Integrating Citrix server and gateway for VPN

We're looking to integrate a Citrix P4 server with a Citrix Access Gateway 4.2 for VPN access. I believe the Citrix Access Gateway works with VoIP, although I've heard some reservations about integration. If so, which particular VoIP systems are problematic? We are currently looking at Mitel.

Networks used for remote access can vary widely in terms of bandwidth and reliable delivery. Because VoIP and other real-time protocols are vulnerable to latency and jitter, poor quality links can impact user experience and application usability. VoIP users may experience call degradation, voice drop outs, and incomplete or disconnected calls. Remote access VPNs do not necessarily degrade VoIP calls, but encrypting a VoIP call placed over a poor quality link will make a bad situation that much worse.

Furthermore, application support varies widely across SSL VPN products. In Joel Snyder's December 2005 head-to-head test of 11 SSL VPNs, tested products were only able to pass 40% of VoIP test cases. Some products did not support VoIP, and several required administrative privileges to run client-side programs needed to relay VoIP protocols to SSL VPN gateways.

According to product literature, the Citrix Access Gateway (CAG) SSL VPN product that you are considering does indeed support VoIP tunneling. Several a user forum posts describe successful SIP phone usage with commercial Cisco and open source Asterisk VoIP servers. However, the CAG 4.2 Administration Guide states that H.323 protocols are not supported. To achieve better VoIP performance, CAG routes UDP VoIP packets over SSL without requiring acknowledgement, providing UDP-like performance over TCP-based tunnels. A new 4.2 configuration option can also be used to shorten the key used to encrypt VoIP traffic, further reducing latency.

However, It is also critical to consider client hardware and operating system limitations. IP softphones that run on general-purpose PCs are more easily combined with remote access VPNs. When you install a softphone and a VPN client, VoIP protocols can be forwarded over a secure tunnel to the VPN gateway. But most purpose-built devices, including desktop IP phones, run embedded software only; they usually cannot run third-party Windows or Linux programs. The Citrix Access Gateway does not use a permanently installed VPN client, but it does use a dynamically-invoked Secure Access Client, supplied as a Windows Java or Linux download from the VPN portal. This model seems to fit remote access users that run IP softphones, but not on-premises desktop IP phones that involve neither remote access nor Windows/Linux computers.

I was unable to find any published information regarding CAG / Mitel interoperability, but note that many Mitel products can use proprietary or SIP protocols. I also could not tell whether you plan to use IP softphones or desktop IP phones or both. I recommend that you ask Mitel's technical sales support about the specific network topology and client/server products that you hope to integrated. You may also want to ask for reference customers using any Mitel or third-party VPN with Mitel VoIP products.

Rate this Tip To rate tips, you must be a member of SearchUnifiedCommunications.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Planning and Testing for IP Telephony The new Nortel: LTE patents reviving Nortel? 3M prepares the network for VoIP IP telephony management software essential to large-scale deployments Go Green: Al Gore speaks at VoiceCon 2008 Early adopters of unified communications need to ask about security With the launch of unified communications, managing complexity and information is key Managed VoIP keeps regatta's communications afloat VoIP, unified communications study reveals challenges Voice over IPv6: Architectures for Next Generation VoIP Networks BT's SDK for do-it-yourself VoIP apps IP Telephony Systems Unified communications infrastructure virtualization now a reality HD voice value proposition: Just try using an HD phone Tutorial: Connecting and leveraging VoIP islands VoIP islands 101: How did we get here? Do desk phones matter in the UC everything, IP everywhere era? The new Nortel: LTE patents reviving Nortel? Eldorado Casino can't afford to gamble on IP-PBX telephony upgrades Agito first to make BlackBerry a dual-mode phone Nortel voice customers are the vendor's only enterprise asset Aruba's VBN line pushes IP telephony, secure Wi-Fi to teleworkers Unified Communications Tech Tip Recession generates interest, adoption in video conferencing Winning users over to video conferencing Telepresence is the next best thing to being there Implementing a mobile unified communications (UC) solution Understanding mobile unified communications (UC) products The significance of Avaya's Aura UC buyers should look for SaaS-based UC offerings in 2009 Using the iPhone in the enterprise? Social networking and discussion forums for the enterprise Streaming Cisco's IP Communicator to an HP thin client RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.