VPN Internet Traffic

Unanswered Question
Jul 17th, 2008

Hi Guys,

We have a couple of L2L sites that use Cisco 837 ADSL routers to connect back to our headquarters. We want to get all there Internet Traffic coming across the VPN so it can go through our Proxy server. Is it a matter of denying our internal addressing from being Natted then have a deny all statement at the end? I have attached one of our remote site configs if someone can have a look and tell me if this is possible?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Daniel Voicu Thu, 07/17/2008 - 23:55

Hi Ross,

You can do this in several ways:

1. If your proxy is to be configured on the computer browsers (like ISA proxy), then simply add the traffic from the PCs to the IPs of the proxy to the VPN ACL and to the nonat (with deny).

2. Add all traffic over VPN from the user subnet. At this time you can remove the NAT commands all together since no NAT is required anymore. You can use this even if the proxy is something like Websense that works by sniffing the traffic.

Please rate if this helped.




This Discussion