02-15-2013 04:03 PM - edited 02-21-2020 06:42 PM
I have two ASA5505's in failover and set up the the IPSEC client group policy for non-inherited browser proxy settings. I have a manual IP address and the typical port 8080 configured.
What is not working are Windows and Macbook laptop clients. iPads and iPhones accept the policy even though the built-in Cisco IPSEC client does not have a proxy setting on the ipad/iphone.
On a Mac, under Network Preferences, I can set the proxy manually for that VPN profile under any of the "Locations" and it will use the proxy settings. But, if I leave everything blank, even on a Windows 7 PC (Internet Options, Connections, LAN Settings), neither platform seem to accept or maybe it should be "receive" those settings.
I turned up the packet capture on the ASA and saw the ipad/iphone pointing all their browser traffic to the proxy:8080. But the Mac and PC (multiple hardware tested) are sending their packets to the actual host IP. So, the result is that the ASA sees a packet from the "outside" interface that is trying to go to the "outside" interface instead of the inside interface. In effect, it is trying to do a hairpin. I don't want to configure hairpin, I would rather solve this issue.
I know there are some other work arounds that I could do but I really need to figure out why the group policy for an IPSEC client vpn connection is not working.
Any thoughts? Did I miss something?
02-13-2015 09:00 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide