anyone comment on 3005 performance when running both simultaneously?


    > I haven't rolled it out widely enough to detect performance problems,
    > partially because implementation bugs prevented me from using anything
    > more sophisticated than the basic https proxying.


    Thanks for the information. We've got separate Webmail so it may work
    fine for what I have in mind. I'm trying to avoid rolling out multiple
    boxes (from different vendors) for SSL and VPN client solutions.

    --Evan

    > - The e-mail proxying is not suitable in our environment because we use
    > one-time-password tokens and the imaps/pop3s proxies work by prepending your
    > RAS password to your email password in the email client -- requiring a reauth
    > with every new imap session.


    > - The generic TCP forwarding only works with a specific version of the Sun JRE,
    > and even that version gave Java exceptions left and right when I tried to use
    > it.


    > I was able to make it work for the users who needed this service by doing
    > everything through the https proxy -- I set up a webmail server and a
    > MindTerm ssh gateway for logins.. but its pretty hackish. Caveat sysadmin.


    > --
    > Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation
     
    Evan Wagner, Apr 6, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Olivier PELERIN

    SSL with backend SSL on CSS 11500

    Olivier PELERIN, Aug 30, 2004, in forum: Cisco
    Replies:
    0
    Views:
    3,704
    Olivier PELERIN
    Aug 30, 2004
  2. Replies:
    0
    Views:
    563
  3. Replies:
    4
    Views:
    2,042
    Scott Lowe
    Jun 26, 2005
  4. Doug Fox

    Ports for Clientless VPN on Cisco VPN 3000 Series

    Doug Fox, Sep 9, 2005, in forum: Computer Security
    Replies:
    2
    Views:
    697
    Imhotep
    Sep 9, 2005
  5. jenny
    Replies:
    0
    Views:
    949
    jenny
    Nov 30, 2006
Loading...

Share This Page