Solved: Re: nclauncher with pac file on IE

globix_ · ‎06-28-2010

Hello,

I have Internet Explorer that always uses a PAC file whether I'm at work or at home.

Of course at home pac file is not available....

I'd like to know if it is possible to launch nclauncher when I'm at home without disabling the proxy configuration?

Regards

Kalex_ · ‎06-29-2010

Well, with current settings it's not possible indeed. But, if you have administrative control over GPOs forcing proxy settings in IE, you could fix the problem like this:

1 enforce Auto proxy and put either a DNS or DHCP entry that points to the PAC URL in the office LANs;

2 Remove any direct access between users and internet in the office (of course);

3 Add a proxy in the NC Connection Profile you want to use, quite possibly the very same as in step 1

Now, all mobile users will use Auto detected proxy settings. At home, there's probably no wpad.office.lan DNS entry, nor a DHCP server supplying such a url, so: OK. If there is: no conflict, OK^2.

If they _are_ at the office, there's no internet connection availbe: OK once more. Autodetect supplies them with wpad.office.lan, and that's fine too.

Now they try to connect to NC on the SA: as mentioned before, this works fine. And now, by their assigned role's profile the are assigned a proxy too. By enforcing all internet-targeted traffic through the tunnel, combined with the proxy, you should theoretically have solved your problem and even better: your road warriors can use IE on the road as well.

View solution in original post

Kalex_ · ‎06-19-2009

My pleasure! Thanks for the 'Accepted Solution', that may help other people too!

Regards,
Alex
JNCIA-SSL,FWV,IDP, Security+,Network+,LPIC-1,MCSE,MCITP:EA

Kalex_ · ‎06-28-2010

Well, it should be possible:

- create 2 roles, with role restriction on source IP

- create 2 NC profiles, 1 with and the other without proxy setting

- assign the role on office LAN restriction with proxied NC profile

- assign the other LAN restriction (preferably 'any, not equals office LAN') to the no-proxy profile

and away you go. Haven't tried this yet but should work.

globix_ · ‎06-28-2010

Alex,

Maybe I did not explain very well the problem.

Whether I'm at home or not, IE has always the proxy.pac configured

When I launch nclauncher it tries to access the proxy.pac, but it is not available since it is not yet connected...

srigelsford_ · ‎06-28-2010

Hi,

If I understand you right, you will need to add your SSL gateway as an exception in your proxy.pac file in order to be able to connect.

Once NC launches you have the option to modify, dissable, or replace your pac file if needed.

Sam.

Kalex_ · ‎06-28-2010

Ah, that's not what I thought indeed. Setting an exception for the NC access URL doesn't help?

globix_ · ‎06-28-2010

Hi,

That sounds to be the answer, but as the Pc can not establish a connection with the server that contains the pac file (because that server is not public) NClauncher tries approximatly 2 minutes to connect

Actually, the idea would be that the NClauncher command line ignores IE proxy settings....

Kalex_ · ‎06-29-2010

Indeed, I just had a chance to investigate this, and you cannot set an exception when using a PAC. Hm. Me dumb, go eat puter.

And using another browser just to connect to the SA and start IE afterwards, would that help you out while we start digging again?

globix_ · ‎06-29-2010