Cisco Anyconnect - Mac OS Proxy Settings Incorrect

bpatten5571 · ‎01-12-2017

I've noticed when using Anyconnect on Mac OS (latest is Sierra 10.12), that Anyconnect sets the proxy configuration wrong.

Example:

sudo scutil --proxy

It takes the proxy config from Cisco ASA and then applies it EVERYWHERE which is not correct and causes issues with Safari and Chrome. I've also seen it have issues with Websockets (HTTPS feature). Slack.com uses Websockets so it breaks their site too.

How can we prevent it from setting Socks proxy too, without going the route of a PAC file?

<dictionary> {

ExceptionsList : <array> {

0 : *.local

}

FTPEnable : 1

FTPPort : 8080

FTPProxy :internalproxy.local

GopherEnable : 1

GopherPort : 8080

GopherProxy :internalproxy.local

HTTPEnable : 1

HTTPPort : 8080

HTTPProxy :internalproxy.local

HTTPSEnable : 1

HTTPSPort : 8080

HTTPSProxy :internalproxy.local

RTSPEnable : 1

RTSPPort : 8080

RTSPProxy :internalproxy.local

SOCKSEnable : 1

SOCKSPort : 8080

SOCKSProxy : internalproxy.local

}

Georg Pauwen · ‎01-12-2017

Hello,

I am not sure if this is at all helpful, but chances are that the problems in Safari and Chrome are caused by MTU size. Cisco recommends to set the MTU size to 1200:

sudo ifconfig utun0 mtu 1200

bpatten5571 · ‎01-12-2017

Its definitely not MTU, because I can get websockets to work with Firefox by hard setting the proxy settings. Its definitely a proxy setting issue in Anyconnect with Mac OS.