Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
840
Views
0
Helpful
3
Replies

VPN and CSC Modul

Go to solution
fabelousNet
Level 1
Level 1

‎08-28-2011 04:29 AM

Hi all,

I have a new branch office connected to the headquater. Every kind of traffic flows via the headquarter. On the hq-site we use an CSC modul to filter web-traffic.

How I have to configure the hq rules to force the branch to use the csc modul? At time it does not use the modul.

branch office:

192.168.1.0/24

hq:

192.168.0.0/24

I have following rules on the ouside interface:

access-list outin extended permit tcp 192.168.1.0 255.255.255.0 any object group(http, https, ftp) (at time this rule takes effect)

access-list outin extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0

Following service policy rules we used to force the fraffic via the csc modul:

access-list csc-outin extended permit tcp  192.168.0.0 255.255.255.0 any object group(http, https, ftp)

access-list csc-outin extended permit tcp  192.168.1.0 255.255.255.0 any object group(http, https, ftp)

But ths rule for the subnet 192.168.1.0/24 does not grab so I have to configure the outin acl to permit web access.

Any ideas?

Or do you need more configuration details?

Thank you and Kind regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎08-28-2011 05:42 AM

Where have you applied the service-policy for diverting the traffic towards the CSC module?

If you have only applied it on the inside interface, then you would need to configure a new class-map for traffic from 192.168.1.0/24 towards the internet on http, https and ftp, and apply the service policy on the outside interface.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎08-28-2011 05:42 AM

Where have you applied the service-policy for diverting the traffic towards the CSC module?

If you have only applied it on the inside interface, then you would need to configure a new class-map for traffic from 192.168.1.0/24 towards the internet on http, https and ftp, and apply the service policy on the outside interface.

0 Helpful

Go to solution
fabelousNet
Level 1
Level 1
In response to Jennifer Halim

‎08-28-2011 05:54 AM

Of course.. VPN traffic..

Thank you very much!

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to fabelousNet

‎08-28-2011 05:56 AM

No problem, please kindly mark the post as answered if you have no further question, so others can learn from your post. Thank you.

0 Helpful
Customers Also Viewed These Support Documents