cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
637
Views
0
Helpful
3
Replies

Centralized Content Filtering with ASA

remi-reszka
Level 1
Level 1

Hi all,

I was wondering whether it is feasible to install one ASA with CSC-SSM-20 module and licence for 500 users in HQ, enable it to talk with Microsoft AD and funcion as a proxy for Content Filtering for remote sites and mobile users. Basically what we what to achieve is the users in remote sites authenticate with AD over VPN and before going out to surfe web throught their local ISP would need go through content filtering in the HQ on ASA.

In that case all the Internet traffic from remote site would need to go out through the ISP in HQ?

Another solution is to implement Content Filtering with TrendMicro on 800 routers in each site but the license wise it would be very expensive for 60+ sites.

Thanks for any suggestions.

2 Accepted Solutions

Accepted Solutions

Panos Kampanakis
Cisco Employee
Cisco Employee

So from what you are saying you will have the ASA terminate your VPN for remote users and then you want the ASA with its CSC to do URL filtering based on AD.

Well that would work only if all your web traffic from your users was hitting the ASA (U-turning it). If you are doing split tunneling for web it will not work because the ASA doesn't see the browsing traffic.

I hope it makes sense.

PK

View solution in original post

Haha, thanks!

Good luck setting it up,

PK

View solution in original post

3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

So from what you are saying you will have the ASA terminate your VPN for remote users and then you want the ASA with its CSC to do URL filtering based on AD.

Well that would work only if all your web traffic from your users was hitting the ASA (U-turning it). If you are doing split tunneling for web it will not work because the ASA doesn't see the browsing traffic.

I hope it makes sense.

PK

It makes sense. All the web traffic from the remote office will need to go through ASA in HQ to take full advantage of CSC. Thanks very much for your input, I am going to reward you with some points.

Haha, thanks!

Good luck setting it up,

PK

Review Cisco Networking for a $25 gift card