ASA CX remote proxy with local Internet traffic to go out
I am designing site-to-site VPN with ASAs 5512-X. The main site will have ASA with CX web and apps filtering and AD based users authenticating and the ASA CX. The remote site users are AD based users as well and talking to AD server in the main site over VPN.
What I want to achieve is that remote AD users are web filtered on the ASA CX in the main site (the remote site ASA CX will not have the license) but the Internet traffic will go out locally on the remote site - without the whole traffic flowing between the sites back and forward but only CX authentication for web and apps security. Is that possible at all?
I know you can easily achieve remote site CX authentication with the Internet traffic going out on the main site. The scenario with the remote site traffic going first to the main site (over VPN), coming back to the remote site and coming out of the local Internet connection on the remote site does not make much sense but it would be very interesting if on the remote site I could do remote proxy for authentication (ASA CX main site) but the Internet traffic would not cross the VPN but would be locally routed.
In case this is possible with ASA in the remote site would it also be possible with a router in the remote site?
Please advise Marvin and hopefully you can get back to me very soon.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :