WebSense is being rather unhelpful. We have a couple of Remote offices that use PIX501 or ASA5505 appliances, VPN Tunnel to Corporate resources, but split-tunnel directly to the Internet.
We would like to enable WebSense content filtering on these remote devices, but we are having issues coming up with a configuration that works.
I found an example document online that states to send the "public" IP down the VPN as interesting traffic, and set the URL server command on the "outside" interface for this. (Attached, this example has some configuration issues - the URLServer should be 10.0.1.10, NOT 192.168.1.10 for one, but shows the concept)
We also cannot use this configuration, as our VPN appliance is separate from our Internet access appliance, and we cannot route the public IP up the VPN tunnel from our Core site, as we Administer these remote appliances via the public IP using SSH.
Also attached is a .JPG drawing of the concept, with no IP addresses.
I was considering using the Internet as a path, setting up a static translation in our Core firewall for the Filtering Server to a Public IP, then sending the remote URL filtering service across the Internet to this IP, but I have concerns about security (is it in clear text, is their confidential information in this traffic, etc.)
So, if anyone has done this successfully, or has ideas on how to set this up, please... let me know. Thanks!