Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
219
Views
0
Helpful
1
Replies

VPN users redirected to WCCP redirection

fsebera
Level 4
Level 4

‎05-25-2016 11:56 AM - edited ‎03-08-2019 05:56 AM

We have an active/failover ASA pair supporting WCCP which redirects Internet bound traffic to WebSense appliances for proxy/filtering services. As recommended, WCCP is redirecting inbound on the “inside” interface and is currently fully operational.

We also have an active/failover ASA pair supporting AnyConnect VPN services which is currently operational but is not redirecting to WCCP.  We need to redirect AnyConnect VPN Internet access traffic to the WCCP services.  It appears the IOS CLI command tunnel default gateway is what is needed to make this redirection work for the VPN users.

Can anyone confirm the tunnel default gateway command is what is needed to force VPN users trying to access the Internet while using the VPN to be redirected to WCCP (FW-ASA) or perhaps offer an alternative that is known operational?

 

This is what I think is needed:

On the VPN-ASA (.250 and .249)

route inside 0.0.0.0 0.0.0.0 192.168.1.254 /24 tunneled

 

Topology:

  FW-ASA---FW-ASA          VPN-ASA---VPN-ASA

  ACTIVE   Failover        ACTIVE   Failover

  .254     .253            .250       .249

   |        |                |           |

/----------VLAN8 ---—192.168.1.0 /24-----------/

   |                   |

  .2                  .10

  WebSense            INTRANET

 

 

ASA IOS version 9.3+

Thank you

Frank

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎05-25-2016 12:34 PM

That should work fine.

0 Helpful
Customers Also Viewed These Support Documents