We have a remote site that uses a PIX 501 to VPN to Core resources (PIX 515 in core). It also split tunnel's to the Internet. We have WebSense in our Core network, and would like to use this filtering service to protect this site. Has anyone implemented this scenario, what kind of delay does it introduce to web-browsing, and can the PIX "see" the WebSense server across the VPN tunnel (using the Inside interface, Outside interface, or ????)
I have done this exact thing in the past. It can work but in some cases will impose significant browsing lag. The way to go now is to use ACNS on a router or an ASA equipped with a CSC-SSM to run the Websense engine locally at the banch site. This might only open up new challenges in the way of integrating the branch websense engines into AD etc., but it's worth exploring IMO.
We have no plans to purchase ASA or router gear, so need to utilize the PIX 501. We do have a limited amount of the WebSense remote client licenses, but want to use them on individual laptops/VPN clients. This site and one other have 10-20 clients. Do you have the pertinant configuration lines that I could look through? I think I know it all but confirmation never hurts. Thanks!
I am trying to get internet access to the remote site via main site both having ASAs. Remote site is connected to the main site ASA DMZ interface via public network. I have configured VPN tunnel for traffic between Main site internal network to remote site internal network.
Please advise me how to configure split tunnel to access internet for remote site users via main site.
We have used content filtering in remote site using N2h2 server at main office. It slight slows down the Internet access as for every request the internet request will have to contact url filtering server.
I suggest not to use split tunneling and move internet traffic over vpn tunnel and access it through main office Internet gateway
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...