Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
1
Replies

How to filter web traffic

Matt Roberts
Level 1
Level 1

‎05-30-2013 08:38 AM

Most of our VPN connections are done with our Cisco 3030 and the internet goes out the ASA. We are able to filter all web traffic by doing a a span port for web traffic.

When we move VPN connections to the ASA we will loose the ability to span web traffic becuase its coming in and going out the same interface on the ASA. We will loose the ability to filter web traffic when this happens.

Any suggestions on how we can filter web traffic on VPN connections on the ASA. We are using websense. I know there is some integration that can be done with the ASA and websense but it doesn't have all the capabilities as doing a span port for websense to monitor.

Labels:
0 Helpful
1 Reply 1

mvsheik123
Level 7
Level 7

‎05-30-2013 09:59 AM

Hi,

On ASA, you need to use the default tunnel route (route INSIDE 0 0 tunnelled 1). The internal core SW/Nextt hop must have default route point to Webfilter.

--> Necessary ACL and global related configs on ASA to allow Internet traffic back to vpn client Pool.

--> You may want to disable 'Unicast RPF (ipverify reverse-path) on ASA, if enabled.

Below is the posting I created with ref to this..

https://supportforums.cisco.com/message/3202559#3202559

hth

MS

0 Helpful
Customers Also Viewed These Support Documents