?
Solved

Route web traffic through VPN tunnel?

Posted on 2010-01-05
6
Medium Priority
?
2,122 Views
Last Modified: 2013-11-16
Let me explain our setup briefly before I ask the question fully:

We have our corporate office set up with our PDC, Exchange Server, SQL Server, etc.  We also have a Web Filter set up here, specifically a Barracuda appliance.  We have 11 satellite locations that we are running into issues with their web browsing and the sites in which they visit.  Each of these locations have a VPN tunnel with an ASA or a Sonicwall connecting back to the corporate office.  This is basically just being used for email and file shares on the servers at the corporate office.  However, we are thinking about routing web traffic through the VPN tunnel to use the Barracuda as a filter.

Can this be done?  What would we have to do in terms of configuration?  Would it use the bandwidth from the corporate office to surf the web or would it just send the request to the Barracuda and then go out through the WAN on the local site?

If anyone has done this and could provide any insight it would be appreciated.

Or, if there is a better way to accomplish this in a better manner feel free to provide info.
0
Comment
Question by:rcooper83
  • 3
  • 2
6 Comments
 
LVL 11

Accepted Solution

by:
ICaldwell earned 2000 total points
ID: 26186849
I don't know the configuration setup on it but if you set it up, that would mean all traffic would come to your main office and then back out to the internet.... If someone downloads a file from the remote office at say 1 Mbit/s, that would mean that your internet connection would take 1 MBits/s down  to your Barracuda filter, then another 1 MBit/s over the VPN... Total requirement of 2 MBit/s would be used on the corp internet connection... it would not use the remote sites internet connection to get out since Barracuda would be your connection to the internet and it uses the corporate office..  It is a better way to manage internet restrictions since its all at the corporate office but you need to have a sufficient internet connection at corp for this....

Your current setup is probably like this

Remote site -> Internet
Remote site -> vpn -> corporate server

You would be changing it to this:

Remote site -> vpn -> Barracuda -> internet
Remote site -> vpn -> corporate server


If you are looking to reduce bandwidth you can install caching appliances at the remote site to cache outlook, word files, internet connections, etc...  This is a hardware device which can be very useful....
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 26189779
The configuration changes you would have to do is to make your default routing, to get to the Internet etc, go through the site to site tunnel to the corporate side vs going to the local router. Same with DNS.
0
 
LVL 1

Author Comment

by:rcooper83
ID: 26189964
So basically you are saying that it would eat up the bandwidth at the corporate office for internet browsing from the co-locations.

Remote site -> vpn -> Barracuda -> internet
Remote site -> vpn -> corporate server

That set up would require more bandwidth at the corporate location due to all of the traffic coming from the other co-locations.

So as opposed to that, is there a software option that we could roll out company wide that would prevent web browsing to unauthorized sites?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 11

Expert Comment

by:ICaldwell
ID: 26190043
Yes, that would eat up more bandwidth at the corporate office.... if you would like each location to route their own internet traffic then you would need to setup filters at each location....  

You could setup a Proxy server if you want which a slightly cheaper or free solution you can do that...  Basically need the same thing as Barracuda at each location...
0
 
LVL 1

Author Comment

by:rcooper83
ID: 26197060
Does the ASA 5505 have web filtering capabilities?  What do you know about Fortinet?
0
 
LVL 11

Expert Comment

by:ICaldwell
ID: 26197357
It looks like the next model up... ASA 5510 has the URL filtering but the 5505 does not have it

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

I have not used Fortinet
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
If you are like me and like multiple layers of protection, read on!
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question