XenApp 6 - Policy to control access to published apps over VPN

Looking for advice on best practices on setting up a policy to control users access to published apps based on some criteria when connecting to VPN.  We use Cisco ASA as VPN endpoint and do not have citrix access gateway.   Using XenApp 6 with citrix receiver v3.0.

Ex.  User has access to 5 published apps when logging into receiver locally on LAN.  But when using receiver on IPad (with same credentials), he only has access to 3 of the published apps.
Who is Participating?
joharderConnect With a Mentor Commented:
If you choose the Load Evaluator route, be aware that it may not work the way you'd expect.  I'm not quite sure why, but you can't just designate specific IPs to allow.  The allow field doesn't work--trust me, I experienced much frustration to learn this the hard way because the admin interface would certainly lead you to believe you'd configured it correctly with "allow" settings.  You will attempt to save the configuration, and it appears to save but won't save at all.  No error messages, it just doesn't save.  Arghh!

So, you must specifically designate the deny IP ranges.  You'll want to designate ranges with the specific allow as gaps IPs in between.  Backwards, I know, but hopefully this tip will save you several hours.
Sekar ChinnakannuStaff EngineerCommented:
you dont have policy to control the published applications in vpn. you can configure same in application properties.
Use a Load Evaluator criteria for the IP address, and specifically block the VPN subnet.  

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.