We have migrated from using a VPN concentrator to an ASA box because the concentrator would not store the 4096 bit key of the root CA. The ASA does not need to have the full chain (trustpoints) so we are successfull using the ASA for remote access VPNs.
Unfortunately the concentrator had a nice feature for proxy settings see below....
Browser proxy configuration is ONLY available using the Release 4.1.6 VPN Concentrator code.
During mode config, the VPN Client negotiates a new mode config attribute to determine whether to change the value of a user's browser proxy setting. The VPN Client adminstrator controls the setting of the attribute through a parameter in the PCF file. This feature is being implemented for Windows (all platforms) only and for Internet Explorer only.
You can configure the VPN Concentrator to push proxy configuration settings into Microsoft Internet Explorer when Windows clients connect to it. The settings are on the Client Config tab of Group configuration. You can configure the VPN Concentrator to not modify proxy settings ("Do not modify proxy settings") , to push settings to disable existing proxy configuration ("No Proxy Settings"), to push settings to auto-detect a proxy ("Auto-Detect Proxy settings"), and to push explicit proxy settings ("Use Proxy Server/Port listed below").
With the "Use Proxy Server/Port listed below" setting, you can push a proxy server address, a proxy exception list, and whether the browser will exclude the proxy for local adresses.
After disconnecting, proxy settings are restored to what they were before the VPN connection was established. If a workstation is improperly shut down or rebooted while a VPN connection is established, proxy settings will be restored on boot-up.
Is there a workaround we can use (we can get endusers to manually enter the proxy etc etc but asking end users to do anything is problematic also it is company policy to tunnel everything when the vpn is up)......any ideas appreciated....
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...