Forwarding Cisco ASA VPN traffic to internal URL filter server?

Unanswered Question
Mar 12th, 2008

Hi,

I have currently got my Cisco VPN users and site to site VPNs going through my Cisco Concentrator. They get their web traffic monitored by an internal web filtering server (surfcontrol) as it has to pass through this then through the Cisco ASA firewall.

I have now set up Cisco VPN client connections to the Cisco ASA but the problem is when they access the internet now it instanty goes back out and the traffic is not "seen" by the internal web filter server.

I have tried to use the command:

"ip route inside 0.0.0.0 0.0.0.0 192.168.1.10 tunneled"

The 192.168.1.10 is the web filter server, but nothing happens.

Any idea how to get round this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hadbou Tue, 03/18/2008 - 06:58

PIX Firewall Software version 6.2 and higher enables you to statically configure multicast routes or use an Internet Group Management Protocol (IGMP) helper address to forward IGMP reports and leave announcements.

This is the multicast support available in this release:

Access list filters can be applied in order to multicast traffic to permit or deny specific protocols and ports.

Network Address Translation (NAT) and Port Address Translation (PAT) can be performed on the multicast packet source addresses only.

Multicast data packets with destination addresses in the 224.0.0.0/24 address range are not forwarded. But, everything else in the 224.0.0.0/8 address range is forwarded.

IGMP packets for address groups within the 224.0.0.0-224.0.0.255 range are not forwarded because these addresses are reserved for protocol use.

NAT is not performed on IGMP packets. When IGMP forwarding is configured, the PIX Firewall forwards the IGMP packets (report and leave) with the IP address of the helper interface as the source IP address.

Actions

This Discussion