cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6247
Views
0
Helpful
9
Replies

Automatically detect proxy settings

gabedellaquila
Level 1
Level 1

I have a problem with the automatic discovering. I have a pac file that works fine on the client, but we want to use a centralized management of the file,and i want to enable the automatic discovering, in order to give the oportunity to our guests to use our network, .

This is what i've done:

  1. i renamed my pac file in wpad.dat
  2. i uploaded on my S650 the file wpad.dat, using the web interface
  3. i created an entry in my internal DNS where the host is wpad and the ip address is the address of my S650
  4. then i configured my client to "Automatically detect settings"

Unfortunatelly it didn't work. What am i missing? What did i do wrong?

Thanks

Gabe

9 Replies 9

edadios
Cisco Employee
Cisco Employee

What browser do you have?

Firefox will look only for a single URL - http://wpad/wpad.dat (ie, with
no domain name included)

Internet Explorer will start with the full hostname for the client and
work backwards trying to find a host called wpad. eg, if the clients
hostname is "pc123.pc.branch.company.com" then IE will attempt to find a
WPAD file at the following URLs :
http://wpad.pc.branch.company.com/wpad.dat
http://wpad.branch.company.com/wpad.dat
http://wpad.company.com/wpad.dat

(Some older versions had a bug where they would follow the tree too high
and check, for example http://wpad.com/wpad.dat - this has been fixed)

Maybe it is best to run wireshark on a test client, and check the capture for what the client tries to do when you browse.

You can attach the packet capture here, and we can take a look at what is happening.

I hope this information helps you.

I use both FF and IE, and no matter what browser i use, it doesn't work. But your question make me have even a stronger feelings that i did something wrong: if i type in the address bar  http://wpad.mydomain.net/wpad.dat i should be prompted to download the file or see the file in the browser, instead i receive a generic error that the page cannot be displayed

Please use wireshark  ( http://tinyurl.com/yclvno ) on the problem pc to do packet capture of what it is trying to do when you open a browser, and try to get to a site.

The packet capture will show where your pc is trying to go to access that file. Or otherwise, which device is not responding.

Here are 2 file captured while using IE. Both captures started with the browser closed.

By default, the proxy is configured to proxy for port 80 request.

The WSA also hosts the pac file on port 9001 by default.

When trying to use wpad, the request for the file, is being done by the browser on port 80.

So you will need to configure the WSA not to proxy for port 80.

On the GUI Security Service > Web Proxy Settings > Basic Settings > Make sure that port 80 is not on the list of HTTP Ports to Proxy.

You will need to change

Pac Server Ports to 80 .

On GUI Security Service > Proxy Auto-Configuration File Hosting > Proxy Auto-Configuration File Hosting should be on PAC Server Ports: 80

You then configure your wpad.dat file to use the available proxy ports ( by default, 3182 is also there), and upload that to the WSA.

On your capture on the client, you should then see the client trying to connect to the WSA in port 80 trying to obtain the wpad.dat file, if the windows\system32\drivers\etc\hosts file is configured correctly to point to the WSA ip address as the host called wpad.

I hope this information helps you.

edadios, thanks for your help, but it still doesn't work. Here are 2 screenshots of my configuration. As you can see i use port 80 for the pac file, and port 8080, or 8090 or 8000 as HTTP ports to proxy.

Probably something else is wrong. For example: if i use port 9001 as port for the PAC file and i configure my client to "Use automatic configuration script" and i set as address Http://the address of my proxy:9001/proxy.pac it works fine, but if i cahenge the configuration on ironport to use port 80 and i set the client to use port 80, it doesn't work.

From the packet capture you provided, can you please identify what ip addresses the client pc, and WSA is.

I will be attaching here a lab reproduction of the scenario I understand you are tyring to get working.

I hope it helps you. Otherwise, we may possibly need to setup an ironport ticket with you to help you resolve the issue.

Sorry for the delay, i've been busy the last few days. So the ip address of the client is 10.9.11.54

and the ipaddress of the WSA is 10.20.10.32

If you look at the packet captures you provided and filter with "ip.addr eq 10.9.11.54 and ip.addr eq 10.20.10.32" you will find that the client is getting a reset back on the syn it send the WSA. The WSA is likely still confiugred to proxy for port 80 when you were using wpad.

Can you please take a look at the document I attached to my previous reply, and try to follow that configuration, and see where you may have missed a step.

Otherwise, it might be an idea to call in to support to have a ticket for you and be asissted with this.

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: