Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Forcing web browsing traffic through VPN tunnel to main office Websense ser

I have a customer using a PIX515 with Websense for Internet filtering. They are firing up a remote location where we will be installing a PIX 501 to create a VPN tunnel between the two sites. A big requirement of this project is that all web traffic from the remote office must be filtered by the websense server. Is this possible? How would I accomplish this?

4 REPLIES
New Member

Re: Forcing web browsing traffic through VPN tunnel to main offi

Split tunneling. Turn it off. That's my understanding of how to do it.

New Member

Re: Forcing web browsing traffic through VPN tunnel to main offi

How do you disable split tunneling on a Cisco 1710?

New Member

Re: Forcing web browsing traffic through VPN tunnel to main offi

What about setting the default route out the peer address? Except all traffic would be routed through the tunnel. Not sure how to route by port only.

New Member

Re: Forcing web browsing traffic through VPN tunnel to main offi

It would not work with your current setup because your http traffic from remote office needs to be filtered at your headquarters. So the headquarters pix would need to see traffic coming from the inside going out.

I have set up a client with multiple sites with the same situation you have.

Here is what needs to be done. Don't know if there is a better way, but this works.

You need two routers on the inside of both networks. You will create a Gre tunnel encapsulated with IPSEC between the two routers. The routers will now become your default gateway for pc's at the respected sites.

Your remote site router will need a default route to your headquarters router, were the headquarters router will then route all traffic through it's pix and therefor websense will filter the content.

325
Views
0
Helpful
4
Replies
CreatePlease to create content