Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
828
Views
4
Helpful
5
Replies

PIX 501 VPN, Split tunnel with WebSense

rsmith
Level 3
Level 3

‎10-04-2006 09:44 AM - edited ‎02-21-2020 02:38 PM

We have a remote site that uses a PIX 501 to VPN to Core resources (PIX 515 in core). It also split tunnel's to the Internet. We have WebSense in our Core network, and would like to use this filtering service to protect this site. Has anyone implemented this scenario, what kind of delay does it introduce to web-browsing, and can the PIX "see" the WebSense server across the VPN tunnel (using the Inside interface, Outside interface, or ????)

Labels:
0 Helpful
5 Replies 5

mmorris11
Level 4
Level 4

‎10-04-2006 10:52 AM

I have done this exact thing in the past. It can work but in some cases will impose significant browsing lag. The way to go now is to use ACNS on a router or an ASA equipped with a CSC-SSM to run the Websense engine locally at the banch site. This might only open up new challenges in the way of integrating the branch websense engines into AD etc., but it's worth exploring IMO.

HTH

rsmith
Level 3
Level 3
In response to mmorris11

‎10-04-2006 03:16 PM

We have no plans to purchase ASA or router gear, so need to utilize the PIX 501. We do have a limited amount of the WebSense remote client licenses, but want to use them on individual laptops/VPN clients. This site and one other have 10-20 clients. Do you have the pertinant configuration lines that I could look through? I think I know it all but confirmation never hurts. Thanks!

0 Helpful

hammadmunawar
Level 1
Level 1

‎10-05-2006 01:04 PM

I have done this with several site, without any problem. You just have to make sure that pix outside address have access into the tunnel.

0 Helpful

upul
Level 1
Level 1

‎10-17-2006 02:49 AM

Hi rsmith,

I am trying to get internet access to the remote site via main site both having ASAs. Remote site is connected to the main site ASA DMZ interface via public network. I have configured VPN tunnel for traffic between Main site internal network to remote site internal network.

Please advise me how to configure split tunnel to access internet for remote site users via main site.

0 Helpful

dpopli
Level 1
Level 1
In response to upul

‎10-18-2006 01:51 AM

We have used content filtering in remote site using N2h2 server at main office. It slight slows down the Internet access as for every request the internet request will have to contact url filtering server.

I suggest not to use split tunneling and move internet traffic over vpn tunnel and access it through main office Internet gateway

0 Helpful
Customers Also Viewed These Support Documents