- HOW TO CONFIGURE THE CITRIX RECIVER TO USE A PROXY HOW TO
- HOW TO CONFIGURE THE CITRIX RECIVER TO USE A PROXY ANDROID
- HOW TO CONFIGURE THE CITRIX RECIVER TO USE A PROXY SOFTWARE
- HOW TO CONFIGURE THE CITRIX RECIVER TO USE A PROXY PASSWORD
Client certificate verifications, password expiration notification, Cisco Secure Desktop (CSD), and everything in CSD (not just Secure Vault) are not supported when standalone/mobile clients are used, because standalone/mobile virtualization infrastructure clients do not understand these concepts. The HTTP redirect is not supported since the current version of Citrix Receiver application does not work with redirects. The ASA picks the first XenApp/XenDesktop configured when a Citrix Receiver client connects. As a result, the ASA proxies requests to one XenApp/XenDesktop per VPN session also. The Citrix Receiver client accesses only one XenApp/XenDesktop Server at a time. This issue has been fixed by Cisco bug ID CSCuj23632. If the Subject name does not fully match the ASA Fully Qualified Domain Name (FQDN), even if the ASA identity certificate contains Subject Alternative Names (SANs), the Independent Computing Architecture (ICA) session will not start (based on the version, the Certificate error could be displayed). Citrix Receiver could not establish connection with remote host discussion. More information can be found in the Receiver for iOS Error: Connection Error. The Md5 signature in the certificates does not work due to a security issue and is a problem on the iOS platforms. Certificate/Smart Card authentication is not supported as a method of auto sign-on since these forms of authentication do not allow the ASA in the middle. Two factor authentication (RSA and Lightweight Directory Access Protocol (LDAP)). ASA also supports challenge modes, which include next token, new PIN, and expired PIN modes. Here is a list of supported ASA authentication methods with the Citrix Receiver: When you send credentials to the back-end XenApp/XenDesktop server, the ASA always obfuscates the user password with Citrix CTX1 encoding. The ASA connects and authenticates to the VDI server with preconfigured credentials (see the Configure section). 
The ASA rewrites and proxies to the XenApp or XenDesktop Server?s XML service interface (XML service is a service that runs on a Citrix server that services virtualization resource related requests).
After the ASA has verified the credentials, the Receiver client starts to retrieve entitled applications through the ASA. A new ASA handler is created in order to handle requests, which includes authentication requests from Citrix Receivers (HTTPS requests with an agent string that identifies itself as the Citrix Receiver). When you try to connect to a Citrix virtualized resource, you do not need to provide the Citrix Server?s address/credentials instead you enter the ASA's Secure Sockets Layer (SSL) VPN IP address and credentials. In order for the ASA to be able to proxy connections from a Citrix Receiver to a Citrix Server, the ASA impersonates Citrix Access. With ASA, connections to internal Citrix resources are possible without the CAG: Traditional deployments require the presence of a CAG, which is typically located behind the firewall: This feature adds ASA functionality in order to support secure remote connections to virtual resources from mobile devices. In a typical deployment, such a device would be located behind the firewall in a Demilitarized Zone (DMZ). The Citrix Access Gateway (CAG) was traditionally the only way to provide secure remote access to virtualized Citrix resources (desktops and applications). In order to see a demonstration of this process, visit the following web page:Ĭisco ASA 9.0 Citrix Mobile Receiver Proxy Demo Android 4.0/4.1 Phone/Tablet - Citrix Receiver Version 2.x or later.Android 3.x Tablet - Citrix Receiver Version 2.x or later.Android 2.x Phone - Citrix Receiver Version 2.x or later.iPhone/iTouch - Citrix Receiver Version 4.x or later.iPad - Citrix Receiver Version 4.x or later.This is a list of the supported mobile devices: If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment.
This document is not restricted to specific software and hardware versions.
The XML interface must be enabled and configured on Citrix XenApp/XenDesktop/Storefront server. 
The ASA must have a valid identity certificate that is trusted by mobile devices. This document describes how to configure the Cisco Adaptive Security Appliance (ASA) as a proxy for the Citrix Reciever on mobile devices. This feature provides secure remote access for the Citrix Receiver application that runs on mobile devices to XenApp/XenDesktop Virtual Desktop Infrastructure (VDI) servers through ASA, which eliminates the need for the Citrix Access Gateway.Ĭisco recommends that you have knowledge of these topics:
0 kommentar(er)
