My ( IPSEC client-VPN) ASA is connected to the DMZ of an ISA cluster. The users get an IE proxy setting via domain login which refers to the local lan interface (NLB) of the ISA's. The DMZ interface is also listening for proxy requests. I want to NAT the local LAN proxy to the DMZ proxy ( preferable PAT). A siple static (port) nat doesnt'work. Any ideas ?
I already set the proxy via the ms client settings that you can push via the ASA, but the issue here is that the domain login overrules tis setting because this is processed after the VPN connection is set.
I see, the only thing I could say now is for you to try something with "slow link detection" policy then it will see the host is not local and not apply the policy, it's primiry intended for roaming profile but I think it could work for proxy. See
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...