I guess a little more info is in order. Our VPN is a hardware (over the internet) VPN. Not a dedicated WAN. So the remote gateway of the ASA has to be the ISP's gateway in order to find the main office. If it was a WAN connection there wouldn't be any issues to begin with. So I can't route all traffic without breaking my connection to the internet. I did finally figure out that the barracuda will work as a proxy, I just have to point the client to port 8080. I've looked at squid in the past and will have to use it if my client base grows more, but if that happens there are other things that will have to change to so it will probably be irrelevant anyway.
Thanks Niles -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, May 21, 2009 10:42 AM To: NT System Admin Issues Subject: Re: Cheap/Free Simple Web Proxy Server? On Thu, May 21, 2009 at 9:16 AM, N Parr <[email protected]> wrote: > I have a few pc's at a remote location connected via hardware VPN with > our ASA's. I want to set up a simple software proxy on a VM and > direct their browsing to it so they have to pass through our Barracuda > at the main office for Web filtering. In that scenario, I'd agree with what others have said -- why not just route *all* traffic over the VPN? That way you've got just one firewall, at HQ, you have to worry about. Is there some traffic you don't want traversing the VPN? I'd also agree that in this scenario, you don't need a web proxy at the remote site just for access control -- you can just as easily point IE to use your Barracuda at HQ as a local proxy. The one thing I'd put a proxy at the remote site for is for caching at the remote site, so that frequently-requested pages/objects don't make the trip over the VPN as often. For that, Squid is free and works well. Configuration can be as complex as you want to make it, but for a simple forwarding cache with no access control or authentication, it's only a few lines in the config file. I could post an example if you like. --- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
