VPN solution needed

Unanswered Question
Jan 30th, 2012
User Badges:

We are going to be setting up a remote access VPN to a Cisco ASA 5505, once connected to the VPN the internet traffic from the client will then go back out to the internet from the ASA (for web browsing), but Is there anyway to force the traffic through an AV server at the head office site before the traffic goes back out to the internet?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rizwanr74 Mon, 01/30/2012 - 12:23
User Badges:
  • Gold, 750 points or more

Yes it is possible to enable global nat for vpn client and forcing their internet bound traffic via the FW itself, while be connected via VPN client.

nat (outside) 1

Let assume, that "" your vpn client IP pool, so your VPN client will be able to access internet bound traffic via your FW.

I hope that helps.


Rizwan Rafeek

networker99 Mon, 01/30/2012 - 12:26
User Badges:

No its doesnt help, I need to know how I can send the traffic to the AV server before the traffic is sent out to the itnernet.

rizwanr74 Mon, 01/30/2012 - 12:33
User Badges:
  • Gold, 750 points or more

Create a span port on the switch that FW outside interface connected to.

I cannot provide you 100% config solution to work with third party AV application, this is the way to go, as far as Cisco ASA config it concern.


Marvin Rhoads Mon, 01/30/2012 - 12:54
User Badges:
  • Super Silver, 17500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

If your 3rd party AV server supports WCCP, that would be the solution. The ASA will redirect your clients to the external WCCP device (e.g., Ironport WSA, Bluecoat Proxy SG, etc.) prior to allowing them to access the Internet.

See here for WCCP configuration details.

mvsheik123 Mon, 01/30/2012 - 14:28
User Badges:
  • Gold, 750 points or more

I concur with Marvin. WCCP is the way to go. Spanning a port just copies the traffic passes via ASA outside interface but does not pass the traffic thru the AV server.




This Discussion