VPN's through ASA need to be pushed inbound to filter server?

Unanswered Question
Apr 1st, 2008
User Badges:


I was wondering how others do this, but I have got users/offices going through my Cisco Concentrator. However I want to move these off and onto our Cisco ASA.

The problem is I need to monitor users internet traffic which is on a server inside (Surf Control), this works for the Concentrator as users come in and go via the ASA firewall and out, along the way the traffic is caught be the web filter server. The ASA is doesn't do this, as the VPN traffic comes into the ASA and straight out again to the internet.

How can I get round this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aghaznavi Mon, 04/07/2008 - 06:32
User Badges:
  • Silver, 250 points or more

Identify the port and enable or rechange the class map , policy map in your device depends up on your requirements.

whiteford Mon, 04/07/2008 - 07:44
User Badges:

Well all I need to do is forward inbound VPN traffic internally then backout again to get monitored by our Surfcontrol/websense server. Have you used the route tunneled command?


route inside tunneled


This Discussion