https://community.cisco.com/t5/network-access-control/pix-acs-and-citrix-users/m-p/32181#M9592 <P>I have a Cisco pix that is authenticating outbound users via Cisco Secure ACS. The problem is with Citrix users. When one user logs into the Citrix server and starts Internet Explorer, he gets an authentication window. He puts in a username, password, etc., and gets through fine. Subsequent users do not get an authentication window -- they just go straight through. My guess is that the Pix does not differentiate different sessions but instead sees them all coming from the Citrix server and does not bother authenticating different sessions. My questions are: is my thinking correct, is this behavior expected, and is there anything I can do about it? Ideally, I would like to get every Citrix user to authenticate, but I don't think it's possible in this environment.</P><P></P><P>Thanks for any input!!</P> Fri, 21 Feb 2020 18:02:44 GMT marcs 2020-02-21T18:02:44Z https://community.cisco.com/t5/network-access-control/pix-acs-and-citrix-users/m-p/32181#M9592 <P>I have a Cisco pix that is authenticating outbound users via Cisco Secure ACS. The problem is with Citrix users. When one user logs into the Citrix server and starts Internet Explorer, he gets an authentication window. He puts in a username, password, etc., and gets through fine. Subsequent users do not get an authentication window -- they just go straight through. My guess is that the Pix does not differentiate different sessions but instead sees them all coming from the Citrix server and does not bother authenticating different sessions. My questions are: is my thinking correct, is this behavior expected, and is there anything I can do about it? Ideally, I would like to get every Citrix user to authenticate, but I don't think it's possible in this environment.</P><P></P><P>Thanks for any input!!</P> Fri, 21 Feb 2020 18:02:44 GMT https://community.cisco.com/t5/network-access-control/pix-acs-and-citrix-users/m-p/32181#M9592 marcs 2020-02-21T18:02:44Z https://community.cisco.com/t5/network-access-control/pix-acs-and-citrix-users/m-p/32182#M9593 <HTML><HEAD></HEAD><BODY><P>Try implementing VIRTUAL TELNET on the pix. This way, you can force the users to telnet to the virtual IP configured on the pix to authenticate first, and then browse port 80.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/110/atp52.html#telnet" target="_blank">http://www.cisco.com/warp/public/110/atp52.html#telnet</A></P><P></P><P>HTH</P><P>R/Yusuf</P></BODY></HTML> Sun, 11 Aug 2002 08:45:13 GMT https://community.cisco.com/t5/network-access-control/pix-acs-and-citrix-users/m-p/32182#M9593 yusuff 2002-08-11T08:45:13Z