SSL VPN
Reply
igs
Regular Visitor
igs
Posts: 3
Registered: ‎07-04-2008
0

NC and instantproxy (PROXY external return)

Hello,
 

I have an issue to configure properly a Network Connect access using PAC file,
the instantproxy created avoids external proxy return:


split tunnel with local subnet allowenabled
SA 2500 & v7.1r6
NC connection profile using Server-side PAC file
(http://<public_server>/proxy.pac)
Split Tunneling enabled with allowed access to local subnet


the instantproxy has been generated as this:


function FindClientProxy(url, host) {
 return "DIRECT";
}

function FindServerProxy(url, host)
{
if (isPlainHostName(host)
|| shExpMatch(host, "IVE IP ADDR*")
)
  return "DIRECT";
if (shExpMatch(url, "private domain")
|| shExpMatch(url, "*external pac url"))
return "DIRECT";
else
return "PROXY EXT_IP:80; DIRECT";
}
function FindProxyForURL(url, host) {
 if (shExpMatch(host, "IVE IP ADDR")) {
  return "DIRECT";
 }
 else if (isInNet(host, "SPLIT-TUN-DENIED-NET", "NETMASK")
  || isInNet(host, "SPLIT-TUN-DENIED-NET2", "NETMASK"))
 {
  return FindClientProxy(url, host);
 }
 else if (isInNet(host, "INTERNAL_NET", "NETMASK")
  || isInNet(host, "INTERNAL_NET2", "NETMASK")
  || isInNet(host, "INTERNAL_NET3", "NETMASK"))
 {
  return FindServerProxy(url, host);
 }
 else {
  return FindClientProxy(url, host);
 }
}

And I tried to get something like:


function FindProxyForURL(url, host) { 
    if (expMatch(“IVEhost”, host)   
        return “DIRECT”; 
    else
if (isInNet(“split tunnel policy”) 
          return “DIRECT”;   
  else
return “PROXY external_proxy”;

due to need external proxy for public web sites, and now matches with FindClientProxy>DIRECT


The pac file used into the IExplorer:

function FindProxyForURL(url, host)
{
if (isPlainHostName(host)
|| shExpMatch(host, "10.*") //private servers
|| shExpMatch(host, "IVE_ADDRESS*")
)
  return "DIRECT";
if (shExpMatch(url, "*URL_pac*"))
return "DIRECT";
else
return "PROXY EXT_Proxy:80;";
}//EOF


Could someone help on this?

Thank you in advance

Super Contributor
Kita
Posts: 430
Registered: ‎12-23-2010
0

Re: NC and instantproxy (PROXY external return)

I believe you are referring to this portion, correct?

 

if (shExpMatch(url, "private domain")
|| shExpMatch(url, "*external pac url"))
return "DIRECT";
else
return "PROXY EXT_IP:80; DIRECT";

 

This looks like it says go direct else go through proxy or direct?  Is there a reason why going direct is coded twice?

igs
Regular Visitor
igs
Posts: 3
Registered: ‎07-04-2008
0

Re: NC and instantproxy (PROXY external return)

Hi Kita,

 

just for redundancy purpose, if proxy crashes to allowed direct access, should be removed once working properly.

 

Many thanks

Super Contributor
Kita
Posts: 430
Registered: ‎12-23-2010
0

Re: NC and instantproxy (PROXY external return)

if (shExpMatch(url, "private domain")
|| shExpMatch(url, "*external pac url"))
return "DIRECT";
else
return "PROXY EXT_IP:80; DIRECT";

 

I don't believe this section is right.  This is says go direct if the browser is going to "private domain" and "external pac url".  Should it try the proxy first, then direct?  If so, then it should be:

 

if (shExpMatch(url, "private domain")
|| shExpMatch(url, "*external pac url"))
return "PROXY EXT_IP:80; DIRECT";

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.