I am investigating the use of an IVE (7.1R6) to front another appliance that will do the proxying of ICA traffic (for external Citrix users). I am whispering now... the other appliance is a Citrix Netscaler with access gateway (CAG). It's just trial run to see if it's feasible to complete host checking on the IVE and just pass subsequent traffic through the IVE so we don't have to support another type of host checking environment. I'm not real familiar with Citrix EPA. I've been testing with the Juniper internal interface being on the same network as the CAG. It is possible use the pass through proxy feature with a virtual hostname to accomplish this? I am attempting to test, but not having much luck. How do I know I configured a bookmark correctly to use the pass through proxy method? And if a client authenticates on the IVE and clicks a bookmark for a logon point on the CAG, is the Juniper opening the connection to the CAG or would that be client's source IP? I'd prefer it to be the client's IP going all the way to the CAG. It should be just 443 traffic the whole way, until the CAG proxies the Citrix traffic to the internal servers. Anyways, I haven't made it very far yet so wanted to see if anyone has suggestions or comments on whether this is feasible or not. Is there something I'm not considering? It's unorthodox, but I want to rule it out before moving on.
... View more