PAM Admin is using PAM through a NetScaler Load Balancer successfully.  With their NetScaler configured with ssl-passthrough -> everything works fine.

However when they use a Gateway on her desktop -> their ACL for allowed access into PAM stop working.  The reason why is the IP address for their NetScaler only comes back (which is blocked). 

If they go directly to a PAM Appliance it works fine.

Release : 4.1.1

In Citrix NetScaler, they have a setting called USIP (Use Source IP) -> which was not enabled on their NetScaler LB.  This keeps the source IP of the original pam client to work with her ACL.