Cisco Cisco Web Security Appliance S690 Guía Del Usuario
Cisco AnyConnect Secure Mobility Solution Guide
Configuring AnyConnect Secure Mobility
16
Cisco AnyConnect Secure Mobility Solution Guide
Note
Version 8.3 of the ASA can only use WCCP to redirect web traffic when the traffic
enters the ASA on the same interface where WCCP is enabled. However, the
AnyConnect client traffic does not enter the ASA on the same interface where
WCCP is enabled (which is the same interface connected to the WSA). To work
around this, you must connect a router off the WCCP enabled interface to direct
all traffic to the router and then return it to the ASA on the WCCP enabled
interface. This allows the ASA to use WCCP to redirect web traffic to the WSA
for scanning. In
enters the ASA on the same interface where WCCP is enabled. However, the
AnyConnect client traffic does not enter the ASA on the same interface where
WCCP is enabled (which is the same interface connected to the WSA). To work
around this, you must connect a router off the WCCP enabled interface to direct
all traffic to the router and then return it to the ASA on the WCCP enabled
interface. This allows the ASA to use WCCP to redirect web traffic to the WSA
for scanning. In
, Router A returns all traffic back to the ASA on the same
interface as the WSA, the inside interface.
Note
When using this architecture with the Web Security appliance proxy bypass list
feature, only local users are able to successfully reach websites listed in the proxy
bypass list. When a remote user tries to access a website listed in the proxy bypass
list, the connection fails.
feature, only local users are able to successfully reach websites listed in the proxy
bypass list. When a remote user tries to access a website listed in the proxy bypass
list, the connection fails.
Configuring AnyConnect Secure Mobility
To achieve secure mobility for users connecting to the network using VPN, you
must configure the following products:
must configure the following products:
•
Cisco IronPort Web Security appliance. For more information, see
.
•
Cisco adaptive security appliance. For more information, see
.
•
Cisco AnyConnect secure mobility client. For more information, see
To integrate a Web Security appliance and an adaptive security appliance, you
need the following information:
need the following information:
•
IP address for each adaptive security appliance
•
Port number of each adaptive security appliance
•
IP address for each Web Security appliance
•
Port number of each Web Security appliance