We have an issue where clients using Anyconnect are unable to connect to the internet or Office365 resources (such as their mailbox) when the client is configured for an AutoDetect proxy (which is configured both with internal DHCP & DNS records & a WPAD file). It works fine when we turn off autodetect and manually enter our second internal proxy used for troubleshooting. Both proxies are on the same private /24 network. Details on the two proxy's in our environment:
1) Legacy Microsoft ISA server (that we need to retire for multiple reasons but cannot due to this issue)
2) A third party squid application that integrates with a cloud-based web filtering service (this is the proxy used with AutoDetect)
I can't figure out what what's causing the problem, can anyone please provide some ideas and specific steps on how to troubleshoot this? I've collected sample data in the attached workbook.
Thanks so much,
Hi Mohammed, it doesn't work when using the default 'AutoDetect' setting we use for our internal environment. We have to manually change it to the alternate internal proxy (that we need to remove from the environment) in order for the traffic to route. We need to remove this alternate internal proxy because security updates are no longer offered for it, so all of our products will need to work with a single proxy solution.
You can specify in group policy how the ASA changes the client’s proxy setting upon establishing the tunnel.
Hi Peter, we need the solution to work with a single proxy solution instead of flipping between multiple proxies. Our current alternate proxy is out of support and not receiving new security updates, so it needs to be removed from our environment. We also do not want to enable any sort of split tunneling on our VPN.