Either dst-nat or ESI in NAT mode can redirect specified traffic to a different IP destination (such as a proxy server or content filter). In fact, Aruba's CSS is a cloud-based content service where the controller or RemoteAP dst-nats http traffic to the closest enforcement node. You normally would not need to set up ESI unless you had multiple proxies (load balancing) or wanted the ESI health checks to bypass the proxy server when it was down; otherwise dst-nat is simpler and would suffice.
The proxy server knows where the client is trying to go because the URL is specified within the HTTP packet (GET, POST, etc.). But not all proxies are created equal, so just getting traffic to it may not be enough. You may need to update the proxy to work in this mode or explicity configure the clients.
You can also use ESI in route mode to force web traffic to the proxy. This mode rewrites the Ethernet header (OSI Layer 2), so controller and proxy need to be on the same subnet. Destination IP and port are unchanged, so essentially the proxy is inline without actually being inline (similar to a WCCP implementation).