VMware Horizon Community
ctcbod
Enthusiast
Enthusiast
‎07-08-2015 06:46 AM

PCoIP secure tunnel question...

We are looking at allowing external access to some of our View 6.1 desktops for the first time and just need something clarified if possible.  I know I can pair a security server with one of our connection servers and allow PCoIP secure gateway connections through our firewalls, but my question is whether this would work if the remote clients first connected to a corporate VPN (Cisco ASA) and then connected to the security server via this.  It seems like a little overkill (if it’s even supported) to me as the PCoIP tunnel is already encrypted, but security is priority here and the advantage of clients first connected to the Cisco VPN is that the Cisco client will perform posture checking for client AV and firewall compliance.   Hope that makes sense, and thanks in advance for any advice.

0 Kudos
2 Replies
beutlern
Enthusiast
Enthusiast
‎07-08-2015 10:44 PM

this would definitely work. you explained it yourself already 🙂

i am just not sure why you would use a security gateway then. Use the gateway+RSA server for 2step verification and you should be fine.

i get your point about the host checker or however its called (for checking AV and firewall) but if they would need to connect to VPN first it would negate the whole security gateway functionality.

0 Kudos
ctcbod
Enthusiast
Enthusiast
‎07-14-2015 02:56 AM

Hi,  Thanks for your reply and you make a good point.   We're looking into the RSA dual factor authentication too so basically you're saying the Cisco ASA just renders the security server a hunk of expensive metal in our DMZ that is not necessarily needed.  Thanks for that, I will look into passing the the VPN connections onto our connection servers, which reside in the internal network, instead of the security server.  

0 Kudos