The ASA ask to the Websense if the user is allow to access that specific website. If not the ASA blocks the request. The websense only respond to the question from the ASA, The ASA is who block the request or allow it.
The websense can block with:
destination IP address
All that information is forwarded to the Websense server.
It seems that the username is forwarded to the websense if user authentication is enabled on the security appliance. Is this a way to setup transparent authentication in order to simply forward the username request to the websense ?
Replace if_name with the name of the security appliance interface that is connected to the filtering server. The default is inside. Replace local_ip with the IP address of the filtering server. Replace seconds with the number of seconds the security appliance must continue to try to connect to the filtering server.
Use the protocol option in order to specify whether you want to use TCP or UDP. With a Websense server, you can also specify the version of TCP you want to use. TCP version 1 is the default. TCP version 4 allows the PIX firewall to send authenticated user names and URL logging information to the Websense server if the PIX firewall has already authenticated the user.
For example, in order to identify a single Websense filtering server, issue this command:
hostname(config)#url-server (DMZ) vendor websense host 192.168.15.15 protocol TCP version 4
Please let me know if this is what u were looking for.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...