Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1122
Views
0
Helpful
1
Replies

WSA proxy - Anyconnect vpn exclusion

tamaszoltan
Level 1
Level 1

‎09-03-2018 04:00 AM

Hello,

 

I have a problem with the WSA proxy and Anyconnect VPN clients. We would like to implement a WSA proxy in explicit proxy mode in our environment (~2000 nodes) and decrypt the ssl traffic. Our users use Anyconnect vpn clients with a lot of different vpn server connections from inside (from our LAN through the proxy) to outside (other companies). When the WSA terminate an ssl vpn connection the connection is failed because the decryption. It is possible to exclude the ssl decryption with a custom url list but it is hard to collect the vpn gateway IP addresses.
Are there any way to exclude the VPN traffic generally from the decryption? Or it possible to configure a different proxy setting to the anyconnect than the IE?

 

Thanks!

1 person had this problem
Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎09-03-2018 12:33 PM

How is your configuration, is this PAC file or WPAD.
Either case you can by pass proxy for that url in WPAD or PAC file config, and make a rule in WSA for the same and test.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents