Product Documentation

Recommendations for Supporting VPNs

Dec 26, 2012

VPN support is simply a matter of putting the appliance on the LAN side of the VPN, as shown in the following figure. This placement ensures that the appliance receives and transmits the decapsulated, decrypted, plain-text version of the link traffic, allowing compression and application acceleration to work. (Application acceleration and compression have no effect on encrypted traffic. However, TCP protocol acceleration works on encrypted traffic.)

Figure 1. VPN Cabling for an Inline VPN


The following figure shows one option for accelerating one-arm VPNs. The appliance is on the server side of the VPN. All VPN traffic with a local destination is accelerated. VPN traffic with a remote destination is not accelerated. Non-VPN traffic can also be accelerated.

Figure 2. One-Arm VPN Acceleration, Option A


The following figure shows another option for accelerating one-arm VPNs. The appliance is on the server side of the VPN. All VPN traffic with a local destination is accelerated. VPN traffic with a remote destination is not accelerated. Non-VPN traffic can also be accelerated.

Figure 3. One-Arm VPN Acceleration, Option B


Important: For acceleration to be effective, the VPN must preserve TCP header options. Most VPNs do so.