Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,So, i have set up a working Anyconnect solution, (see attached picture)Firewall is a 5585-x ssp20 running 8.4.3Core is cat 6500Anyconnect client version: 3.1.00495--------------Configured vpn with a tunneled default route to 172.19.16.1 (Core -...
Hi everyone,I'm quite stuck at the moment, and would very much appreciate some help.I'm setting up a proof of concept for a client, so at first i set up a lab with an ASA5510 and the following config:webvpnsvc image disk0:/anyconnect-win-3.1.00495-k9...
Hi,I'm a bit confused by this setup that i'm trying to achieve.The setup is classic though, I have one VRF for education (EDU), one for administrators (ADM) and then a shared VRF (GEM) like this:ip vrf ADMdescription *** ADMIN NET ***rd 2:2export map...
Hi Jennifer,Thank you for your suggestion, its along the line of what i have been thinking about.WCCP is configured on the firewall, sorry if i haven't been clear about that.i have been thinking about removing the tunneled default route and then app...
Hi again,yes exactly, i'm running websense, and this is my WCCP configuration, where "wccp 0" equals HTTP, so HTTPS is not enabled.FW01# sh run | inc wccp wccp 0 redirect-list Websense_acl group-list Websense_box password *****wccp interface INSIDE ...
Hi Jennifer,Thanks for replying! When you say "monitoring the web traffic via a proxy server", do you mean WCCP? i think you're definately on the right track here.If i'm on the vpn and visit a "bad" site i get blocked(redirected), so the function is ...
i got it working now, by spending many hours on google.This line:nat (INSIDE,INTERNET) source static any any destination static NETWORK_OBJ_172.40.0.0_19 NETWORK_OBJ_172.40.0.0_19 no-proxy-arp route-lookupChanged it to: nat (any,INTERNET) source stat...
Some more info, this is how my setup looks at the moment. So, there is a default route in ASA5585 to CAT6500 (172.19.16.1):route INSIDE 0.0.0.0 0.0.0.0 172.19.16.1 tunneledAnd as said before, i can reach INSIDE servers, for example 172.18.254.3...
