Solved

Best practice for setting IE proxy settings

Posted on 2010-11-18
6
1,732 Views
Last Modified: 2012-05-10
We have 3 vpns terminating on 3 different cisco ASAs and i want to have each vpn client use a different non-cisco web-proxy server.  I was looking at simply adding a GPO entry that set the proxy and limit the scope of the GPO by the active IP address of the client but AD's GPO doesn't support that setting.  I am open to using wpad with a pac file but would rather not incur the overhead and security issues.  We tried using the cisco vpn client to set the proxy setting but since users are authenticating the vpn connection before logging into their laptop, those client proxy settings get ignored.  What is the best way for pushing out proxy settings?
Cisco VPN Client A                                                                                     Cisco VPN Client B
172.16.1.100 ->ASA->NYC proxy-----Company Net--------LA proxy<-ASA<-172.16.10.100
0
Comment
Question by:sysadmin-ee
  • 2
  • 2
  • 2
6 Comments
 
LVL 2

Expert Comment

by:mlarivie
ID: 34169367
You can create a GPO reflecting the config- after logon you can issue a gpupdate /force /boot which would cache the new policy changes without the user needing a layer 2 link at boot time for the 'applying security settings..' piece on the following restarts
0
 

Author Comment

by:sysadmin-ee
ID: 34169595
Yep, i tried that but found I couldn't target just the remote users that way.  I want to get just the users who are coming in on the VPN, not those in the LA branch office.  I do have an OU containing all the regional machines.  I just don't know when they will be working remotely or not.
0
 
LVL 2

Expert Comment

by:mlarivie
ID: 34169627
What your looking for is features found in Network Policy Server found in Routing and Remote Access 2008 that ties into RADIUS authentication but I just became familiar with it a few weeks back and can't be much further help. Have you explored the option of a transparent proxy from each originating subnet?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 34189375
See

Defining / Locking and Managing Proxy Settings
http://www.petenetlive.com/KB/Article/0000181.htm

Pete
0
 

Author Closing Comment

by:sysadmin-ee
ID: 34190160
Very nice article. That brought it all together for me.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 34194598
ThanQ
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question