Solved: Cisco AnyConnect VPN on Mac behind proxy

gavvvr111 · ‎07-26-2017

Hello.

I would like to connect VPN using Cisco Anyconnect on Mac which is behind proxy.

My situation is similar to this one (asked 5 years ago): https://supportforums.cisco.com/discussion/11615141/anyconnect-vpn-and-proxy

except of i use Mac.

On Windows Cisco AnyConnect uses Internet Explorer proxy settings. But looks like on Mac it does not use settings from: System preferences -> Network -> Advanced -> Proxies.

When i type VPN hostname and press "Connect" button I instantly get this error: "The vpn connection failed due to unsuccessful domain name resolution.".

The question is: Can i somehow tell anyconnect client to use proxy? Since it does not use system proxy settings maybe there is any workaround (configration files or command line options) to provide proxy configuration?

Mohammed al Baqari · ‎07-26-2017

You can do this using anyconnect profile editor. You can select native to force anyconnect client to use browser proxy.

Quoted:

Proxy Settings—Specifies a policy in the AnyConnect profile to control client access to a proxy server. Use this when a proxy configuration prevents the user from establishing a tunnel from outside the corporate network. You can configure the following proxy settings in the group policy after the tunnel is established.

Native—Causes the client to use both proxy settings previously configured by AnyConnect, and the proxy settings configured in the browser. The proxy settings configured in the global user preferences are pre-pended to the browser proxy settings.
IgnoreProxy—Ignores the browser proxy settings on the user's computer. Does not affect proxies that can reach the ASA.
Override—Manually configures the address of the Public Proxy Server. Public proxy is the only type of proxy supported for Linux. Windows also supports public proxy. You can configure the public proxy address to be User Controllable.

View solution in original post

Mohammed al Baqari · ‎07-26-2017

You can do this using anyconnect profile editor. You can select native to force anyconnect client to use browser proxy.

Quoted:

Proxy Settings—Specifies a policy in the AnyConnect profile to control client access to a proxy server. Use this when a proxy configuration prevents the user from establishing a tunnel from outside the corporate network. You can configure the following proxy settings in the group policy after the tunnel is established.

Native—Causes the client to use both proxy settings previously configured by AnyConnect, and the proxy settings configured in the browser. The proxy settings configured in the global user preferences are pre-pended to the browser proxy settings.
IgnoreProxy—Ignores the browser proxy settings on the user's computer. Does not affect proxies that can reach the ASA.
Override—Manually configures the address of the Public Proxy Server. Public proxy is the only type of proxy supported for Linux. Windows also supports public proxy. You can configure the public proxy address to be User Controllable.

gavvvr111 · ‎07-26-2017

Thank you. It worked. I created /opt/cisco/anyconnect/profile/MyProfile.xml with Anyconnect profile editor tool and managed to connect using proxy.