09-19-2007 07:39 AM - edited 03-09-2019 06:51 PM
My ( IPSEC client-VPN) ASA is connected to the DMZ of an ISA cluster. The users get an IE proxy setting via domain login which refers to the local lan interface (NLB) of the ISA's. The DMZ interface is also listening for proxy requests. I want to NAT the local LAN proxy to the DMZ proxy ( preferable PAT). A siple static (port) nat doesnt'work. Any ideas ?
Any ideas how to ?
09-19-2007 12:35 PM
I would use a proxy.pac file to determine where the client is and set the PROXY where you want it to go.
http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html
Something like:
--- START PROXY.PAC ----
function FindProxyForURL(url, host)
{
var proxy_yes = "PROXY proxy.company.com:8080";
ver proxy_dmz = "PROXY dmzproxy.company.com:8080";
var proxy_no = "DIRECT";
if (isPlainHostName(host)) { return proxy_no; }
if (dnsDomainIs(host, ".company.com")) { return proxy_no; }
if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0")) { return proxy_dmz; } //VPN NETWORK
return proxy_yes;
}
--- END PROXY.PAC ----
09-19-2007 11:13 PM
Good idea but as i'm no in control of the desktop of this large organisation I would rather have a "transparent" solution.
09-24-2007 12:44 PM
You can use the proxy settings of the VPN gateway, you can do that under the EzVPN policy configuration, somewhere depending of what device you are using
09-24-2007 09:25 PM
I already set the proxy via the ms client settings that you can push via the ASA, but the issue here is that the domain login overrules tis setting because this is processed after the VPN connection is set.
09-25-2007 03:27 AM
I see, the only thing I could say now is for you to try something with "slow link detection" policy then it will see the host is not local and not apply the policy, it's primiry intended for roaming profile but I think it could work for proxy. See
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91599.mspx?mfr=true
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide