cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2295
Views
0
Helpful
2
Replies

ASA 5520 - AnyConnect and Websense question

neillix702
Level 1
Level 1

i have Anyconnect users that VPN to my network and want to use Websense to  do URL filtering for  all Anyconnect Internet traffic that my client  hit.  Right now when users are connected via VPN, traffic to the Internet are hairpinned out on the outside interface and this works great.  however, what i attempting to do is send this traffic to Websense so that i can block non-business traffic.  Im been reading the WCCP but not sure if this works.  Im looking for suggestions and what others have theirs setup with.

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

Question to be asked is:

1) Whether WebSense supports WCCP?

2) Which device will be performing the WCCP with WebSense (if WebSense supports WCCP). FYI - ASA only supports WCCP redirection if the traffic comes from the same interface where the WCCP server is. In this instance, as your AnyConnect is connecting from Outside, and more than likely WebSense will be connected to either your inside or DMZ network, WCCP on ASA will not be supported in this scenario. You would need to have another device who supports WCCP redirection from different interface.

Please check this post, it has discussion on BlueCoat proxy server for VPN traffic that might help you a little:

https://supportforums.cisco.com/message/3203320

View solution in original post

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

Question to be asked is:

1) Whether WebSense supports WCCP?

2) Which device will be performing the WCCP with WebSense (if WebSense supports WCCP). FYI - ASA only supports WCCP redirection if the traffic comes from the same interface where the WCCP server is. In this instance, as your AnyConnect is connecting from Outside, and more than likely WebSense will be connected to either your inside or DMZ network, WCCP on ASA will not be supported in this scenario. You would need to have another device who supports WCCP redirection from different interface.

Please check this post, it has discussion on BlueCoat proxy server for VPN traffic that might help you a little:

https://supportforums.cisco.com/message/3203320

Thanks Jennifer, the link and information that you provided is excellent.

Review Cisco Networking for a $25 gift card