Redirect all traffic from remote to central site

[lvjjj]

Hi all,

Would you please give me some advices or point me to any documents for my situation:

I have a 501 pix at the remote site and 515E pix at central site. They are site to site vpn. Now I have a web filter appliance that locating at Central site. I would like to have all remote traffic must go through the web filter appliance before hit internet. I do some google researches but no luck. Can you help.

Thanks

lvjjj

 

[lvjjj]

Sorry for this but I would like to have all http request from remote site will be redirect into Central site, not all traffic.

Thanks

lvjjj

 

[NetworkGhost]

How is traffic being filtered? By proxy?

http://www.wr-mem.com

 

[lvjjj]

Thank NetworkGhost,

We do have a web filter appliance from Barracuda. This appliance will be located at our central site. There is URL filter option at PIX and ASA. However, it seems just support for Websense and SecureComputing.In the real situation,There are 23 remote sites. We would like to have all http/https traffic will be redirected to central site.

Thanks for help.

lvjjj

 

[NetworkGhost]

So how do you plan on getting the traffic to the Barracuda device? Can you use it as a proxy? If no the Barracuda would have to be inline to the traffic which doesnt seem possible at this point.

http://www.wr-mem.com

 

[lvjjj]

Yes, NetworkGhost. I think I will use it as a proxy otherwise I have no clue. My boss get that device and then ask me to configure it. I will get that device in 2 days. I am still doing some researches from google and Barracuda website.

Again, thank you vey much for your help.

Regards,

lvjjj

 

[NetworkGhost]

You will need to make sure your VPN match ACL defines port 80 traffic destined for the proxy will travel through the tunnel. You may also want to lock down the access-list on the inside interface to allow just web traffic to the proxy.

In Active Directory you can push proxy settings to the users. If they are using a different browser you will have to have them configure manually.

http://www.wr-mem.com

 

[lvjjj]

Thanks NetworkGhost for helpfull advices. I will update all info to this topic.

Thanks again.

Best regards,

lvjjj

 

[lvjjj]

NetworkGhost,

I think I will use port forwarding to forward port 80 and 443. Will update.

Regards,

lvjjj

 

[fakrul]

I have the following connectivity.
PIX A, PIX B and PIX C is connected to internet. There is a VPN tunnel from PIX A to PIX B and another tunnel from PIX B to PIX C. VPN tunnels are configured and from A-PIX network I can access B-PIX local network. Is it possible to send all traffic to B-PIX. I mean if any user from A-PIX like to browse internet there all traffic will go through to B-PIX. Beside this is it also possible to share the tunnel created in B-PIX. I mean can I access C-PIX network from A-PIX via B-PIX without configuring anything in A-PIX.

 

[lvjjj]

Fakrul,

I think you must add a route @ PIXA from PIXA to PIXC but next hop will be PIXB.

Regards,

lvjjj