we intend to implement websense as our filtering solution but without integrate it with Cisco PIX or ASA so it will be a Standalone installation.
we will use SPAN ports to copy traffic goes to our ASA and Send it to Websense Server then if the traffic is blocked it will send the block page to the user and a rest packet for the user and the blocked URL.
our network design as follows:
we have cisco 6509 core switch with FWSM installed, websense server is connected to the core int the same users' vlan.
the outside interface of FWSM is in a differnet VLAN and this interface is connected to IPS then another Cisco ASA device which connected to the outside router.
there is an edge switch connected between the IPS and Cisco ASA, we made SAPN ports and connect the destenation port to the other NIC in the websense Server.
when we capture the traffic of this NIC with eathreal it captured all the traffic of the users.
the problem is when the websense send the block page and the rest packet it doesn't reach the user.
we think that there is something drop these packets and may be it think that it is a spoofing.
so what is the problem with this setup?