VPN and limiting internet access

Unanswered Question
Jun 17th, 2008

Hello all, I am very new to VPN's and Firewalls so please forgive me for lack of terminology usage.

I am part of a company that has 20 internal PC's and 25 external sites (Convienient stores) that are all now being placed on a VPN. We purchased a ASA 5510 for the office and we are placing Linksys RV042 routers at the stores. What my question is, is that we have a few stores that need limited internet access because we have Subway restaurants there and they need to download and upload at times. What I dont want is to allow full access to the net because of the chance of outside attacks or viruses.

My question is, what can be done to set the VPN in place but only allow certain access to web addresses that we say is alright to have communication with?

Is this possible and / or what else needs to be purchased?

I thank you in advance for any help you can advise on.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
stephen.stack Mon, 06/23/2008 - 05:24


You may have a few simple options. You probably won't be able to configure url filtering on the linksys boxes, and depending on the way you have configured your VPN, you may not be able to url filter on the ASA either. If all traffic from the remote sites is traversing the VPN then try this on the ASA.


This uses regular expressions to filter HTTP traffic based on specified HTTP traffic patterns.

Alternativly, you could just block all http outbound on the linsys boxes and have a permit rule for the indivdual addresses you need to allow.


permit http

permit http

deny http all

I hope you get the idea here. Obviously you need to get the addresses of the individual websites for the second options. Pinging them usually does it.

HTH (Please rate if it does)



This Discussion