Jump to content


Photo

Inline Web Filter and IPsec site to site VPN

vpn ipsec web filter

  • Please log in to reply
2 replies to this topic

#1 Information Technology

Information Technology
  • Members
  • 2 posts

Posted 03 February 2015 - 04:39 PM

Hello,

 

We have a web filter 410 configured inline between our core switch at our main office and an ASA firewall. That is:

 

Core Switch (layer 3 port) -> Barracuda Web Filter (LAN Port) -> Barracuda Web Filter (WAN Port) -> Cisco ASA Fire wall (Inside port) 

 

I have setup an IPSEC site to site vpn using Cisco ASAs. There is no web filter at the remote site. The problem I am having is that I am unable to use http traffic to access the webpages of cameras, phones, and copiers at the site.

 

I can ping all the addresses and if the device uses another port besides port 80, I can access it. However, I cannot contact any device on port 80. I get a "No route to host" error when I try.

 

I have added all the internal network addresses as static routes and have even tried adding the remote site network with the gateway address as the inside port of the main office ASA but with no luck.

 

I am not sure how to get this working. Any tips you can provide would be helpful.

 

Thanks!

 

Jeff



#2 Chris

Chris
  • Members
  • 1 posts

Posted 02 October 2015 - 02:40 PM

Hopefully you figured this one out already but here's what we found.

 

Adding the LAN IP address of the Barracuda into the VPN tunnel configuration (ACL and no NAT) resolved this issue for us.  Hope this helps! 

 

-Chris



#3 Robert Czymoch

Robert Czymoch
  • Members
  • 59 posts

Posted 15 October 2015 - 10:40 AM

You could have also added the IP network of the remote site to the IP exemptions of the Webfilter.