Hello, We're looking to set up VPN's, and we already have a few in place, but our dilema is that we want to force the remote end to do all their internet access/browsing through us, and take advantage of our tracking, logging, firewall, etc. We have a 3005 on our end, and our two sites so far have a PIX 506 and a 1720. Both of these sites go out their own connection for internet access, and everything else goes though us (so this is essnetially split-tunneling) but that is not what we want. We are looking into the 3002 for some of our smaller sites. Can you hook up the 3002 and 3005 so that all the remote users (on the 3002 end) have to go out our internet connection for web access? I would think there has to be a way to make this work (via the 3002 or something else) to take advantage of centralized montioring & tracking. Let me know your thoughts!
Why not change your access lists (used for ipsec)in your pix and 1720 which captures interesting packets to your head office, so that the access lists capture every packet to tunnel them to your 3005. I don't know your how you positioned your 3005 and fw in your head office. According to your setup you may have to change the default gateway of tunneled traffic to your fw( if it is has to be different from the default gateway)
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...