We have 3 vpns terminating on 3 different cisco ASAs and i want to have each vpn client use a different non-cisco web-proxy server. I was looking at simply adding a GPO entry that set the proxy and limit the scope of the GPO by the active IP address of the client but AD's GPO doesn't support that setting. I am open to using wpad with a pac file but would rather not incur the overhead and security issues. We tried using the cisco vpn client to set the proxy setting but since users are authenticating the vpn connection before logging into their laptop, those client proxy settings get ignored. What is the best way for pushing out proxy settings?
Cisco VPN Client A Cisco VPN Client B
172.16.1.100 ->ASA->NYC proxy-----Company Net--------LA proxy<-ASA<-172.16.10.100