https://community.cisco.com/t5/network-security/citrix-access-via-asa5505/m-p/2581867#M204218 <P>Hi,</P><P>When a user wants to connect to a Citrix session using Citrix ICA client (citrix receiver) the ICA client uses port number 1494 and port number 2598 for session reliability.<BR />Port number 1494 is default for ICA connection, allotted by IANA to Citrix.<BR /><BR />Session reliability contains a secure connection over SSL and it also has the ability to maintain the sessions during fail-over.</P><P>So, you need to permit these ports on user ASA to allow Citirx via ASA.<BR />like:<BR />access-list (name) permit tcp any any eq 1494<BR />access-list (name) permit tcp any any eq 2598<BR />&nbsp;</P><P>Regards,<BR />Rahul Chhabra<BR />Network Engineer<BR />Spooster IT Services</P><P>&nbsp;</P> Tue, 11 Nov 2014 16:27:14 GMT Rahul Chhabra 2014-11-11T16:27:14Z https://community.cisco.com/t5/network-security/citrix-access-via-asa5505/m-p/2581866#M204216 <P>We have a customer with a Cisco ASA5505 Firewall and they recently gone to a Citrix cloud environment. We are having a problem allowing the Citrix traffic through the ASA. Anyone with any ideas or "steps to take" would be greatly appreciated.</P> Tue, 12 Mar 2019 05:03:17 GMT https://community.cisco.com/t5/network-security/citrix-access-via-asa5505/m-p/2581866#M204216 swoods227 2019-03-12T05:03:17Z https://community.cisco.com/t5/network-security/citrix-access-via-asa5505/m-p/2581867#M204218 <P>Hi,</P><P>When a user wants to connect to a Citrix session using Citrix ICA client (citrix receiver) the ICA client uses port number 1494 and port number 2598 for session reliability.<BR />Port number 1494 is default for ICA connection, allotted by IANA to Citrix.<BR /><BR />Session reliability contains a secure connection over SSL and it also has the ability to maintain the sessions during fail-over.</P><P>So, you need to permit these ports on user ASA to allow Citirx via ASA.<BR />like:<BR />access-list (name) permit tcp any any eq 1494<BR />access-list (name) permit tcp any any eq 2598<BR />&nbsp;</P><P>Regards,<BR />Rahul Chhabra<BR />Network Engineer<BR />Spooster IT Services</P><P>&nbsp;</P> Tue, 11 Nov 2014 16:27:14 GMT https://community.cisco.com/t5/network-security/citrix-access-via-asa5505/m-p/2581867#M204218 Rahul Chhabra 2014-11-11T16:27:14Z https://community.cisco.com/t5/network-security/citrix-access-via-asa5505/m-p/2581868#M204220 <P>Hello,&nbsp;</P><P>&nbsp;</P><P>If you access the Citrix Cloud Enviroment from the inside hosts to the outside, you will need to permit that communication on the ASA on the Outside Access group, to the server, and Citrix uses specific TCP ports for this.</P><P>&nbsp;</P><P>Either ways I will give you 3&nbsp;documents that have the Port numbers and another one for how to apply this access group to permit this communication, also remember the access group applied on the inside interface.</P><P>&nbsp;</P><P><STRONG><EM>Configuring TCP ports for Citrix communication:</EM></STRONG></P><P>-&nbsp;http://support.citrix.com/proddocs/topic/xenapp65-admin/ps-securing-cfg-tcp-ports.html</P><P>-&nbsp;http://support.citrix.com/servlet/KbServlet/download/2389-102-704421/CTX101810_28th_June_2013.pdf</P><P>&nbsp;</P><P><STRONG><EM>Permitting or Deniying Network Access:</EM></STRONG></P><P>&nbsp;</P><P>-&nbsp;http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_nw.html</P><P>&nbsp;</P><P>If you have any questions let me know,</P><P>&nbsp;</P><P>Please don't forget to rate and to mark as correct the helpful post!</P><P>&nbsp;</P><P>David Castro,</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P> Tue, 11 Nov 2014 18:43:26 GMT https://community.cisco.com/t5/network-security/citrix-access-via-asa5505/m-p/2581868#M204220 David Johan Castro Fernandez 2014-11-11T18:43:26Z