Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Centralized Content Filtering with ASA

Hi all,

I was wondering whether it is feasible to install one ASA with CSC-SSM-20 module and licence for 500 users in HQ, enable it to talk with Microsoft AD and funcion as a proxy for Content Filtering for remote sites and mobile users. Basically what we what to achieve is the users in remote sites authenticate with AD over VPN and before going out to surfe web throught their local ISP would need go through content filtering in the HQ on ASA.

In that case all the Internet traffic from remote site would need to go out through the ISP in HQ?

Another solution is to implement Content Filtering with TrendMicro on 800 routers in each site but the license wise it would be very expensive for 60+ sites.

Thanks for any suggestions.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Centralized Content Filtering with ASA

So from what you are saying you will have the ASA terminate your VPN for remote users and then you want the ASA with its CSC to do URL filtering based on AD.

Well that would work only if all your web traffic from your users was hitting the ASA (U-turning it). If you are doing split tunneling for web it will not work because the ASA doesn't see the browsing traffic.

I hope it makes sense.

PK

Cisco Employee

Re: Centralized Content Filtering with ASA

Haha, thanks!

Good luck setting it up,

PK

3 REPLIES
Cisco Employee

Re: Centralized Content Filtering with ASA

So from what you are saying you will have the ASA terminate your VPN for remote users and then you want the ASA with its CSC to do URL filtering based on AD.

Well that would work only if all your web traffic from your users was hitting the ASA (U-turning it). If you are doing split tunneling for web it will not work because the ASA doesn't see the browsing traffic.

I hope it makes sense.

PK

New Member

Re: Centralized Content Filtering with ASA

It makes sense. All the web traffic from the remote office will need to go through ASA in HQ to take full advantage of CSC. Thanks very much for your input, I am going to reward you with some points.

Cisco Employee

Re: Centralized Content Filtering with ASA

Haha, thanks!

Good luck setting it up,

PK

293
Views
0
Helpful
3
Replies
CreatePlease login to create content