VPN remote site tunnel-all with web and email filtering at core
I'm helping a client setup a 'tunnel-all' VPN from remotes to the core. That's not difficult - there's enough commentary in the community and I can set it up in the lab. The rub comes with the location of the web filter box in particular - it's currently in-line with the inside interface of the ASA.
What does the topology for a typical tunnel-all VPN with web filtering at the core look like? Can't put my hands on any quickly.
We only have one ISP conn at this time. I have a layer-3 switch at the core too.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...