Websense through a PIX to PIX vpn connection

Discussion started by David Musashi, Oct 21, 2004.

  1. We are trying to set up Websense on our network for internet
    filtering. We have it up and running in our central location and it
    works with out flaw. However, we are now starting to work on our
    external locations (that are connected to the central location VIA Pix
    to Pix VPN connections) and are not having any success getting it to
    work. I'm rather sure that I have the external PIX configured
    correctly however if I do a sho url-server stat it shows the URL
    Server Status as DOWN. I think that it might be some kind of routing
    issue but I'm not a cisco guy. Had these routers configured by a 3rd
    party company that is now out of business so all of a sudden I'm in
    charge of them. Thanks in advance for anyhelp you can give.
    David Musashi, Oct 21, 2004
  2. David Musashi

    Rik Bain Guest

    If you are trying to use the websense server over the ipsec tunnel, then
    you need to be sure to include the traffic in the vpn tunnel config
    (the source will be the remote pix ip address).

    For example, you will need a line in your crypto match address that
    includes the remote pix outside ip address to the websense server (or
    lan) and vice versa on the central.

    Rik Bain
    Rik Bain, Oct 21, 2004
  3. David Musashi

    an admin too Guest

    Found this in a google search. I hope it helps.

    Message 3 in thread
    From: mcaissie (mcaissie @ sympatico . ca)
    Subject: Re: PIX VPN and URL Server (Websense)

    
    
    Date: 2003-04-03

    The websense requests are issued by the outside interface , so they don't
    go through the VPN.

    You can create a static translation at the main site and permit your
    three PIX outsides adresses to
    access the websense tcp port on this address .

    And configure the url_server command in your three PIX to call this
    translated address
    url-server (outside) vendor websense host [main translation] timeout 5
    protocol TCP version 1
    an admin too, Oct 21, 2004
