Best practice for setting IE proxy settings

We have 3 vpns terminating on 3 different cisco ASAs and i want to have each vpn client use a different non-cisco web-proxy server.  I was looking at simply adding a GPO entry that set the proxy and limit the scope of the GPO by the active IP address of the client but AD's GPO doesn't support that setting.  I am open to using wpad with a pac file but would rather not incur the overhead and security issues.  We tried using the cisco vpn client to set the proxy setting but since users are authenticating the vpn connection before logging into their laptop, those client proxy settings get ignored.  What is the best way for pushing out proxy settings?
Cisco VPN Client A                                                                                     Cisco VPN Client B
172.16.1.100 ->ASA->NYC proxy-----Company Net--------LA proxy<-ASA<-172.16.10.100
sysadmin-eeAsked:
Who is Participating?
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
See

Defining / Locking and Managing Proxy Settings
http://www.petenetlive.com/KB/Article/0000181.htm

Pete
0
 
mlarivieCommented:
You can create a GPO reflecting the config- after logon you can issue a gpupdate /force /boot which would cache the new policy changes without the user needing a layer 2 link at boot time for the 'applying security settings..' piece on the following restarts
0
 
sysadmin-eeAuthor Commented:
Yep, i tried that but found I couldn't target just the remote users that way.  I want to get just the users who are coming in on the VPN, not those in the LA branch office.  I do have an OU containing all the regional machines.  I just don't know when they will be working remotely or not.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
mlarivieCommented:
What your looking for is features found in Network Policy Server found in Routing and Remote Access 2008 that ties into RADIUS authentication but I just became familiar with it a few weeks back and can't be much further help. Have you explored the option of a transparent proxy from each originating subnet?
0
 
sysadmin-eeAuthor Commented:
Very nice article. That brought it all together for me.
0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.