I am looking at adding web auth for a Guest WLAN on our existing unit.  Currently the guest part of the network uses a transparent Squid proxy using the 'automatically detect settings' option in Internet Options to connect via a WPAD.dat.

I have adding the Guest WLAN and configured as per the Cisco guide, now I have some problems.  If I disable the 'automatically detect settings' option and just connect straight to the Guest WLAN then any attempt to hit a http address will forward correctly to the Web Auth login page.

If I turn the auto detect proxy settings back on then I can download the WPAD (a pre-ACL worked fine for this) but I am left with no redirection to the login page.  Typing the URL in directly either by IP or DNS hostname allows connection to work but obviously this is a manual process.

If I enable the 'WebAuth Proxy Redirection Mode' and leave the port blank (it uses 3128 as one of the ports it listens to by default) the client can connect to the WLAN, download the WPAD successfully but this time I get a message to turn on 'automatically detect settings' even though it already is!

I have tested my DNS resolution and that is working from hostname to IP (I havent set a reverse, does this matter?).  The IP on the virtual interface is 1.1.1.1 and the hostname matches the trusted certificate I bought for this purpose (no errors in IE when I go there manually).

I have tested my WPAD file to make sure that DIRECT is being used for both 1.1.1.1 on HTTP and HTTPS as well as my DNS hostname by HTTP and HTTPS.  I am a little stumped now.

Any ideas?