Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Websense

If I have ASA's in remote locations with site to site tunnels to the home office where the websense is, can I have the remote ASA make calls to websense like a router can?  If so, how do I force the source address from the remote ASA so it is an encrypted vpn packet.

thx.

1 REPLY
New Member

Re: ASA Websense

I would consider having an onsite server act as a local Filtering service agent.

With Websense you can install distributed filter agents and have them controlled from the same policy server.  This allows the websense filtered traffic to quickly be checked against the local filter agent server.

Alternately it may be possible to configure the remote firewall to directly send the requests to the Websense server through the VPN.

url-server (outside) host 172.2.2.2

Your VPN access-lists would need to encrypt traffic between your outside interface IP number and your internal network at the remote location.

access-list vpn-remote-to-central permit ip host 24.4.4.4 172.2.2.0 255.255.255.0

(reverse of that on the central site of course, and add the traffic to your nat 0 access-lists)

A long time ago I did something like this, havent had to in a while though, so I'd test it before putting into production.

897
Views
0
Helpful
1
Replies