01-12-2017 10:27 AM
I've noticed when using Anyconnect on Mac OS (latest is Sierra 10.12), that Anyconnect sets the proxy configuration wrong.
Example:
sudo scutil --proxy
It takes the proxy config from Cisco ASA and then applies it EVERYWHERE which is not correct and causes issues with Safari and Chrome. I've also seen it have issues with Websockets (HTTPS feature). Slack.com uses Websockets so it breaks their site too.
How can we prevent it from setting Socks proxy too, without going the route of a PAC file?
<dictionary> {
ExceptionsList : <array> {
0 : *.local
}
FTPEnable : 1
FTPPort : 8080
FTPProxy :internalproxy.local
GopherEnable : 1
GopherPort : 8080
GopherProxy :internalproxy.local
HTTPEnable : 1
HTTPPort : 8080
HTTPProxy :internalproxy.local
HTTPSEnable : 1
HTTPSPort : 8080
HTTPSProxy :internalproxy.local
RTSPEnable : 1
RTSPPort : 8080
RTSPProxy :internalproxy.local
SOCKSEnable : 1
SOCKSPort : 8080
SOCKSProxy : internalproxy.local
}
01-12-2017 01:06 PM
Hello,
I am not sure if this is at all helpful, but chances are that the problems in Safari and Chrome are caused by MTU size. Cisco recommends to set the MTU size to 1200:
sudo ifconfig utun0 mtu 1200
01-12-2017 01:09 PM
Its definitely not MTU, because I can get websockets to work with Firefox by hard setting the proxy settings. Its definitely a proxy setting issue in Anyconnect with Mac OS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide