Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
2
Replies

CX Web Filter blocking local server traffic when connected via VPN

carlos.garza
Level 1
Level 1

‎04-17-2015 08:12 AM

We have a Cisco ASA 5525 which we use for everything!

 

When inside the office and we attempt to hit an intranet website via the server name (http://server) we have no issues but when connected via VPN and accessing the same server, the web filter will block it as being uncategorized.  While on VPN if we use the FQDN for the server, the request goes through but I'd like to be able to have users on VPN not have to change their shortcuts to include the FQDN.

 

Any ideas why this could be happening?

 

Thanks!

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-17-2015 12:36 PM

You can whitelist the server by adding a policy entry at the top of your CX access policy in PRSM to permit all users to access the server.

You could also modify the class-map called by the service-policy in the ASA to exclude inspection of traffic going to that server.

0 Helpful

carlos.garza
Level 1
Level 1
In response to Marvin Rhoads

‎04-22-2015 09:08 AM

We already have rules in place allowing any access to all of our intranet servers and those rules work well when in the office but when connected via VPN and we then attempt to access intranet servers via their hostname only; do we receive the web filter block.

Again, this issue only occurs while connected to VPN and only the server name is used to connect to the server (http://server) using the FQDN (http://server.domain.com) of the same server while connected to VPN does not get blocked by web filter.

0 Helpful
Customers Also Viewed These Support Documents