You could use a simple proxy.pac (wpad) file that you would determine if the user is on your internal LAN and direct them to your internal proxy server otherwise allow direct internet access such as the following example
function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
return "PROXY 192.168.1.1:8080";
else
return "DIRECT";
}
You can read more about proxy auto configuration files here
http://technet.microsoft.com/en-us/library/dd361918.aspxOne Gotcha that you should be aware of is that this file is cached and therefore you may need to consider making a change that allows this file to be read everytime the browser is used. Thats jumping ahead a bit and we can cross that bridge if and when you come to it.
Hope this helps