https://community.cisco.com/t5/network-security/asa-websense/m-p/1371669#M750380 <HTML><HEAD></HEAD><BODY><P>I would consider having an onsite server act as a local Filtering service agent. </P><P>With Websense you can install distributed filter agents and have them controlled from the same policy server.&nbsp; This allows the websense filtered traffic to quickly be checked against the local filter agent server. </P><P></P><P>Alternately it may be possible to configure the remote firewall to directly send the requests to the Websense server through the VPN. </P><P></P><P>url-server (outside) host 172.2.2.2</P><P></P><P>Your VPN access-lists would need to encrypt traffic between your outside interface IP number and your internal network at the remote location.</P><P></P><P>access-list vpn-remote-to-central permit ip host 24.4.4.4 172.2.2.0 255.255.255.0</P><P></P><P>(reverse of that on the central site of course, and add the traffic to your nat 0 access-lists)</P><P></P><P>A long time ago I did something like this, havent had to in a while though, so I'd test it before putting into production.</P></BODY></HTML> Sun, 14 Feb 2010 05:19:11 GMT cmcbride 2010-02-14T05:19:11Z https://community.cisco.com/t5/network-security/asa-websense/m-p/1371668#M750377 <P>If I have ASA's in remote locations with site to site tunnels to the home office where the websense is, can I have the remote ASA make calls to websense like a router can?&nbsp; If so, how do I force the source address from the remote ASA so it is an encrypted vpn packet.</P><P></P><P>thx.</P> Mon, 11 Mar 2019 17:02:52 GMT https://community.cisco.com/t5/network-security/asa-websense/m-p/1371668#M750377 whanson 2019-03-11T17:02:52Z https://community.cisco.com/t5/network-security/asa-websense/m-p/1371669#M750380 <HTML><HEAD></HEAD><BODY><P>I would consider having an onsite server act as a local Filtering service agent. </P><P>With Websense you can install distributed filter agents and have them controlled from the same policy server.&nbsp; This allows the websense filtered traffic to quickly be checked against the local filter agent server. </P><P></P><P>Alternately it may be possible to configure the remote firewall to directly send the requests to the Websense server through the VPN. </P><P></P><P>url-server (outside) host 172.2.2.2</P><P></P><P>Your VPN access-lists would need to encrypt traffic between your outside interface IP number and your internal network at the remote location.</P><P></P><P>access-list vpn-remote-to-central permit ip host 24.4.4.4 172.2.2.0 255.255.255.0</P><P></P><P>(reverse of that on the central site of course, and add the traffic to your nat 0 access-lists)</P><P></P><P>A long time ago I did something like this, havent had to in a while though, so I'd test it before putting into production.</P></BODY></HTML> Sun, 14 Feb 2010 05:19:11 GMT https://community.cisco.com/t5/network-security/asa-websense/m-p/1371669#M750380 cmcbride 2010-02-14T05:19:11Z