Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1198
Views
0
Helpful
1
Replies

FTD 6.2.3 AnyConnect VPN set Browser Proxy

David Parker
Level 1
Level 1

‎06-20-2018 08:30 AM - edited ‎03-12-2019 05:23 AM

We are trying to go live with FTD 6.2.3 managed by FMC. One of the last hurdles we have is setting the Browser Proxy to our internal WSA server. For some reason, Cisco doesn't currently support this either by the Remote Access VPN Policy or by using the AnyConnect Profile Editor. So currently we are in a holding pattern until we can resolve this issue. I've tried a TAC case to see if we could utilize WCCP Redirect for this purpose but was advised against it. I've got a TAC case open with the AnyConnect group but it hasn't been assigned to a tech yet. While reading about using Radius with AnyConnect, it appears that we are supposed to be able to define the proxy using a Radius attribute. I've defined this in Secure ACS (we have not migrated to ISE yet), but this seems to have no effect. Has anyone else come across a solution or workaround for this issue?

 

Thanks,

David

Labels:
0 Helpful
1 Reply 1

David Parker
Level 1
Level 1

‎06-20-2018 10:09 AM

I discovered a pretty clean solution for this issue. In the ACS Authorization Profile, I enabled Radius Attributes for setting the following:

 

IE-Proxy-Server-Policy (4 - Use settings from concentrator)

IE-Proxy-Server  (x.x.x.x:port)

 

This was the minimum required to enable the proxy

 

The following also worked:

 

IE-Proxy-Server-Bypass-Local

IE-Proxy-Server-Exception-List

 

This is a very clean solution for configuring your Windows Clients. Not sure about MAC clients, I don't have one to test.

 

Thanks,

David

0 Helpful
Customers Also Viewed These Support Documents