Showing results for 
Search instead for 
Did you mean: 

Browser proxy configuration for ASA

We have migrated from using a VPN concentrator to an ASA box because the concentrator would not store the 4096 bit key of the root CA. The ASA does not need to have the full chain (trustpoints) so we are successfull using the ASA for remote access VPNs.

Unfortunately the concentrator had a nice feature for proxy settings see below....

Browser Proxy Configuration

Browser proxy configuration is ONLY available using the Release 4.1.6 VPN Concentrator code.

During mode config, the VPN Client negotiates a new mode config attribute to determine whether to change the value of a user's browser proxy setting. The VPN Client adminstrator controls the setting of the attribute through a parameter in the PCF file. This feature is being implemented for Windows (all platforms) only and for Internet Explorer only.

You can configure the VPN Concentrator to push proxy configuration settings into Microsoft Internet Explorer when Windows clients connect to it. The settings are on the Client Config tab of Group configuration. You can configure the VPN Concentrator to not modify proxy settings ("Do not modify proxy settings") , to push settings to disable existing proxy configuration ("No Proxy Settings"), to push settings to auto-detect a proxy ("Auto-Detect Proxy settings"), and to push explicit proxy settings ("Use Proxy Server/Port listed below").

With the "Use Proxy Server/Port listed below" setting, you can push a proxy server address, a proxy exception list, and whether the browser will exclude the proxy for local adresses.

After disconnecting, proxy settings are restored to what they were before the VPN connection was established. If a workstation is improperly shut down or rebooted while a VPN connection is established, proxy settings will be restored on boot-up.

Is there a workaround we can use (we can get endusers to manually enter the proxy etc etc but asking end users to do anything is problematic also it is company policy to tunnel everything when the vpn is up)......any ideas appreciated....



Frequent Contributor

To my knowledge, We are not able to configure the proxy setting in client side because of security reason. I think we have to use the push policy settings for proxy connections.


Vincent -

Did you work anything out for this? We are in the same boat with the ASA and proxy.

Content for Community-Ad

This widget could not be displayed.