Symantec tested and validated that Cisco® router devices are able to forward web traffic to the Web Security Service for policy checks and malware scanning. The following procedure demonstrates the pre-shared secret method, which requires a unique gateway IP address (no NAT-T).
This procedure provides a guideline configuration that you can apply to the above model or other Cisco models. It is likely that you have an existing Cisco device configured in your network; therefore, slight alterations to the existing deployment might be required.
Note: Symantec has seen outages occur if the Phase 2 Timeout value is set to longer than four (4) hours. If the current setting is less than four hours, you can leave that value. Otherwise, adjust the time. The screenshots in the following procedure might not reflect this advisory.
This procedure assumes that the Cisco ASA device is already configured with the inside interface or group object with multiple inside interfaces and an outside interface that will communicate with the Web Security Service.
To verify the IPsec site-to-site tunnel connection, select Monitoring > VPN > VPN Statistics > Sessions.