08-29-2022 02:50 AM
Hi Commulity
1/ Is it possible that the VPN-Client Use the DHCP option 252 From the Inside-DHCP Server?
SRV_DHCP <------DHCP-----> (inside)ASA(outside)<---SSLVPN----> ClientPC
the config as below , is not work , vpn-client cant get DHCP-option 252 info
2/ About the Browser Proxy setting Option on the Group-policy -"Auto detect proxy":
If VPN-Client can't get the DHCP option 252 , the only way for WPAD is DNS ?
I have try setty the "msie-proxy method use-pac" on the Group policy , but the GPO ( Client PC has join AD) will overwrite the Auto-Proxy Setting to "Auto-detect" , the DNS server is out of our control ( We can't modify it )
08-29-2022 09:26 AM
is the DHCP on router, i generally use MS DHCP it works as expected for the WPAD.
check when you configuring the router- some extra required on the option line
https://community.cisco.com/t5/switching/dhcp-option-252/td-p/796050
08-29-2022 06:52 PM
Hi balaji
1/ it's MS DHCP too
2/ i am not sure ASA will help the VPN-Client to ask the DHCP-request-includ option 252; i have capture the DHCP package on the MS-DHCP, i don't seen the option 252 item in the DHCP-discover ( Send from the ASA use the inside-IP)
thx
Bill
08-29-2022 11:26 AM
the DHCP is same ASA which you connect Anyconnect to it ?
If Yes
then use your local Pool for anyconnect IP and then add this commend under group-policy
msie-proxy pac-url value http://www.example.com
08-29-2022 07:02 PM
Hi MHM
1/it's MS-DHCP ( on the subnet same as ASA inside )
2/ "msie-proxy pac-url http://xxx/wpad.dat " with "msie-proxy method use-pac" commed
it's work ; but in my environment , the Auto-proxy setting on the VPN-Client PC will be overwrite "auto-detect" , because the GPO
thx
Bill
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide