Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

Cisco Anyconnect, WSA, WCCP

It is no surprise that filtering your Anyconnect clients with the WSA when the WCCP router is the ASA is not doable. I am trying to figure out what people are doing to filter their remote clients? Does WSA have a remote client that can be installed on remote laptops and some kind of a vm appliance to stick in the DMZ for remote clients to proxy before hitting the internet?

4 REPLIES

You have a few options:If you

You have a few options:

If you want to force their web connection through the WSA when Anyconnect is connected, you can depoly an Anyconnect config file to the ASA and in that file, set them to explicitly hit the WSA (eg ASA will set the Proxy options in IE/Tools/Internet Options/Connections.)  You DON"T have to use a seperate VM/box (you can do it either way).  If you upload the PKG file for the Anyconnect client to the ASA, you should be able to modify the profile there.  There's also a standalone profile editor available that you can use to create the XML and then upload that to the ASA.  On connection the Anyconnect client downloads it and gets configured.

 

If you want them filtered when NOT connected, you can get the Cisco Web Security service and deploy the AnyConnect Web Security msi (also doable from the ASA), and the laptop is covered.  Regrettably you can't point this at a VM or box in your own DMZ...

 

Ken

 

 

New Member

Do I have to deploy the WSA's

Do I have to deploy the WSA's as a proxy then? I want to essentially eliminate the proxy functionality in my network.

I am not familiar with deploying config files with anyconnect, can you direct me to some cisco documentation?

 

The explicit functionality is

The explicit functionality is always there, even if you're using transparent... so internally you can just use WCCP and be done with it, and only use the explicit proxy for the AnyConnect users.

 

Configing Anyconnect (as well as depolying the config file) is covered here:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac02asaconfig.html

 

 

Cisco Employee

Hi Steven, You could try the

Hi Steven,

 

You could try the Cloud based Web Security solution for remote users as well :

 

http://www.cisco.com/en/US/docs/solutions/CVD/Dec2013/CVD-CloudWebSecurityUsingCiscoAnyConnectDesignGuide-DEC13.pdf

 

Regards,

Sagar Kadambi.

499
Views
0
Helpful
4
Replies
CreatePlease to create content