Add and configure a tunnel-type client-access application

Add a tunnel-type client-access application to EAA Client and configure the parameters.

Create a tunnel-type client access application and configure it with the parameters.

How to

  1. From the top menu bar, click Applications.
  2. Click Add application.
  3. In the Add custom apps area, click Client-Access app.
  4. In the dialog, enter an application name and description. Select Tunnel mode (multiple ports, UDP and TCP) for the Type.
  5. Click Create app and configure.
  6. Click Add icon. (optional) Add any icon for your application from the gallery.
  7. In the general tab, configure the Destination field in the Application Identity section based on your use case. You can configure different traffic types (TCP, UDP or both), different domains (wildcard or specific) or IP based access (with or without subnets), port ranges or specific ports or combinations of both. To add more destinations, click Add Destination and configure the next destination, Destination 2 and so on, till you're done with all the network destinations. .
    Note: If a route for a particular destination already exists, then EAA Client will not add the IP address to the routing table, but will issue an IP route collision alert.
  8. In the Endpoint host name field enter the cloud endpoint of your application. This is the cloud endpoint for all communications between the client access application and Enterprise Application Access (EAA). Additionally, choose one of these domains:
    • Use your domain. If you use your own custom domain, you must provide a certificate configured as a complete bundle with all the subordinates (having the full chain of trust), otherwise you will see a web-socket error. To use an uploaded certificate, select Use uploaded certificates and follow the steps in Add a certificate to EAA
    • Use Akamai domain. If you use an Akamai domain no certificate is needed.
  9. Select an Akamai Cloud Zone. The cloud zone should be the location closest to the data center where your application server resides. The Akamai Cloud Zone can be of the form Client-* like Client-US-East, Client-US-West, etc closest to the application in the data center.
  10. Associate a connector to the application.
    1. Click Add or remove connector and select a connector from the dialog.
    2. Click Done.
  11. Click Save and go to Authentication.
  12. In the Authentication tab, click Assign identity provider. The identity providers that are enabled for the EAA Client appear. Select the identity provider which has the directories and groups who will access this application.
  13. Click Save and go to Services. The Service tab opens to let you configure these optional services
  14. Click Save and go to Advanced settings.
  15. If you are seeing performance issues for TCP applications in tunnel mode, click TCP Optimization, for higher throughput.
  16. Complete the optional Advanced Settings. See Set up advanced settings for an application.
    Note: For a client access application, the Enable websocket support option is enabled by default. This option is required to establish a tunnel from the client to the EAA cloud.
    Note: To provide selective access to some subdomains to some users, or certain IP addresses within the tenant see Set up DNS exceptions and Access control rules.
  17. Click Save and go to Deployment.
  18. In the Deployment tab, click Deploy Application. This option is only available if all the required fields are completed for the application.