VPN and unwanted HTTP proxy

Similar Messages

• AnyConnect on Apple iOS - VPN-Connect via HTTP-Proxy

  Hi,
  is it possible, that the AnyConnect-Client for Apple iOS (i.e. iPAD) automatically uses the configured HTTP-Proxy in the WLAN properties for the establishment of the VPN-Connection (via SSL/TLS)?
  I've tested it, but it does not work. In the documentation is stated, that VPN establishment via HTTP-Proxy works only in Windows (AnyConnect uses the IE Proxy settings to connect to the ASA for VPN establishment).
  Thanks

  As per w2k3 sniffer trace, 2851 requesting with user=vpnfamily and encrypted password. The password "Password1" which is VPN group's key sending to IAS?
  ->I have "vpnfamily" with password "Password1" but no luck
  Event log shows "Fully-Qualified-User-Name = INFRA\vpnfamily". INFRA is AD NetBIOS name. 2851 router's domain name is "family.com"
  ->Is this something wrong?

• Http proxy auto keeps turning off?

  Hi, I have an iPhone 5s and the http proxy auto keeps turning off but i need it on auto. Plus the settings i put in the auto keep disappearing?

  Have you found any solition to this? Very frustrating, same thing with my iPhone 5. iPad happily keeps it on auto, but iPhone won't stick.

• After updating to iOS 6, I can no longer connect to my schools wireless network. It uses manual http proxy. Now however a blank pop up comes up and it will not connect you. Thanks

  After updating to iOS 6, I can no longer connect to my schools wireless network. It uses manual http proxy. Now however a blank pop up comes up and it will not connect you. Thanks

  Turn off your firewall and antivirus software.

• What HTTP Proxy settings to use and when?

  On the Wi-Fi Networks menu there are three options for HTTP Proxy - Off, Manual, Auto
  Which one should I use and when/why would I use the others?
  thx, gordo

  99% of the time, you should have the proxy settings turned off. Unless you are trying to connect to a corporate network, or some other network that requires a proxy server. In that case you would need to talk to the network administrators to obtain the settings you would need. If your just connecting to your wireless network at home, your almost for sure not going to need to enter anything for the proxy server settings.

• OSB call to remote Web Service via https proxy and https CONNECT problem

  Hi
  I have a service that calls a web service on another server as a web service. This call is via https and the certificate validation raises no errors.
  I now want this call to go via a squid httpd proxy on port 3128 on some machine. So I would like to use HTTP CONNECT (RFC 2817) proxying,. But when I set up this as a proxy, I am getting "Certificate chain" error messages. The certifcate chains is no different now from when I called without the http proxy, so what am I doing wrong? Does OSB support HTTP CONNECT?
  -Johan

  The exeption we are getting is BEA-380000
  General runtime error: [Security:090477]Certificate chain received from XXX - 123.123.123.123 --> test.salesforce.com was not trusted causing SSL handshake failure.
  This is of course not relevant if the callout were using CONNECT. In the CONNECT scenario, OSB would not care about XXX's certificate.

• WWSAPI - Cannot connect to web service via SSL and HTTP proxy authentication with NTLM, errorCode 0x803d0016, HTTP status 407

  Hi,
  I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
  0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
  In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
  a second request with NTLMSSP_AUTH is sent.
  Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
  I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
  Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
  WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
  Any idea?
  Thanks

  Hi,
  I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
  0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
  In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
  a second request with NTLMSSP_AUTH is sent.
  Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
  I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
  Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
  WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
  Any idea?
  Thanks

• Websecurity and End-user-notification with HTTPS proxy

  Hi all
  I would like to setup HTTPS-proxy functionality in a deployment. Most of the rules are "pass-through" and only a few would then be configured for drop or decryption.
  But if i set the connection to drop it is not possible to display an End-user-notification for the endusers. Is there any chance to display an End-user notification to the enduser while dropping or denying https access to a particular group ?
  If yes, is the End-user notification then displayed in normal http connection or in a https connection ?
  Did i use for that a trusted certificate to correctly display the end-user notification without to pop-up a certificate failure (because self-signed certificate is in place at the moment) ?
  It would be great, if you have some answers for some of those questions.

  Andrew,
    See if the below may be modified to do what you want.
  barbee.
  Cisco Ironport Advanced Services
       * This function checks for the category and redirects the user.
       *  -- 2010 june 16. barbee.
      function checkForRedirect() {
          var category = document.getElementById("category");
          if ( category.value == "Search Engines" ) {
              window.location = 'http://www.ironport.com';
  OTHER STUFF

• DAP and http proxy authentication

  I have a ASA firewall with http proxy authetication and now i configure DAP for Anyconnect with AD .I disable the "Default Dynamic Access Policy"  proxy authentication fail .Someone knows how to configure the DAP for http proxy authentication ?
  best regards

  Still nothing about it. I've also posted to another threads with similar problems:
  http://discussions.apple.com/message.jspa?messageID=8165122#8165122
  http://discussions.apple.com/message.jspa?messageID=8165120#8165120
  http://discussions.apple.com/message.jspa?messageID=8165118#8165118
  http://discussions.apple.com/message.jspa?messageID=8149758#8149758
  As I said before, while I've had OS 1.1.4, everything was normal. It began when I upgraded to 2.0.2 and after to 2.1. I also double checked if the TI here changed the policies, and they assured me they don't.
  Several other users with 2.x are also reporting the same trouble. As far as now, I've came across a post suggesting me to install a local http proxy on the phone, but I don't think it's gonna work.
  Let's keep this thread alive!

• Example of a successful reverse proxy to APEX using Apache and Oracle HTTP

  If this helps anyone, I was able to set up a reverse proxy to APEX with Apache running on the reverse proxy server and Oracle HTTP server and APEX 3.2 on the APEX hosting server. I want to post this due to there is no
  documentation on this that I can find. Oracle Metalink could not produce any "How To" document either.
  On the reverse proxy server in the httpd.conf file:
  ProxyRequests Off
  SetEnv force-proxy-request-1.0.1
  SetEnv proxy-nokeepalive 1
  ProxyPassReverse /pls/apex/ http://apex_server:8080/pls/apex/
  ProxyPass /pls/apex/ http://apex_server:8080/pls/apex/
  ProxyPassReverse /i/ http://apex_server:8080/i/
  ProxyPass /i/ http://apex_server:8080/i/
  AddType text/xml .xbl
  AddType text/x-component .htc
  OR
  ProxyRequests off
  RewriteEngine On
  RewriteRule ^/pls/apex/(.*)$ http://apex_server:8080/pls/apex/$1 [P,NE]
  ProxyRequests off
  ProxyPassReverse /i/ http://apex_server:8080/i/
  RewriteEngine On
  RewriteRule ^/i/(.*)$ http://apex_server:8080/i/$1 [P,NE]
  And in the Oracle HTTP server httpd.conf file of the APEX hosting server:
  NameVirtualHost 999.99.99.9:8080
  <VirtualHost 999.99.99.9:8080>
  ServerAdmin [email protected]
  DocumentRoot "/u01/app/ora11g/product/11.1.0/http_1/ohs/htdocs"
  ServerName reverse_proxy_server.com
  </VirtualHost>

  Here is what I saw :
  I have one Web Server 7.0 instance with the following obj.conf :
  <Object name="default">
  <If $uri =~ "/xyz">
  NameTrans fn="map" from="/" name="reverse-proxy-/xyz" to="/"
  </If>
  <ElseIf $uri =~ "/abc">
  NameTrans fn="map" from="/" name="reverse-proxy-/abc" to="/"
  </ElseIf>
  </Object>
  <Object ppath="*">
  Service fn="proxy-retrieve" method="*"
  </Object>
  <Object name="reverse-proxy-/abc">
  Route fn="set-origin-server" server="http://server1.sun.com:80"
  </Object>
  <Object name="reverse-proxy-/xyz">
  Route fn="set-origin-server" server="http://server2.sun.com:80"
  </Object> ...When I send a request to URI :
  /abc/test1.html : the request gets served from server1 from docs/abc/test1.html.
  /xyz/test2.html : the request gets served from server2 from docs/xyz/test2.html
  Where as when you change obj.conf to (note the change in "from" parameter in "map" SAF)
  <Object name="default">
  <If $uri =~ "/xyz">
  NameTrans fn="map" from="/xyz" name="reverse-proxy-/xyz" to="/"
  </If>
  <ElseIf $uri =~ "/abc">
  NameTrans fn="map" from="/abc" name="reverse-proxy-/abc" to="/"
  </ElseIf>
  </Object>
  <Object ppath="*">
  Service fn="proxy-retrieve" method="*"
  </Object>
  <Object name="reverse-proxy-/abc">
  Route fn="set-origin-server" server="http://server1:80"
  </Object>
  <Object name="reverse-proxy-/xyz">
  Route fn="set-origin-server" server="http://server2:80"
  </Object> ...In this case when I send a request to URI :
  /abc/test1.html : the request gets served from server1 from docs/test1.html.
  /xyz/test2.html : the request gets served from server2 from docs/test2.html.

• Http Proxy and Java Web Start 1.4.2_08

  Hi All,
  I'm confused as to how Java Web Start is supposed to work with an HTTP proxy. I'm testing an application in an environment which has an http proxy.
  Our application starts successfully with Web Start but the application is failing to connect to URLs. I have dumped the properties right when the app starts and proxyHost, proxyPort, http.proxyHost, http.ProxyPort are all set correctly. But every attempt to connect to URLs timeout.
  Note that running under 1.5, I get the value of the
  javaplugin.proxy.config.list property and use it to set the properties http.proxyHost and http.proxyPort. Then I am able to connect successfully to the same URLs which failed in 1.4.2_08 ( also fails
  with 1.4.2_03).
  Can someone please help me understand what's wrong here?
  Many thanks,
  Jason

  Actually, what I observed, in 1.4.2_08, is that the https.proxy* properties are being set. The http.proxy* properties are not set.
  in 1.5.0_04 none of the properties are set except for
  javaplugin.proxy.config.list, which I use to set http.proxyHost and http.proxyPort.

• Java Nio and http proxy

  Hello,
  I would send a http request through a http proxy with a Nio Client. So I wrote by hand the
  http request :
  buffer.append("HTTP/1.1\n");
  buffer.append("Content-type: text/xml\n");
  Then I send this request with a Nio Client but the request doesn't pass.
  Can you help me ?

  I use tcp to send my request with a nio Client. The header of my http request :
  StringBuffer buffer = new StringBuffer();
  buffer.append("POST ");
  String path = "/";
  buffer.append(path + " ");
  buffer.append("HTTP/1.1\r\n");
  buffer.append("Content-type: text/xml\r\n");
  buffer.append("Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n");
  buffer.append("Host: 10.194.55.23:80\r\n");
  buffer.append("Connection: keep-alive\r\n");
  buffer.append("Content-Length: 0\r\n");
  buffer.append("\r\n");

• Nio and http proxy

  I want to use http proxy in nio.but i can't find any methods in socketChannel.(if use socket, i could use such code do impl this
  Socket socket = new Socket(new Proxy(......));
  socket.connect(serverAddress); now i want to set a http proxy to SocketChannel, but i found it's impossiable to construct a SocketChannel from a pre exist socket.
  how to use proxy in nio.
  thanks all.

  I use tcp to send my request with a nio Client. The header of my http request :
  StringBuffer buffer = new StringBuffer();
  buffer.append("POST ");
  String path = "/";
  buffer.append(path + " ");
  buffer.append("HTTP/1.1\r\n");
  buffer.append("Content-type: text/xml\r\n");
  buffer.append("Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n");
  buffer.append("Host: 10.194.55.23:80\r\n");
  buffer.append("Connection: keep-alive\r\n");
  buffer.append("Content-Length: 0\r\n");
  buffer.append("\r\n");

• IpSec VPN and NAT don't work togheter on HP MSR 20 20

  Hi People,
  I'm getting several issues, let me explain:
  I have a Router HP MSR with 2 ethernet interfaces, Eth 0/0 - WAN (186.177.159.98) and Eth 0/1 LAN (192.168.100.0 /24). I have configured a VPN site to site thru the internet, and it works really well. The other site has the subnet 10.10.10.0 and i can reache the network thru the VPN Ipsec. The issue is that the network 192.168.100.0 /24 needs to reach internet with the same public address, so I have set a basic NT configuration, when I put the nat configuration into Eth 0/0 all network 192.168.100.0 can go to internet, but the VPN goes down, when I remove the NAT from Eth 0/0 the VPN goes Up, but the network 192.168.100.0 Can't go to internet.
  I'm missing something but i don't know what it is !!!!, See below the configuration.
  Can anyone help me qith that, I need to send te traffic with target 10.10.10.0 thru the VPN, and all other traffic to internet, Basically I need that NAT and VPN work fine at same time.
  Note: I just have only One public Ip address.
  version 5.20, Release 2207P41, Standard
  sysname HP
  nat address-group 1 186.177.159.93 186.177.159.93
  domain default enable system
  dns proxy enable
  telnet server enable
  dar p2p signature-file cfa0:/p2p_default.mtd
  port-security enable
  acl number 2001
  rule 0 permit source 192.168.100.0 0.0.0.255
  rule 5 deny
  acl number 3000
  rule 0 permit ip source 192.168.100.0 0.0.0.255 destination 10.10.10.0 0.0.0.255
  vlan 1
  domain system
  access-limit disable
  state active
  idle-cut disable
  self-service-url disable
  ike proposal 1
  encryption-algorithm 3des-cbc
  dh group2
  ike proposal 10
  encryption-algorithm 3des-cbc
  dh group2
  ike peer vpn-test
  proposal 1
  pre-shared-key cipher wrWR2LZofLx6g26QyYjqBQ==
  remote-address <Public Ip from VPN Peer>
  local-address 186.177.159.93
  nat traversal
  ipsec proposal vpn-test
  esp authentication-algorithm sha1
  esp encryption-algorithm 3des
  ipsec policy vpntest 30 isakmp
  connection-name vpntest.30
  security acl 3000
  pfs dh-group2
  ike-peer vpn-test
  proposal vpn-test
  dhcp server ip-pool vlan1 extended
  network mask 255.255.255.0
  user-group system
  group-attribute allow-guest
  local-user admin
  password cipher .]@USE=B,53Q=^Q`MAF4<1!!
  authorization-attribute level 3
  service-type telnet
  service-type web
  cwmp
  undo cwmp enable
  interface Aux0
  async mode flow
  link-protocol ppp
  interface Cellular0/0
  async mode protocol
  link-protocol ppp
  interface Ethernet0/0
  port link-mode route
  nat outbound 2001 address-group 1
  nat server 1 protocol tcp global current-interface 3389 inside 192.168.100.20 3389
  ip address dhcp-alloc
  ipsec policy vpntest
  interface Ethernet0/1
  port link-mode route
  ip address 192.168.100.1 255.255.255.0
  interface NULL0
  interface Vlan-interface1
  undo dhcp select server global-pool
  dhcp server apply ip-pool vlan1

  ewaller wrote:
  What is under the switches tab?
  Oh -- By the way, that picture is over the size limit defined in the forum rules in tems of pixels, but the file size is okay.  I'll let it slide.  Watch the bumping as well.
  If you want to post the switches tab, upload it to someplace like http://img3.imageshack.us/, copy the thumbnail (which has the link to the original)  back here, and you are golden.
  I had a bear of a time getting the microphone working on my HP DV4, but it does work.  I'll look at the set up when I get home tonight [USA-PDT].
  Sorry for the picture and the "bumping"... I have asked in irc in arch and alsa channels and no luck yet... one guy from alsa said I had to wait for the alsa-driver-1.0.24 package (currently I have alsa-driver-1.0.23) but it is weird because the microphone worked some months ago...
  So here is what it is under the switches tab

• HTTP proxy server connection error

  My iPhone4S can't connect well to 3G, only works properly with WIFI connection. When i try to navegate with safari or other apps, HTTP proxy error is shown. I only receive notifications, but when i try to open the specify app: server error. Its weird, because for instance, whatsapp and mail clients like sparrow works properly with 3G. I can update my mail and send whatsapp, but i cant receive or send any attachments.
  I've tried to reset my iphone, and reset my network configuration, but the problem is still there.
  Thanks everyone!

  I had this problem. It started when I took my unlocked iPhone from Australia on a Telstra SIM to the U.S. and put in a Straight Talk SIM. I used unlockit.co.nz to generate a new APN for my phone while on Straight Talk, which worked fine.
  However, upon coming back to Australia and reinserting my Telstra SIM, I couldn't access HTTP. My VPN would start over 3G and I could get push notifications and data in some apps, but anything that used HTTP, including Safari, would give me the proxy error or a network timeout error. Wifi worked perfectly.
  I called Telstra and they said it wasn't them. I was sitting on hold with Apple Care when I thought to try inserting my colleague's Telstra SIM into my phone and, voila, it worked perfectly. I hung up and called Telstra back to complain but while on hold I put my own old Telstra SIM back in only to find that I had fixed my problem.
  So try inserting a known, working SIM from the same carrier and see if that fixes your problem. Stopping into one of their stores may be the answer if you don't have any other SIMs handy.
  I suspect that somewhere in the iPhone an HTTP proxy for 3G setting was set and stuck, and trying a new SIM erased that setting.