Problem of proxy with AnyConnect SBL

Hello

Recently, I added the following line to our profile of .xml AnyConnect:

IgnoreProxy

We use a server proxy internally in our network, so when client computers have been set up for this, they could not connect to our ASA with AnyConnect when they were out of the site. The above setting in their corrected profile that, even if the proxy is enabled in their IE, they could connect with AnyConnect roaming. So far so good.

Yesterday, I added the following to our configuration:

TEST group policy attributes

use a MSIE-proxy-server method

Internet Explorer-proxy server value ip.ip.ip.ip:port

activate Internet Explorer-proxy local-bypass

This configuration was to ensure that the proxy of the user is enabled when connected to the VPN. According to doc Cisco proxy on the client settings automatically return to its original settings when disconnecting. This also works as expected.

But then, here is the funny thing (which is not funny at all really):

When to start the client computer and start-up of the AnyConnect client before logon Windows (SBL), I get the prompt attached when trying to connect! This only happens with SBL – not when the user connects and then starts the VPN client. I tried with different proxy user auth I know work, but I can't get through and therefor unable to connect before Windows logon. According to the doc of Cisco, the proxy settings should apply logon AFTER VPN - but it seems he's trying to use them BEFORE trying to connect when you use NFP.

No one knows why this happens? And anyone can come up with a solution (except disable proxy settings just made)?

Thanks in advance - much appreciated!

/ Rasmus

Rasmus,

Bad news... I checked the "fixed in" field in bugs.

002.005 (1002) and 002.005 (2000)

which means - it will be corrected in the new version.

Symptom:

The "IgnoreProxy" setting in the AnyConnect XML profile is not functioning when Start Before Login (SBL) is also enabled.


Conditions:

Problem first observed on AnyConnect 2.4.1012 when "IgnoreProxy" is set in the xml profile. Using Start Before Login feature (SBL). Using GPOs to set the proxy before login. Most noticable when the Proxy that is set is internal/private because the AnyConnect will not be able to reach the headend device to make the anyconnect connection due to the proxy being set. Confirmed the profile is active. The "IgnoreProxy" setting in the profile is working for a non-SBL connection.


Workaround:

1. This does work without SBL. For instance If you cancel SBL, logon to windows in the usual way and then start the Anyconnect client. If you then disconnect and reconnect the AnyConnect it does indeed ignore the configured proxy.

2. Disable GPO settings that push the proxy before login.

Note: If you are using GPO to launch scripts, be aware AnyConnect also now has a OnConnect scripting feature to launch scripts as well

Tags: Cisco Security

Similar Questions

  • Problem of DNS with AnyConnect on SAA

    / * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 cm 5.4pt cm 0 5.4pt ; mso-para-marge-haut : 0 cm ; mso-para-marge-droit : 0 cm ; mso-para-marge-bas : 10.0pt ; mso-para-marge-gauche : 0 cm ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}

    Hello

    I have a problem with the local domain name resolution when connected via a VPN SSL using anyconnect.

    I've identified it is due to the fact that the assigned DHCP DNS is not by adding a domain suffix.

    I proved this by adding the local domain after the host name, I'm ping.

    On the the ASA5505 ASDM I ensured that the appropriate field is identified on the DNS, but this still does not work.

    Please could someone guide me in the right direction. It should be on the profile that is downloaded or a configuration that automatically adds the correct suffix when DNS queries are sent to the DNS server.

    Hi again,

    I just figured my DNS suffix name resolution problem and I thought I'd share my solution in case it helps you:

    • Connect to ASDM, select VPN remote access, expand access to the network (Client), highlight the group policies.
    • On the right, edit the group policy that you connect your remote users.
    • Screen that comes up, highlight the server on the left and then click on the small arrow to the right to display other editing options in group policy.
    • Fill in the default domain with your internal domain name (for example, mydomainname.local)
    • Click Ok to save and save config to Flash running.

    Test of reconnection to with a client AnyConnect and performing a ipconfig/all.

    For me, I can now see the suffix dns that I defined in the group policy and successfully, I can ping internal hosts by name.

    Good luck!

  • Problems of NAT with AnyConnect and 8.3 of the ASA

    I have set up on an ASA 8.3 AnyConnect.  I'm properly connect and pulling an IP from the pool that I created.  The problem I have is that I'm quite see "receive" packets in the AnyConnect details.  I know about the ASA 8.2 and earlier you would use a "waiver" NAT to do the translation of the identity.  How is what is done with 8.3 and later?

    Within 8.3 and later networks are defined as objects using groups of objects. Then, these groups of objects are referenced in the NAT statement to define both pre and post NAT (real / mapped) addresses.

    network of the LOCAL_LAN object
    Subnet 192.168.0.0 255.255.0.0

    network of the REMOTE_LAN object
    subnet 172.16.0.0 255.255.0.0

    NAT static LOCAL_LAN LOCAL_LAN destination (indoor, outdoor) static source REMOTE_LAN REMOTE_LAN

  • Merge the problem of clips with replacement of sequences of proxy

    Hello

    I have problems to find a solution to a problem I have with the merging of the Clips feature in Adobe first Pro CC.

    I am currently working on a tool for editing using sequences of proxy which I intend to replace after locking picture for color and export. The project was registered with dual sound, so my intentions were to synchronization and merge all the images in the proxy edit for an easy workflow and then replacement all clips with the original source files prior to export.

    The problem is that when I replace proxy images in the first, the merged clips don't update.

    If someone knows a solution or the solution please let me know, because my workflow would really enjoy being able to use clips of fusion, but only if I am then able to replace the images easily with the source files.

    Thank you

    Aaron

    If someone knows a solution or workaround...

    Do not use a proxy.  Use the originals of sufficient quality for final export intermediaries.

  • AnyConnect SBL fails to connect.

    Hello

    No doubt a well discussed topic, but I have tried all sorts to try to get Anyconnect SBL working without success.

    I am running XP Pro SP3.

    I can connect to my Anyconnect VPN without any problem through the FULL domain name once XP is running.  However, when you are prompted to connect to the VPN connection before I get the pretty non-descript error below.

    Connection attempt failed.  Please try again.

    I tried to remove the Anyconnect client and application SBL.  I have re-installed Anyconnect then re-connected and have downloaded automatically the SBL part.  Then I restarted my laptop.

    I can see there is an attempt to connect to the ASA because I've set up a capture, but almost immediately, the attempt fails with the above error.

    I use Anyconnect 3.0.08057 and a certificate on the ASA that is issued by a certification authority in my field.  I have this certificate root installed on my laptop in the trusted certificates authorities store.  I do not receive the certificate problems during a manual VPN connection, so I guess this isn't a certificate problem.

    I'd appreciate any help that anyone can have.

    Thank you

    St.

    I solved the problem with SBL by following these steps:

    Try to install the certificate in the store of machine certificates, not the user store.

    Run the MMC, add the Certificates snap-in.

    Choose "Computer" when prompted.

    Next, next, finish

    Root of trust > install

  • RDP fails to connect with anyconnect

    Hi all
    I have a problem with the configuration of an ASA 5505
    When my users connect with anyconnect they can only connect to the server, but when they want to connect to their own pc, it does not connect.
    When they are connected, they can ping their own pc even with the DNS name.
    When I let connect them trough the clientportal. They make RDP on their own pc.
    NAT is set to the ip address of the server as well as the pc owners.
    The server is a victory of 2008 SBS and clients are Win XP
    Anyone have an idea?

    Please indicate the following:

    Can you ping 192.168.1.14? and can try you to telnet to port 3389 to 192.168.1.14 invites back?

    In addition, if the connection that allows 192.168.1.14 different IP subnet RDP to the server? Is there a PC firewall that would block access? You can try to disable the Windows Firewall on 192.168.1.14.

  • Hey, need help. I get this in my iPhone that 'there is a problem of billing with a previous purchase. Please update your payment method"in any way I can remove my visa card from iTunes

    Hey, need help. I get this in my iPhone that 'there is a problem of billing with a previous purchase. Please update your payment method"anyway I can remove my visa card from iTunes?

    You must pay your debt first.

  • the site theme is problem with firefox, but not any problem of chrome with!

    the site theme is problem with firefox, but not any problem of chrome with!
    for ex: http://haftegy.ir
    How to fix?

    Wow sorry! IM update firefox to the latest version and my problem is solved.
    Thank you very much.

  • I can not access to sites such as Youtube or truckcam.tv it seems that the problem may be with the most recent Adobe flash and firefox as browsers further

    Question
    I can't access to sites such as Youtube or truckcam.tv , seems, the problem may be with the last Adobe flash and firefox as other browsers work I reinstalled both, but without success, even on the two desktop using Vista and laptop on Windows 7

    See:

  • Have problems and questions with Time Capsule were addressed in any significant way. Reluctant to buy according to your comments.

    Have problems and questions with Time Capsule was dealt with in a meaningful way? Reluctant to buy according to your comments.

    Apple did not have any material changes to the time Capsule to nearly 3 years. The only change that has occurred in the last 18 months or so is a firmware update to address security issues.

  • I have problems to make my battery charged, because the cable does not have a link solid with the socket of the phone.  The problem seems compatible with a lot of cables, so I think the problem is with the phone. Can it be fixed?

    I have problems to make my battery charged, because the cable does not have a link solid with the socket of the phone.  The problem seems compatible with a lot of cables, so I think the problem is with the phone. Can it be fixed?

    Probably there is debris and dust in the decision-making of the lightning.  Serve with compressed gas canned (NEVER orally).  If this doesn't help, try electronic contact cleaner has a q - Tip.  Finally, take it to Apple.

  • Problems of wireless with my Satellite A505

    Hello people,

    I have a Satellite A505 which uses a Realtek RTL8191SE wireless network card. Recently, I had connectivity problems with my home router. This configuration used to work perfectly, but recently, I had a problem where I won't be able to connect to my router wireless access point. Reset the adapter does not solve the problem, or don't restart.

    I found that my router reboot solves the problem, I am able to login after the reboot of the router. I have not had this problem on any of the other devices or laptops in my house and never had this problem until last month. I tried to do a factory reset on my router in order to ensure that some recent changes in our setup of the router were not to blame, but the problem persists even with a clean slate.

    Ideas for what to do?

    Thank you!

    Hello

    >... and never had this problem until the last month or more
    Do you use WLAN driver from Toshiba support page?
    I ask this question because I noticed that under Win7 driver for this wireless network card is offered as optional update. Maybe this update is installed, and now you have this problem.
    If possible, try to roll back OS a few weeks back and check if the problem persists.

  • Problems of lag with Safari/Youtube

    Hey guys, I had this problem for a while:

    When I close the Youtube tab (normally with a video) to get to the next tab, tab Youtube sometimes freezes for a few seconds before closing completely.

    Then Safari starts getting lag, "restless" and slow, even when I'm on Facebook or other websites in general. I noticed that my Mac starts to slow down too.

    The only way I have temporarily resolve this problem is to remove the story and the datas of Safari and start over. Or what Mac is becoming seriously lag is to restart (it happened seldom).

    This problem has occurred before the update to OS X El Capitan 10.11.3 (I thought that it improved...)

    Clues or suggestions on what to do?

    • I have never installed readers flash, adobe etc...
    • I don't have a plugins, web extensions installed.
    • I décliqués Plugin Internet on Safari, thought preference that he touched it...
    • This Youtube problem never happens with Chrome
    • I have a Macbook Pro OS X El Capitan 10.11.3, retina

    Try to reset the settings of Safari:

    1. open Safari

    2. click on the Safari menu at the top (to the right of the Apple logo)

    3. Select the Preferences/Privacy tab

    4. click on remove all data from the Web site

    5. close Safari.

    Remove cache Safari files:

    1. click on finder

    2. look for the menu GO to top

    3. click on GO and hold down the option key. This will show a user library folder.

    4. click library and find the Caches folder

    5. in the folder caches com.apple.Safari Ouvrezledossier

    6. move the Cache.db file Trash.

  • Problem connecting wireless with my Tecra A8

    Hello

    I have problem connecting WiFi with my laptop Tecra A8. When I opened my laptop, it does not connect to the wireless network.
    I tried several ways to solve this problem.
    I updated for active connections, then I click on the Connect button after you select my wireless LAN, but it doesn't connect.
    Or I restart my computer, but it doesn't connect.
    However, it connects to the network wireless in anytime after about 15 minutes.

    Also when I tried to connect to the network wireless at home, but I couldn't t connect. I removed the password for the connection. Then I connected without any problem.
    I wonder that there is no problem with installation? Or my wireless card doesn't work?
    Can someone help me?

    Thank you

    > Also when I tried to connect to a home wireless network, but I couldn't t connect. I removed the password for the connection. Then I connected without any problem.

    According to the statement, all looks like that you try to use a password for encryption wrong!

  • Anyone know when will fixed the problem of material with the "IPAD PRO"? The question that keeps it from starting after the load.

    Anyone know when will fixed the problem of material with the "IPAD PRO"? The question that keeps it from starting after the load.

    According to Apple, it has been addressed in the latest update of the iOS, iOS 9.2.

Maybe you are looking for

  • Why is the bookmark icon is no longer on the latest version of firefox

    When I enter the option to customize the bookmarks bar you have more an icon to view your Favorites on the left side of the screen. How can I get and place this icon?

  • Address bar does not any suggestions for my story

    The address bar doesn't pull up of suggestions of my story, bookmarks of GOLD, even if I put it to remember my story in the parameters and suggest both individuals, as well as am able to see these bookmarks and historied pages in their respective fie

  • Adding graphics

    Hello I don't know what software I would need to buy. I'd like make a video where there is a video game in the background and on top of the video, I would add graphs (a line from the x-axis, then the line of the value axis). I won't be able to draw p

  • W530 upgrade memory

    What is the best memory for a W530?

  • Writing terminal COM data to graph using Visa

    Hi all. This is my first post so try not to tear me to shreads for my lack of knowledge! Well, my basic project idea is to have an arduino read a signal in labview in series using the XBee. So far, I'm able to get current values of the chart in by nu