Best practice for setting IE proxy settings

We have 3 vpns terminating on 3 different cisco ASAs and i want to have each vpn client use a different non-cisco web-proxy server.  I was looking at simply adding a GPO entry that set the proxy and limit the scope of the GPO by the active IP address of the client but AD's GPO doesn't support that setting.  I am open to using wpad with a pac file but would rather not incur the overhead and security issues.  We tried using the cisco vpn client to set the proxy setting but since users are authenticating the vpn connection before logging into their laptop, those client proxy settings get ignored.  What is the best way for pushing out proxy settings?
Cisco VPN Client A                                                                                     Cisco VPN Client B
172.16.1.100 ->ASA->NYC proxy-----Company Net--------LA proxy<-ASA<-172.16.10.100
sysadmin-eeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mlarivieCommented:
You can create a GPO reflecting the config- after logon you can issue a gpupdate /force /boot which would cache the new policy changes without the user needing a layer 2 link at boot time for the 'applying security settings..' piece on the following restarts
0
sysadmin-eeAuthor Commented:
Yep, i tried that but found I couldn't target just the remote users that way.  I want to get just the users who are coming in on the VPN, not those in the LA branch office.  I do have an OU containing all the regional machines.  I just don't know when they will be working remotely or not.
0
mlarivieCommented:
What your looking for is features found in Network Policy Server found in Routing and Remote Access 2008 that ties into RADIUS authentication but I just became familiar with it a few weeks back and can't be much further help. Have you explored the option of a transparent proxy from each originating subnet?
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Pete LongTechnical ConsultantCommented:
See

Defining / Locking and Managing Proxy Settings
http://www.petenetlive.com/KB/Article/0000181.htm

Pete
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sysadmin-eeAuthor Commented:
Very nice article. That brought it all together for me.
0
Pete LongTechnical ConsultantCommented:
ThanQ
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.