PIX Concentrator URL-server remote office

gmcmanus93 · ‎12-05-2005

I want to be able to have remote sites that already have vpn tunnel back to headquarters access the url-server. I am unable to do this. Error: 110001 Server not responding

No route [url-server-ip] from [pix-inside-ip]

The log on the concentrator reads:

2207 12/05/2005 14:02:54.940 SEV=5 IKE/34 RPT=5872 public-ip.26

Group [public-ip.26]

Received local IP Proxy Subnet data in ID Payload:

Address 10.36.0.0, Mask 255.255.0.0, Protocol 0, Port 0

22210 12/05/2005 14:02:54.940 SEV=4 IKE/61 RPT=18700 public-ip.26

Group [public-ip.26]

Tunnel rejected: Policy not found for Src:public-ip.26, Dst: 10.36.0.0!

22212 12/05/2005 14:02:54.940 SEV=4 IKEDBG/97 RPT=44758 public-ip.26

Group [public-ip.26]

QM FSM error (P2 struct &0x1d5c3ec, mess id 0x7a2386f9)!

please advise. It appears I need to make a policy change to allow the public-ip.26 which is the remote office pix but not sure where this needs to be done.

Thanks in advance.

a-vazquez · ‎12-12-2005

Websense protocol version 4 enables group and username authentication between a host and a PIX Firewall. The PIX Firewall performs a username lookup, and then the Websense server handles URL filtering and username logging.

Websense protocol version 4 contains the following enhancements:

URL filtering allows the PIX Firewall to check outgoing URL requests against the policy defined on the Websense server.

Username logging tracks username, group, and domain name on the Websense server.