Optimizing clientless ssl vpn performance, Configuring caching – Cisco ASA 5505 User Manual

74-81

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Optimizing Clientless SSL VPN Performance

Detailed Steps

Optimizing Clientless SSL VPN Performance

The ASA provides several ways to optimize clientless SSL VPN performance and functionality.
Performance improvements include caching and compressing web objects. Functionality tuning includes
setting limits on content transformation and proxy-bypass. APCF provides an additional method of
tuning content transformation. The following sections explain these features:

•

Configuring Caching

•

Configuring Content Transformation

Configuring Caching

Caching enhances clientless SSL VPN performance. It stores frequently reused objects in the system
cache, which reduces the need to perform repeated rewriting and compressing of content. It reduces
traffic between clientless SSL VPN and the remote servers, with the result that many applications run
much more efficiently.

By default, caching is enabled. You can customize the way caching works for your environment by using
the caching commands in cache mode.

Command

Purpose

Step 1

webvpn

Example:

hostname(config)# webvpn

Enter webvpn configuration mode.

Step 2

portal-access-rule

priority [{permit | deny [code

code]} {any | user-agent match string}

Example:

hostname(config-webvpn)# portal-access-rule 1 deny code

403 user-agent match *Thunderbird*

hostname(config-webvpn)# portal-access-rule 1 deny code

403 user-agent match “*my agent*”

Permit or deny the creation of a clientless SSL
VPN session based on an HTTP header code or a
string in the HTTP header.

The second example shows the proper syntax for
specifying a string with a space. Surround the
string with wildcards (*) and then quotes (“ ”).