A new ASA handler is created in order to handle requests, which includes authentication requests from Citrix Receivers (HTTPS requests with an agent string that identifies itself as the Citrix Receiver).When you try to connect to a Citrix virtualized resource, you do not need to provide the Citrix Server?s address/credentials instead you enter the ASA's Secure Sockets Layer (SSL) VPN IP address and credentials.
In order for the ASA to be able to proxy connections from a Citrix Receiver to a Citrix Server, the ASA impersonates Citrix Access. With ASA, connections to internal Citrix resources are possible without the CAG: Traditional deployments require the presence of a CAG, which is typically located behind the firewall: This feature adds ASA functionality in order to support secure remote connections to virtual resources from mobile devices. In a typical deployment, such a device would be located behind the firewall in a Demilitarized Zone (DMZ). The Citrix Access Gateway (CAG) was traditionally the only way to provide secure remote access to virtualized Citrix resources (desktops and applications). In order to see a demonstration of this process, visit the following web page:Ĭisco ASA 9.0 Citrix Mobile Receiver Proxy Demo
Android 4.0/4.1 Phone/Tablet - Citrix Receiver Version 2.x or later.
This document describes how to configure the Cisco Adaptive Security Appliance (ASA) as a proxy for the Citrix Reciever on mobile devices. This feature provides secure remote access for the Citrix Receiver application that runs on mobile devices to XenApp/XenDesktop Virtual Desktop Infrastructure (VDI) servers through ASA, which eliminates the need for the Citrix Access Gateway.Ĭisco recommends that you have knowledge of these topics: