I have a Cisco pix that is authenticating outbound users via Cisco Secure ACS. The problem is with Citrix users. When one user logs into the Citrix server and starts Internet Explorer, he gets an authentication window. He puts in a username, password, etc., and gets through fine. Subsequent users do not get an authentication window -- they just go straight through. My guess is that the Pix does not differentiate different sessions but instead sees them all coming from the Citrix server and does not bother authenticating different sessions. My questions are: is my thinking correct, is this behavior expected, and is there anything I can do about it? Ideally, I would like to get every Citrix user to authenticate, but I don't think it's possible in this environment.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...