We have a LAN/WAN environment that comes back to a central location and then goes out to the Internet via our Cisco ASA 5510 Firewall/VPN device. Our VPN users connect to the ASA and then traffic goes either in to the LAN our out to the Internet. We are using several vlans/subnet of 10.2.x.0/24. The VPN users get 10.2.13.0/24.
We recently installed a Barracuda webfilter inline between my last router and firewall. So all internal traffic goes thru it before it gets to the Internet and therefor is filtered per the Barracuda's settings. VPN users however connect to the firewall directly so all their internet traffic is going straight out to the Internet without being filtered.
How can I create a route that would take all VPN users (10.2.13.0/24) and force them into the LAN before going out to the internet therefor forcing them thru the Barracuda. I was thinking I could create a static route that would route all 10.2.13.0/24 traffic to the router just inside the Barracuda and then that router would send it on correctly. I am however not sure the syntax or sure that will work. The 2 issues I can see are 1. Once the traffic starts flowing, would the ASA learn that the VPN user was directly connected and not send the traffic in? (I dont' think so with a staic route) and 2. Would that cause a loop where the ASA sends the traffic in and the router sends it back to the ASA, which in turn sends in back to the router and it never gets to the Internet?