Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

WebSense filtering for Satellite office with ASA5505?

WebSense is being rather unhelpful. We have a couple of Remote offices that use PIX501 or ASA5505 appliances, VPN Tunnel to Corporate resources, but split-tunnel directly to the Internet.

We would like to enable WebSense content filtering on these remote devices, but we are having issues coming up with a configuration that works.

I found an example document online that states to send the "public" IP down the VPN as interesting traffic, and set the URL server command on the "outside" interface for this. (Attached, this example has some configuration issues - the URLServer should be, NOT for one, but shows the concept)

We also cannot use this configuration, as our VPN appliance is separate from our Internet access appliance, and we cannot route the public IP up the VPN tunnel from our Core site, as we Administer these remote appliances via the public IP using SSH.

Also attached is a .JPG drawing of the concept, with no IP addresses.

I was considering using the Internet as a path, setting up a static translation in our Core firewall for the Filtering Server to a Public IP, then sending the remote URL filtering service across the Internet to this IP, but I have concerns about security (is it in clear text, is their confidential information in this traffic, etc.)

So, if anyone has done this successfully, or has ideas on how to set this up, please... let me know. Thanks!

CreatePlease to create content