I'm trying to sort something out and seem to be hitting a wall in my

Our situation: We have a web application (Application A) internally
that now needs to be accessed externally. Most users get this app via a
link in another application (Application B) that also handles their
login. Because of these two factors, we have to change the link in
Application B so that it points towards a publicly addressable host name
instead of an internal-only host name.

Our goal: To have our Access Gateway handle the problem. Ideally,
everyone clicks on the publicly addressable link, which takes them to
the AG. The AG checks the client IP, if it's in the specified range
they are just passed to the site. If it's not, they must login to the
AG with their directory credentials.

I've tried creating an authorization policy that says user must have
an IP in range X or be have Role Y, but it always takes the user to the
login page regardless of their IP.

Also, I do not want to handle the separation via DNS if at all
possible. I prefer to keep the outside vs inside DNS views as close to
synchronized as possible, so would much rather AG handle this.

djaquays's Profile: https://forums.netiq.com/member.php?userid=2530
View this thread: https://forums.netiq.com/showthread.php?t=48316