Riverbed is a leader in the WAN Optimization Controller space. We have implemented these devices at a client that had users in remote offices using a network file server (via VPN) and were experiencing less than stella performance. Anyone that has done CIFs file sharing over WAN, knows that it is painfully slow - it is by design intended for local use, not over low bandwidth, high latency WAN connections.

Summary of the setup:

• Topology, hub/spoke arrangement.
• Branch office users, save files to the main office file server.
• Files are typical office docs, pdfs, and images - upto 100megs+ in size.
• Branch location slowest links are ADSL.
• VPN connection already exists.
• XP Clients to Windows 2003 file server.
• Branch offices are NOT on the Active Directory - just have a \\x.x.x.x\share shortcut on the desktop.
• The head office AD has an account that matches their local login usernames and passwords.

 Riverbed Steelhead units dropped into the Head Office, and at the branch offices. These units sit inline after your firewall LAN port, and the network switch. If there is a crash on the Riverbed Steelhead unit, the electronics will do an auto failover, and will route the traffic straight through the device (there is 2 cables connecting into the switch on the Riverbed unit).

Tip: Manually set the port speed on your switches to match the port speed on the Riverbed interfaces.

We also optioned the RSP (Riverbed Services Platform) kit on the head office Riverbed Steelhead unit. This enables a low capacity, virtualized version of their Steelhead Mobile unit. You can additionally deploy VMs such as domain controllers with the RSP kit, although this wasn't tested.

Using a 10 pack of Mobile clients, we were able to connect users at the remote offices that did have a VPN connection, but didn't have enough users to warrant a Riverbed Steelhead device.

If we wanted mobile users to utilize the Riverbed Mobile client, we would need these users to first connect via VPN.

Before and after file transfer/open/save tests over the VPN showed a 25x + improvement. Even the first pass, with the Riverbed installed, CIFs traffic is optimized, but the massive gains happen after the Riverbed's have "seen" the data before.

These devices do not come cheap, but it is probably one of the coolest, drop in, turn it on, technology solutions I have seen implemented for a long time.

I had a long time problem with my client's CISCO VPN connections to the Australian Tax Office - via HandiTax and Simplefund.

Every time they were lodging to the ATO, they had to retry the lodgement several times before it successfully connected and transmitted.

The problem was consistent across two different software applications but there was a common component with the CISCO VPN client. After the light bulb light up above my head, I googled "Linksys WAG325N CISCO VPN problem" and came across the following forum post on the Linksys site:

http://forums.linksysbycisco.com/linksys/board/message?message.uid=113940

I double checked that the IPSec Passthrough was enabled, but the other part that I needed to add to the router configuration was to put entries under Applications & Gaming -> Port Range Triggering. I did another google search for which ports are used by the CISCO VPN, and put in 500, 4500 and 10000.

Here is a screenshot (click it for a larger view) of the relevant page on the router setup.

After I made these changes, lodging returns to the ATO in both HandiTax and Simplefund worked flawlessly each time on first attempt!