Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Best practice for setting IE proxy settings

Posted on 2010-11-18
6
Medium Priority
?
1,757 Views
Last Modified: 2012-05-10
We have 3 vpns terminating on 3 different cisco ASAs and i want to have each vpn client use a different non-cisco web-proxy server.  I was looking at simply adding a GPO entry that set the proxy and limit the scope of the GPO by the active IP address of the client but AD's GPO doesn't support that setting.  I am open to using wpad with a pac file but would rather not incur the overhead and security issues.  We tried using the cisco vpn client to set the proxy setting but since users are authenticating the vpn connection before logging into their laptop, those client proxy settings get ignored.  What is the best way for pushing out proxy settings?
Cisco VPN Client A                                                                                     Cisco VPN Client B
172.16.1.100 ->ASA->NYC proxy-----Company Net--------LA proxy<-ASA<-172.16.10.100
0
Comment
Question by:sysadmin-ee
  • 2
  • 2
  • 2
6 Comments
 
LVL 2

Expert Comment

by:mlarivie
ID: 34169367
You can create a GPO reflecting the config- after logon you can issue a gpupdate /force /boot which would cache the new policy changes without the user needing a layer 2 link at boot time for the 'applying security settings..' piece on the following restarts
0
 

Author Comment

by:sysadmin-ee
ID: 34169595
Yep, i tried that but found I couldn't target just the remote users that way.  I want to get just the users who are coming in on the VPN, not those in the LA branch office.  I do have an OU containing all the regional machines.  I just don't know when they will be working remotely or not.
0
 
LVL 2

Expert Comment

by:mlarivie
ID: 34169627
What your looking for is features found in Network Policy Server found in Routing and Remote Access 2008 that ties into RADIUS authentication but I just became familiar with it a few weeks back and can't be much further help. Have you explored the option of a transparent proxy from each originating subnet?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 58

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 34189375
See

Defining / Locking and Managing Proxy Settings
http://www.petenetlive.com/KB/Article/0000181.htm

Pete
0
 

Author Closing Comment

by:sysadmin-ee
ID: 34190160
Very nice article. That brought it all together for me.
0
 
LVL 58

Expert Comment

by:Pete Long
ID: 34194598
ThanQ
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question