cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1142
Views
0
Helpful
5
Replies

VPN solution needed

networker99
Level 1
Level 1

We are going to be setting up a remote access VPN to a Cisco ASA 5505, once connected to the VPN the internet traffic from the client will then go back out to the internet from the ASA (for web browsing), but Is there anyway to force the traffic through an AV server at the head office site before the traffic goes back out to the internet?

5 Replies 5

rizwanr74
Level 7
Level 7

Yes it is possible to enable global nat for vpn client and forcing their internet bound traffic via the FW itself, while be connected via VPN client.

nat (outside) 1 192.168.10.0 255.255.255.0

Let assume, that "192.168.10.0 255.255.255.0" your vpn client IP pool, so your VPN client will be able to access internet bound traffic via your FW.

I hope that helps.

Thank

Rizwan Rafeek

No its doesnt help, I need to know how I can send the traffic to the AV server before the traffic is sent out to the itnernet.

Create a span port on the switch that FW outside interface connected to.

I cannot provide you 100% config solution to work with third party AV application, this is the way to go, as far as Cisco ASA config it concern.

thanks

If your 3rd party AV server supports WCCP, that would be the solution. The ASA will redirect your clients to the external WCCP device (e.g., Ironport WSA, Bluecoat Proxy SG, etc.) prior to allowing them to access the Internet.

See here for WCCP configuration details.

I concur with Marvin. WCCP is the way to go. Spanning a port just copies the traffic passes via ASA outside interface but does not pass the traffic thru the AV server.

Thx

MS