Re: Can ASA anyconnect Client get the Option252 from DHCP Server

Bill lo · ‎08-29-2022

Hi Commulity

1/ Is it possible that the VPN-Client Use the DHCP option 252 From the Inside-DHCP Server?

SRV_DHCP <------DHCP-----> (inside)ASA(outside)<---SSLVPN----> ClientPC

the config as below , is not work , vpn-client cant get DHCP-option 252 info

2/ About the Browser Proxy setting Option on the Group-policy -"Auto detect proxy":

If VPN-Client can't get the DHCP option 252 , the only way for WPAD is DNS ?

I have try setty the "msie-proxy method use-pac" on the Group policy , but the GPO ( Client PC has join AD) will overwrite the Auto-Proxy Setting to "Auto-detect" , the DNS server is out of our control ( We can't modify it )

balaji.bandi · ‎08-29-2022

is the DHCP on router, i generally use MS DHCP it works as expected for the WPAD.

check when you configuring the router- some extra required on the option line

https://community.cisco.com/t5/switching/dhcp-option-252/td-p/796050

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Bill lo · ‎08-29-2022

Hi balaji

1/ it's MS DHCP too

2/ i am not sure ASA will help the VPN-Client to ask the DHCP-request-includ option 252; i have capture the DHCP package on the MS-DHCP, i don't seen the option 252 item in the DHCP-discover ( Send from the ASA use the inside-IP)

thx

Bill

MHM Cisco World · ‎08-29-2022

the DHCP is same ASA which you connect Anyconnect to it ?
If Yes
then use your local Pool for anyconnect IP and then add this commend under group-policy

msie-proxy pac-url value http://www.example.com

Bill lo · ‎08-29-2022

Hi MHM

1/it's MS-DHCP ( on the subnet same as ASA inside )

2/ "msie-proxy pac-url http://xxx/wpad.dat " with "msie-proxy method use-pac" commed

it's work ; but in my environment , the Auto-proxy setting on the VPN-Client PC will be overwrite "auto-detect" , because the GPO

thx

Bill