ASA CX remote proxy with local Internet traffic to go out
I am designing site-to-site VPN with ASAs 5512-X. The main site will have ASA with CX web and apps filtering and AD based users authenticating and the ASA CX. The remote site users are AD based users as well and talking to AD server in the main site over VPN.
What I want to achieve is that remote AD users are web filtered on the ASA CX in the main site (the remote site ASA CX will not have the license) but the Internet traffic will go out locally on the remote site - without the whole traffic flowing between the sites back and forward but only CX authentication for web and apps security. Is that possible at all?
I know you can easily achieve remote site CX authentication with the Internet traffic going out on the main site. The scenario with the remote site traffic going first to the main site (over VPN), coming back to the remote site and coming out of the local Internet connection on the remote site does not make much sense but it would be very interesting if on the remote site I could do remote proxy for authentication (ASA CX main site) but the Internet traffic would not cross the VPN but would be locally routed.
In case this is possible with ASA in the remote site would it also be possible with a router in the remote site?
Please advise Marvin and hopefully you can get back to me very soon.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...