Advanced Clientless VPN access with Citrix Gateway
Clientless VPN sees a way of providing remote access to the corporate’s intranet resources through Citrix Gateway without a VPN client application at the client machine. Clientless VPN provides remote access to enterprise web-applications, portals, and other resources using a web browser at the client’s end. Advanced clientless VPN solution eliminates the following limitations pertaining to clientless VPN:
Relative URLs cannot be identified at times.
Relative URLs generated dynamically cannot be identified.
The advanced clientless VPN identifies the absolute URL and host names and rewrites them in a new and unique manner instead of trying to rewrite relative URLs present in the HTTP-responses/Web-Pages. SharePoint no longer needs to use the default folder for rewriting URLs and a custom SharePoint access is supported.
The following are the prerequisites to configure the advanced clientless VPN.
WildCard Server Certificate - VPN virtual server requires a wildcard server certificate. If the server is hosted with
https://vpn.com,then the server certificate must have entries for (
.vpn.com) as part of certificates CN or SAN (where CN=common name, SAN= Subject Alternative Name). The process of binding this certificate remains the same on Citrix Gateway.
WildCard DNS entry - s The clients (web browsers) must resolve the Advanced clientless VPN app’s FQDN. While setting up the Citrix Gateway server, you would have configured a DNS entry to resolve
vpn.com. Configure a subdomain for ‘.’ so that ‘.vpn.com’now resolves to
Configure Advanced Clientless VPN access
To configure Advanced Clientless VPN access using the command line interface, at the command prompt, type:
set vpn parameter -clientlessVpnMode ON set vpn parameter -advancedClientlessVpnMode ENABLED
If a session action is bound to the virtual server, you must enable the Advanced Clientless VPN Mode option for that session action as well.
set vpn sessionaction SessionActionName -advancedclientlessvpn ENABLED
To configure Advanced Clientless VPN access using the Citrix ADC GUI:
In the NetScaler GUI, navigate to Configuration> Citrix NetScaler> Global Settings.
On the Global Settings page, click Change Global Settings, and then select the Client Experience tab.
On the Client Experience tab, from the Clientless Access list, click On.
On the Client Experience tab, from the Advanced Clientless VPN Mode list, click Enabled.
- If a session action is bound to the virtual server, you must enable the Advanced Clientless VPN Mode option for that session action as well from the Client Experience tab in the Configure Citrix Gateway Session Profile page.
- You can select the Override Global option to override the global settings.
You can configure the Advanced clientless VPN feature at a session level as well.