Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
841
Views
0
Helpful
4
Replies

Proxy Error message when Using AnyConnect and Okta with SAML

jackfait1
Level 1
Level 1

‎08-11-2021 07:53 AM

For Logging into the VPN connection with AnyConnect, we are using SAML with Okta.

We have a PAC file set in our web browser/internet settings that direct traffics to a Web Proxy when Employees are connected on our Internal network or on VPN. - If the User is not on our network or VPN then the PAC file is ignored. User automatic configuration script is where PAC file is set.

 

The problem is when Users try to connect to AnyConnect, the browser window comes up to connect to Okta but an error says the proxy can't be reached. - This is the actual address of the proxy server and not the Pac file

The proxy won't be reached since the User is not connected to our network yet. I also have the same problem with Okta when trying to directly log into the ASA.

 

If you unselect - user automatic configuration script in the internet settings - then the Okta page will open and the user can connect to anyconnect.

 

It seems like something is being cached somewhere but I don't know if it is Windows Issue or Cisco issues??  It seems like a Windows Issue since that is where AnyConnect gets the proxy settings from.

 

Any help would be great.

 

Thanks,

Labels:
0 Helpful
4 Replies 4

jberoldo
Level 1
Level 1

‎10-10-2023 06:14 AM

Hello, I was just wondering if you were able to solve the problem, since this post is two years old and I am currently facing the same issue.

Thank you

0 Helpful

jackfait1
Level 1
Level 1
In response to jberoldo

‎10-10-2023 06:36 AM

Hello.
We would just have people uncheck the setting to use the pac file in their web browser and then recheck it as a workaround.
We have since upgraded our ASA version and AnyConnect version since getting new Firepower devices, and allow people to use their Default OS Browser instead of the VPN client embedded browser to connect. 

0 Helpful

jberoldo
Level 1
Level 1

‎10-10-2023 09:22 AM

Hi!!
thanks for your quick response.
In our case we add an exception to the login url in the proxy that is momentarily working
Anyway, I don't know if it is the correct solution for this problem.
Thanks again!

0 Helpful

jackfait1
Level 1
Level 1
In response to jberoldo

‎10-10-2023 09:31 AM

Hello,
I think we had a different issue. In our case the VPN client embedded browser was trying to use the proxy to connect. However, the proxy was not reachable till Users connected to our VPN. User's off VPN had direct access to the internet at the time. I am glad you got it fixed!

 

 

0 Helpful
Customers Also Viewed These Support Documents