07-03-2012 01:22 AM
Hi, we have ASA 5520 as SSL VPN concentrator so users can access internal web from outside. Our internal web also has several internet URL. What we want is when user click internet URL in our internal web, ASA forward those request to internal proxy server. I already config proxy using port 8080 and username "company\user" and password, but always have authentication failed on ssl vpn browser. We uses forefront TMG as proxy. Username and password have right to access Internet.
07-05-2012 01:08 AM
I had the same issue when trying to use Cisco SSL VPN through the TMG proxy server. We resolved it by allowing anonymous access on HTTPS to the external IP.
07-06-2012 08:26 PM
I think, using http-proxy option ASA can only use basic authentication (clear text). Since TMG authentication set to NTLM, so it failed. When I try with CCProxy, ASA can authenticate dan get internet connection. So we allow ASA ip address without authentication on TMG. It's little bit strange because ASA support NTLM authentication when use sso.
Thx.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide