Route web traffic through VPN tunnel?

Let me explain our setup briefly before I ask the question fully:

We have our corporate office set up with our PDC, Exchange Server, SQL Server, etc.  We also have a Web Filter set up here, specifically a Barracuda appliance.  We have 11 satellite locations that we are running into issues with their web browsing and the sites in which they visit.  Each of these locations have a VPN tunnel with an ASA or a Sonicwall connecting back to the corporate office.  This is basically just being used for email and file shares on the servers at the corporate office.  However, we are thinking about routing web traffic through the VPN tunnel to use the Barracuda as a filter.

Can this be done?  What would we have to do in terms of configuration?  Would it use the bandwidth from the corporate office to surf the web or would it just send the request to the Barracuda and then go out through the WAN on the local site?

If anyone has done this and could provide any insight it would be appreciated.

Or, if there is a better way to accomplish this in a better manner feel free to provide info.
LVL 1
rcooper83Asked:
Who is Participating?
 
ICaldwellConnect With a Mentor Commented:
I don't know the configuration setup on it but if you set it up, that would mean all traffic would come to your main office and then back out to the internet.... If someone downloads a file from the remote office at say 1 Mbit/s, that would mean that your internet connection would take 1 MBits/s down  to your Barracuda filter, then another 1 MBit/s over the VPN... Total requirement of 2 MBit/s would be used on the corp internet connection... it would not use the remote sites internet connection to get out since Barracuda would be your connection to the internet and it uses the corporate office..  It is a better way to manage internet restrictions since its all at the corporate office but you need to have a sufficient internet connection at corp for this....

Your current setup is probably like this

Remote site -> Internet
Remote site -> vpn -> corporate server

You would be changing it to this:

Remote site -> vpn -> Barracuda -> internet
Remote site -> vpn -> corporate server


If you are looking to reduce bandwidth you can install caching appliances at the remote site to cache outlook, word files, internet connections, etc...  This is a hardware device which can be very useful....
0
 
Rick_O_ShayCommented:
The configuration changes you would have to do is to make your default routing, to get to the Internet etc, go through the site to site tunnel to the corporate side vs going to the local router. Same with DNS.
0
 
rcooper83Author Commented:
So basically you are saying that it would eat up the bandwidth at the corporate office for internet browsing from the co-locations.

Remote site -> vpn -> Barracuda -> internet
Remote site -> vpn -> corporate server

That set up would require more bandwidth at the corporate location due to all of the traffic coming from the other co-locations.

So as opposed to that, is there a software option that we could roll out company wide that would prevent web browsing to unauthorized sites?
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
ICaldwellCommented:
Yes, that would eat up more bandwidth at the corporate office.... if you would like each location to route their own internet traffic then you would need to setup filters at each location....  

You could setup a Proxy server if you want which a slightly cheaper or free solution you can do that...  Basically need the same thing as Barracuda at each location...
0
 
rcooper83Author Commented:
Does the ASA 5505 have web filtering capabilities?  What do you know about Fortinet?
0
 
ICaldwellCommented:
It looks like the next model up... ASA 5510 has the URL filtering but the 5505 does not have it

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

I have not used Fortinet
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.