Forwarding Cisco ASA VPN traffic to internal URL filter server?

Unanswered Question
Mar 12th, 2008
User Badges:


I have currently got my Cisco VPN users and site to site VPNs going through my Cisco Concentrator. They get their web traffic monitored by an internal web filtering server (surfcontrol) as it has to pass through this then through the Cisco ASA firewall.

I have now set up Cisco VPN client connections to the Cisco ASA but the problem is when they access the internet now it instanty goes back out and the traffic is not "seen" by the internal web filter server.

I have tried to use the command:

"ip route inside tunneled"

The is the web filter server, but nothing happens.

Any idea how to get round this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hadbou Tue, 03/18/2008 - 06:58
User Badges:
  • Bronze, 100 points or more

PIX Firewall Software version 6.2 and higher enables you to statically configure multicast routes or use an Internet Group Management Protocol (IGMP) helper address to forward IGMP reports and leave announcements.

This is the multicast support available in this release:

Access list filters can be applied in order to multicast traffic to permit or deny specific protocols and ports.

Network Address Translation (NAT) and Port Address Translation (PAT) can be performed on the multicast packet source addresses only.

Multicast data packets with destination addresses in the address range are not forwarded. But, everything else in the address range is forwarded.

IGMP packets for address groups within the range are not forwarded because these addresses are reserved for protocol use.

NAT is not performed on IGMP packets. When IGMP forwarding is configured, the PIX Firewall forwards the IGMP packets (report and leave) with the IP address of the helper interface as the source IP address.


This Discussion