XenApp 6 - Policy to control access to published apps over VPN

Posted on 2012-09-21
Medium Priority
Last Modified: 2013-06-28
Looking for advice on best practices on setting up a policy to control users access to published apps based on some criteria when connecting to VPN.  We use Cisco ASA as VPN endpoint and do not have citrix access gateway.   Using XenApp 6 with citrix receiver v3.0.

Ex.  User has access to 5 published apps when logging into receiver locally on LAN.  But when using receiver on IPad (with same credentials), he only has access to 3 of the published apps.
Question by:itg_admin
LVL 26

Expert Comment

by:Sekar Chinnakannu
ID: 38423152
you dont have policy to control the published applications in vpn. you can configure same in application properties.
LVL 25

Expert Comment

ID: 38427137
Use a Load Evaluator criteria for the IP address, and specifically block the VPN subnet.  

LVL 15

Accepted Solution

joharder earned 1500 total points
ID: 38449148
If you choose the Load Evaluator route, be aware that it may not work the way you'd expect.  I'm not quite sure why, but you can't just designate specific IPs to allow.  The allow field doesn't work--trust me, I experienced much frustration to learn this the hard way because the admin interface would certainly lead you to believe you'd configured it correctly with "allow" settings.  You will attempt to save the configuration, and it appears to save but won't save at all.  No error messages, it just doesn't save.  Arghh!

So, you must specifically designate the deny IP ranges.  You'll want to designate ranges with the specific allow as gaps IPs in between.  Backwards, I know, but hopefully this tip will save you several hours.

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Several part series to implement Internet Explorer 11 Enterprise Mode
If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question