Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN solution needed

We are going to be setting up a remote access VPN to a Cisco ASA 5505, once connected to the VPN the internet traffic from the client will then go back out to the internet from the ASA (for web browsing), but Is there anyway to force the traffic through an AV server at the head office site before the traffic goes back out to the internet?


Re: VPN solution needed

Yes it is possible to enable global nat for vpn client and forcing their internet bound traffic via the FW itself, while be connected via VPN client.

nat (outside) 1

Let assume, that "" your vpn client IP pool, so your VPN client will be able to access internet bound traffic via your FW.

I hope that helps.


Rizwan Rafeek

New Member

Re: VPN solution needed

No its doesnt help, I need to know how I can send the traffic to the AV server before the traffic is sent out to the itnernet.

Re: VPN solution needed

Create a span port on the switch that FW outside interface connected to.

I cannot provide you 100% config solution to work with third party AV application, this is the way to go, as far as Cisco ASA config it concern.


Hall of Fame Super Silver

VPN solution needed

If your 3rd party AV server supports WCCP, that would be the solution. The ASA will redirect your clients to the external WCCP device (e.g., Ironport WSA, Bluecoat Proxy SG, etc.) prior to allowing them to access the Internet.

See here for WCCP configuration details.

VPN solution needed

I concur with Marvin. WCCP is the way to go. Spanning a port just copies the traffic passes via ASA outside interface but does not pass the traffic thru the AV server.