Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3012
Views
0
Helpful
17
Replies

Accessing NetScaler through ASA5505 issue

Go to solution
NICK SYMIAKAKIS
Level 1
Level 1

‎07-16-2015 07:54 AM - edited ‎03-11-2019 11:16 PM

Hi All, I am hoping someone can help me with this issue.

I have a Citrix NetScaler server on my network that I am trying to access via a public address on the outside of my Cisco ASA5505.

The ASA has two Public Addresses, the first is used for a couple VPN tunnels, which work fine. the second is going to be dedicated tot he Netscaler.

ASA5505 - IOS version 9.0 (1)

Public address: Y.Y.Y.142

NetScaler Server: X.X.X.6

 

This is what I have programmed in the ASA:

object service https
 service tcp source eq https destination eq https
object network NetScaler_External
 host Y.Y.Y.142
 description Netscaler External IP
object network NetScaler_Internal
 host X.X.X.6
 description Netscaler Inside Address

 

access-list outside_access_in remark Netscaler
access-list outside_access_in extended permit object https any object NetScaler_Internal

 

object network obj_any
 nat (inside,outside) dynamic interface
object network NetScaler_Internal
 nat (inside,outside) static NetScaler_External service tcp https https
access-group outside_access_in in interface outside

 

 

I am not sure what I am missing, but when I try to connect to the NetScaler from the outside, the log shows the connection attempt, then gives me a 30sec. disconnect because of missing SYN.

 

Any help would greatly be appreciated. I am stuck!

 

Labels:
0 Helpful
17 Replies 17

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to NICK SYMIAKAKIS

‎07-21-2015 08:40 AM

Sorry but I'm a bit out of my depth when we get into the Secure Gateway flavor of the Netscaler.

The ASA appears fine for https but there may be some fine point about what the Netscaler Secure Gateway requires that I'm not aware of. Can you confirm there's no proxy server setup in your environment that might be blocking or interfering with the https communications?

You might try the community over at Citrix. I've has good results with them in the past.

http://discussions.citrix.com/forum/5-secure-gateway/ 

 

0 Helpful

Go to solution
NICK SYMIAKAKIS
Level 1
Level 1
In response to Marvin Rhoads

‎07-21-2015 08:42 AM

Thank you for all of your help in confirming the ASA is setup correctly.

Much Appreciated.

0 Helpful

Go to solution
jessieherrera
Level 1
Level 1
In response to NICK SYMIAKAKIS

‎04-27-2016 08:30 AM

Did you ever find your problem? We are having a weird issue similar to yours with a missing ack from the netscaler server.


We see syn,syn ack, then fin,ack.

We are having an missing ack.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card