Optimizing clientless ssl vpn performance, Configuring caching – Cisco ASA 5505 User Manual
Page 1667
74-81
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 74 Configuring Clientless SSL VPN
Optimizing Clientless SSL VPN Performance
Detailed Steps
Optimizing Clientless SSL VPN Performance
The ASA provides several ways to optimize clientless SSL VPN performance and functionality.
Performance improvements include caching and compressing web objects. Functionality tuning includes
setting limits on content transformation and proxy-bypass. APCF provides an additional method of
tuning content transformation. The following sections explain these features:
•
•
Configuring Content Transformation
Configuring Caching
Caching enhances clientless SSL VPN performance. It stores frequently reused objects in the system
cache, which reduces the need to perform repeated rewriting and compressing of content. It reduces
traffic between clientless SSL VPN and the remote servers, with the result that many applications run
much more efficiently.
By default, caching is enabled. You can customize the way caching works for your environment by using
the caching commands in cache mode.
Command
Purpose
Step 1
webvpn
Example:
hostname(config)# webvpn
Enter webvpn configuration mode.
Step 2
portal-access-rule
priority [{permit | deny [code
code]} {any | user-agent match string}
Example:
hostname(config-webvpn)# portal-access-rule 1 deny code
403 user-agent match *Thunderbird*
hostname(config-webvpn)# portal-access-rule 1 deny code
403 user-agent match “*my agent*”
Permit or deny the creation of a clientless SSL
VPN session based on an HTTP header code or a
string in the HTTP header.
The second example shows the proper syntax for
specifying a string with a space. Surround the
string with wildcards (*) and then quotes (“ ”).