Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX\ASA configuration for Websense URL filtering

Recently we've introduced Websense to our environment and I am using a spanning port on the core switch to force all traffic destined to the Internet to go through websense, that works very well.

The problem we have now is that Remote Access VPN users (coming from the Internet of course) are not going through websense when accessing the Internet given their traffic does not go through the spanning port, rather they are coming from the OUTSIDE interface of the firewall. I am aware that there is another way of talking to websense and that is through the filter command on the firewall but it is only limited to a number of ports.

So the question is: How do we get ALL traffic going to the Internet to go through websense, both internal users as well as remote access VPN users.

Pls assist if you have this working.

3 REPLIES
Community Member

Re: PIX\ASA configuration for Websense URL filtering

Try this or something like it with your IP's.

url-server (inside) vendor websense host (Your IP) timeout 30 protocol TCP version 4 connections 5

url-cache src_dst 128

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

Community Member

Re: PIX\ASA configuration for Websense URL filtering

Does that mean I can remove the port spanning? Is this config global, ie. it applies to traffic coming from the INSIDE & OUTSIDE (VPN users)? Is it limited to specific ports or will it filter all ports going out?

Community Member

Re: PIX\ASA configuration for Websense URL filtering

Should apply to all...

1076
Views
0
Helpful
3
Replies
CreatePlease to create content