04-12-2012 11:32 AM - edited 03-11-2019 03:53 PM
I have a 5520 ASA using wccp redirection to our IronPorts on the inside and everything works great for inside users. What I'm trying to do is get VPN users off split tunneling and to filter their traffic through the IronPorts as well but I can't figure out how. When they connect they seem to bypass the Ironport completely.
04-12-2012 06:59 PM
include config mate
04-13-2012 12:12 AM
Hi,
We have a few setups with ASA and Ironport.
To my understanding you would have to have a separate device for VPN and have the VPN user web traffic come to the main ASA through the same interface as the LAN users.
The Cisco ASA material states the following
The only topology that the ASA supports is when client and cache engine are behind the same interface of the ASA and the cache engine can directly communicate with the client, without going through the ASA.
Theres also a possibility to use a router in front of your ASA to handle the WCCP but this would mean that you need to use different public IPs for all the different groups behind your firewall so you can create separate rules for them.
- Jouni
04-13-2012 06:06 AM
Jouni thank you, so if I'm understanding you correctly, you have multiple ASA's for your setup, one where VPN users authenticate and then connect to the inside interface of a second ASA that has wccp redirection?
04-13-2012 10:29 AM
Hi,
I'm only dealing with a few networks which have Ironport. And the setups are very simple.
All but one of those networks have had a separate device for VPN even before the Ironport was introduced to the network.
I'm not the best person to talk about this subject as I just do simple managing of the Ironports and have not really setup them myself.
You could also ask in the Ironport section of these Security forums. Maybe someone reading that section might be able to give you a more thorough explanation of your possibilities regarding the VPN users and WCCP.
- Jouni
04-17-2012 09:56 AM
Jouni thanks again I appreciate the input, I'll continue to search more.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide