VPN solution needed

Unanswered Question
Jan 30th, 2012

We are going to be setting up a remote access VPN to a Cisco ASA 5505, once connected to the VPN the internet traffic from the client will then go back out to the internet from the ASA (for web browsing), but Is there anyway to force the traffic through an AV server at the head office site before the traffic goes back out to the internet?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
rizwanr74 Mon, 01/30/2012 - 12:23

Yes it is possible to enable global nat for vpn client and forcing their internet bound traffic via the FW itself, while be connected via VPN client.

nat (outside) 1 192.168.10.0 255.255.255.0

Let assume, that "192.168.10.0 255.255.255.0" your vpn client IP pool, so your VPN client will be able to access internet bound traffic via your FW.

I hope that helps.

Thank

Rizwan Rafeek

networker99 Mon, 01/30/2012 - 12:26

No its doesnt help, I need to know how I can send the traffic to the AV server before the traffic is sent out to the itnernet.

rizwanr74 Mon, 01/30/2012 - 12:33

Create a span port on the switch that FW outside interface connected to.

I cannot provide you 100% config solution to work with third party AV application, this is the way to go, as far as Cisco ASA config it concern.

thanks

Marvin Rhoads Mon, 01/30/2012 - 12:54

If your 3rd party AV server supports WCCP, that would be the solution. The ASA will redirect your clients to the external WCCP device (e.g., Ironport WSA, Bluecoat Proxy SG, etc.) prior to allowing them to access the Internet.

See here for WCCP configuration details.

mvsheik123 Mon, 01/30/2012 - 14:28

I concur with Marvin. WCCP is the way to go. Spanning a port just copies the traffic passes via ASA outside interface but does not pass the traffic thru the AV server.

Thx

MS

Actions

Login or Register to take actions

This Discussion

Posted January 30, 2012 at 12:10 PM
Stats:
Replies:5 Avg. Rating:
Views:340 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard