Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13614
Views
10
Helpful
18
Replies

VPN Clients Internet Via Proxy

Go to solution
mvsheik123
Rising star
Rising star

‎10-14-2010 05:58 PM

Hi All,

Infrastructure : Internet FW <--> IPS <--> Core SW

RA vpn users terminate on FW and currently split-tunneling is in place.

Adding a Bluecoat proxy in Transparant mode -main purpose is for intercepting 'https' requests from internal client for DLP (Data Loss prevention). Not intersted in Webfiltering. So the infrastructure after proxy...

Internet FW <--> IPS <--> Tranparant Proxy <--> Core SW

1. Is it better place to add the proxy?

2. Current proxy does not have enough ports to add FW DMZ inline. Is it normal practice to add DMZ (with servers, no user PCs) to Proxy?

3. Now if Split-tunneling is removed and force the VPN clients to use organization Internet, when the RA vpn users terminate on FW, does their internet

   requests still pass thru proxy? If not how to make them pass thru proxy.

TIA

MS

Labels:
0 Helpful
18 Replies 18

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to mvsheik123

‎12-13-2010 07:22 PM

You might not want to do "route inside 0.0.0.0 0.0.0.0 tunnelled" because all traffic (inc. all protocols and ports) even though they are not supposed to be destined to the proxy will be routed to the proxy ip.

I believe that your proxy will only certain protocols, eg: http, https, ftp, etc, so if you configure the above tunnel default gateway for the vpn traffic, other applications eg: mail, dns, etc will be routed to the proxy server too.

0 Helpful

Go to solution
mvsheik123
Rising star
Rising star
In response to Jennifer Halim

‎12-13-2010 07:39 PM

Thanks again for quick reply. But here ASA will know internal network via OSPF. What syntax may work?.. route inside or route outside (for RA vpn users to use proxy for internet traffic). The BC is sitting 'inside' the ASA. Thanks again.

MS

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to mvsheik123

‎12-13-2010 08:03 PM

It would be "route inside" if internet connection is connected to the inside interface of the ASA.

0 Helpful

Go to solution
Netplace Support
Beginner
Beginner
In response to mvsheik123

‎10-09-2019 12:02 PM

Hi Mvsheik,

 

Could you please let me know how you make your RA Vpn users connect to internet using BC proxy.

 

Having some what same scenario as yours

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents