SSL VPN
Reply
Contributor
after1
Posts: 69
Registered: ‎06-04-2010
0

compression type

Where do I set the compression for NC? 

 

What are the recommended compression type? Im using SA6611

 

Thanks all

Distinguished Expert
firewall72
Posts: 826
Registered: ‎05-04-2008

Re: compression type

Hi,

 

It's a check box in the Profile.  Go to Users, Resource Policies, Network Connect, Connection Profiles.  Edit your Profile under Connect Settings, Transport and check the box for "Compression".  I hope this helps.

John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
Contributor
after1
Posts: 69
Registered: ‎06-04-2010
0

Re: compression type

Thanks firewall72
Moderator
zanyterp
Posts: 2,300
Registered: ‎11-19-2007
0

Re: compression type

There is no recommendation; it is something you will need to look at in your environment to decide what is best for you.

Contributor
after1
Posts: 69
Registered: ‎06-04-2010
0

Re: compression type

Isit possible to change the compression type? Ive unticked the compression and try to logon again but NC still showing compression as Deflate. How to change to different compression type?

 

 

Super Contributor
Kita
Posts: 475
Registered: ‎12-23-2010
0

Re: compression type

If NC is stating 'Deflated', then NC has failed over to SSL mode.  If NC is in ESP mode, the compression should be LZO.  I do not believe ESP supports other compression types besides LZO.  If you would like to support other compression types, I would suggest filing a RFE with your account team to properly track your request.

Moderator
zanyterp
Posts: 2,300
Registered: ‎11-19-2007
0

Re: compression type

Do you have gzip enabled at System>Platform>Options? If yes, please disable that as well; that is the only way to disable compression for the SSL transport mode.
Contributor
after1
Posts: 69
Registered: ‎06-04-2010
0

Re: compression type

Couldnt find the gzip option under System>Platform>Options. Where else could it be?

 

What could have caused the failover to SSL? My firewall doesnt allow UDP 4500? Could this be the root cause?

 

If I open the UDP 4500 on the firewall, which interface do I permit to talk to UDP4500 - internal/external or external vip?

Contributor
hansei
Posts: 11
Registered: ‎12-20-2011
0

Re: compression type

It is the public address you access with https to login. It is typically the external address or the VIP in HA environments.
Super Contributor
Kita
Posts: 475
Registered: ‎12-23-2010
0

Re: compression type

Yes, if UDP 4500 is blocked on the firewall, then NC client will automatically fail over to SSL mode.  You'll need to allow UDP 4500 to the ip address which end user are connecting to (ie. vip or external interface).

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.