Solved

Best practice for setting IE proxy settings

Posted on 2010-11-18
6
1,727 Views
Last Modified: 2012-05-10
We have 3 vpns terminating on 3 different cisco ASAs and i want to have each vpn client use a different non-cisco web-proxy server.  I was looking at simply adding a GPO entry that set the proxy and limit the scope of the GPO by the active IP address of the client but AD's GPO doesn't support that setting.  I am open to using wpad with a pac file but would rather not incur the overhead and security issues.  We tried using the cisco vpn client to set the proxy setting but since users are authenticating the vpn connection before logging into their laptop, those client proxy settings get ignored.  What is the best way for pushing out proxy settings?
Cisco VPN Client A                                                                                     Cisco VPN Client B
172.16.1.100 ->ASA->NYC proxy-----Company Net--------LA proxy<-ASA<-172.16.10.100
0
Comment
Question by:sysadmin-ee
  • 2
  • 2
  • 2
6 Comments
 
LVL 2

Expert Comment

by:mlarivie
ID: 34169367
You can create a GPO reflecting the config- after logon you can issue a gpupdate /force /boot which would cache the new policy changes without the user needing a layer 2 link at boot time for the 'applying security settings..' piece on the following restarts
0
 

Author Comment

by:sysadmin-ee
ID: 34169595
Yep, i tried that but found I couldn't target just the remote users that way.  I want to get just the users who are coming in on the VPN, not those in the LA branch office.  I do have an OU containing all the regional machines.  I just don't know when they will be working remotely or not.
0
 
LVL 2

Expert Comment

by:mlarivie
ID: 34169627
What your looking for is features found in Network Policy Server found in Routing and Remote Access 2008 that ties into RADIUS authentication but I just became familiar with it a few weeks back and can't be much further help. Have you explored the option of a transparent proxy from each originating subnet?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 34189375
See

Defining / Locking and Managing Proxy Settings
http://www.petenetlive.com/KB/Article/0000181.htm

Pete
0
 

Author Closing Comment

by:sysadmin-ee
ID: 34190160
Very nice article. That brought it all together for me.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 34194598
ThanQ
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now