Jump to content
Welcome to our new Citrix community!

AAA Groups with VPN Connection and Basic Authentication

Ken Z

Recommended Posts



years ago using NetScaler 10.5 I used to set up the Citrix Gateway client (VPN access) by doing the following


1) Create a vServer with all the settings for establishing the VPN connection. I used Basic authentication rather than Advanced Authentication/AAA (it was just 'Authentication' on 10.5)

2) Assign users to different Active Directory Security Groups depending on what they needed access to

3) Create multiple entries in NetScaler Gateway\Resources\Intranet Applications for the different internal systems that users needed access to

4) Create local Groups in NetScaler Gateway\User Administration\AAA Groups that matched the AD group name exactly

5) Assigned the Intranet Applications to the different local AAA Groups depending on user requirements


When a user logged on, the system would extract the users AD group membership and check that against the list of local AAA groups on the NetScaler, and apply the necessary Intranet Application resources to the VPN client, allowing the user to see the internal resources that the administrator has assigned them.


With the latest 13 Builds, and using Basic Authentication, it looks like the NetScaler is not parsing the local AAA groups and applying the relevant Intranet Application resources. Does this only work with Advanced Authentication/nFactor? or am I missing a step somewhere?




Ken Z


P.S. I forgot to mention, the existing VPN is has policies configured using clasic expressions if that's relevent

Edited by kzygmun399
additional info supplied
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...