Appendix B SSG Implementation Notes
Table
SSG Feature | Implementation Notes | |
RADIUS Proxy | Not Supported. | |
|
| |
Service Profiles | MTU Size | |
| mode, SESM does not support the use of the MTU Size attribute. | |
| ||
| attribute. You must configure the proxy RADIUS server to interpret this attribute. | |
| A RADIUS service profile supports only one | |
|
| |
SMTP Redirect | Not supported, even if it is configured. | |
|
| |
TCP Redirect | Supported to default network only. User traffic to services might be dropped, | |
| even if it does not match a redirect port. | |
| ||
| network or part of an active service. As a workaround, use redirects based on | |
| service name. | |
| The authentication feature applies only to | |
| authenticated as part of the PPP negotiation process. PPP users logging off from | |
| SESM are also redirected. | |
| Initial | |
| subject to initial captivation and is redirected. If the packet does not match the | |
| redirection filter, the packet is not subject to initial captivation and is dropped. | |
| Also see the “Restrictions for SSG TCP Redirect” section on page | |
|
| |
Transparent | Supported only for traffic to the user (host). Not supported for traffic from the | |
Passthrough | user (host). Use Open Garden to allow SSG hosts access to certain networks. | |
| Unauthorized downstream traffic is always allowed, but unauthorized upstream | |
| traffic from an SSG host is dropped. | |
|
| |
Unsupported | If an unsupported feature (such as NAT) is applied to an SSG connection, the | |
Features | router does not reject the connection; however, the feature is not applied to traffic | |
| over the connection. | |
|
| |
VPI/VCI Static | The feature applies only to PPP sessions. | |
Binding to a | You must statically configure the feature. | |
Service Profile | ||
SESM cannot map the VC to the service. | ||
| ||
|
|
Cisco 10000 Series Router Service Selection Gateway Configuration Guide
| ||
|
