03-17-2009 10:45 AM - edited 03-06-2019 04:39 AM
Anyone has an idea how to configure Layer3 spanning?
We have a small site with access to the Internet but want to use Websense which is currently in a different site. So spanning the traffic that is destined to the Internet to go through Websense is the plan.
Any idea?
03-17-2009 11:04 AM
Hello Ron,
you should use the internet access of the small site just to build a GRE tunnel to the main site:
on the main site traffic can be sent to the Websense.
Return traffic if permitted is then sent back to the
The GRE tunnel can be protected with IPsec for privacy.
We do so IPSEC+GRE over internet and the remote sites to go to the internet via the main site.
Hope to help
Giuseppe
03-18-2009 10:10 AM
Yes I understand, but as far as I know there is no need to introduce additional GRE tunnels, but rather SPAN to an IP address (layer3).
03-18-2009 10:16 AM
Hello Ron,
inside an intranet if the switches are 6500 you can take advantage of ERSPAN that builds a GRE tunnel between the two 6500.
see
not being on the forwarding path the websense can only log web activity.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: