Websense through a PIX to PIX vpn connection

Discussion in 'Cisco' started by David Musashi, Oct 21, 2004.

  1. We are trying to set up Websense on our network for internet
    filtering. We have it up and running in our central location and it
    works with out flaw. However, we are now starting to work on our
    external locations (that are connected to the central location VIA Pix
    to Pix VPN connections) and are not having any success getting it to
    work. I'm rather sure that I have the external PIX configured
    correctly however if I do a sho url-server stat it shows the URL
    Server Status as DOWN. I think that it might be some kind of routing
    issue but I'm not a cisco guy. Had these routers configured by a 3rd
    party company that is now out of business so all of a sudden I'm in
    charge of them. Thanks in advance for anyhelp you can give.
     
    David Musashi, Oct 21, 2004
    #1
    1. Advertising

  2. David Musashi

    Rik Bain Guest

    David Musashi wrote:
    > We are trying to set up Websense on our network for internet
    > filtering. We have it up and running in our central location and it
    > works with out flaw. However, we are now starting to work on our
    > external locations (that are connected to the central location VIA Pix
    > to Pix VPN connections) and are not having any success getting it to
    > work. I'm rather sure that I have the external PIX configured
    > correctly however if I do a sho url-server stat it shows the URL
    > Server Status as DOWN. I think that it might be some kind of routing
    > issue but I'm not a cisco guy. Had these routers configured by a 3rd
    > party company that is now out of business so all of a sudden I'm in
    > charge of them. Thanks in advance for anyhelp you can give.


    If you are trying to use the websense server over the ipsec tunnel, then
    you need to be sure to include the traffic in the vpn tunnel config
    (the source will be the remote pix ip address).

    For example, you will need a line in your crypto match address that
    includes the remote pix outside ip address to the websense server (or
    lan) and vice versa on the central.

    Rik Bain
     
    Rik Bain, Oct 21, 2004
    #2
    1. Advertising

  3. David Musashi

    an admin too Guest

    "David Musashi" <> wrote in message
    news:...
    > We are trying to set up Websense on our network for internet
    > filtering. We have it up and running in our central location and it
    > works with out flaw. However, we are now starting to work on our
    > external locations (that are connected to the central location VIA Pix
    > to Pix VPN connections) and are not having any success getting it to
    > work. I'm rather sure that I have the external PIX configured
    > correctly however if I do a sho url-server stat it shows the URL
    > Server Status as DOWN. I think that it might be some kind of routing
    > issue but I'm not a cisco guy. Had these routers configured by a 3rd
    > party company that is now out of business so all of a sudden I'm in
    > charge of them. Thanks in advance for anyhelp you can give.


    Found this in a google search. I hope it helps.

    Message 3 in thread
    From: mcaissie (mcaissie @ sympatico . ca)
    Subject: Re: PIX VPN and URL Server (Websense)


    View this article only
    Newsgroups: comp.dcom.sys.cisco
    Date: 2003-04-03 07:10:16 PST


    The websense requests are issued by the outside interface , so they don't
    go through the VPN.

    You can create a static translation at the main site and permit your
    three PIX outsides adresses to
    access the websense tcp port on this address .

    And configure the url_server command in your three PIX to call this
    translated address
    url-server (outside) vendor websense host [main translation] timeout 5
    protocol TCP version 1
     
    an admin too, Oct 21, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Roland
    Replies:
    3
    Views:
    704
    Roland
    Jan 21, 2004
  2. Alfonso Deo
    Replies:
    1
    Views:
    4,695
    Erik Tamminga
    Apr 30, 2004
  3. John McNamara

    Pix and WebSense

    John McNamara, Jul 21, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,170
    admin too
    Jul 21, 2004
  4. moreno

    Pix & Websense enviroment...

    moreno, Mar 31, 2006, in forum: Cisco
    Replies:
    0
    Views:
    452
    moreno
    Mar 31, 2006
  5. ronboose
    Replies:
    0
    Views:
    2,482
    ronboose
    Nov 20, 2008
Loading...

Share This Page