11-10-2014 10:44 AM - edited 03-11-2019 10:03 PM
We have a customer with a Cisco ASA5505 Firewall and they recently gone to a Citrix cloud environment. We are having a problem allowing the Citrix traffic through the ASA. Anyone with any ideas or "steps to take" would be greatly appreciated.
11-11-2014 08:27 AM
Hi,
When a user wants to connect to a Citrix session using Citrix ICA client (citrix receiver) the ICA client uses port number 1494 and port number 2598 for session reliability.
Port number 1494 is default for ICA connection, allotted by IANA to Citrix.
Session reliability contains a secure connection over SSL and it also has the ability to maintain the sessions during fail-over.
So, you need to permit these ports on user ASA to allow Citirx via ASA.
like:
access-list (name) permit tcp any any eq 1494
access-list (name) permit tcp any any eq 2598
Regards,
Rahul Chhabra
Network Engineer
Spooster IT Services
11-11-2014 10:43 AM
Hello,
If you access the Citrix Cloud Enviroment from the inside hosts to the outside, you will need to permit that communication on the ASA on the Outside Access group, to the server, and Citrix uses specific TCP ports for this.
Either ways I will give you 3 documents that have the Port numbers and another one for how to apply this access group to permit this communication, also remember the access group applied on the inside interface.
Configuring TCP ports for Citrix communication:
- http://support.citrix.com/proddocs/topic/xenapp65-admin/ps-securing-cfg-tcp-ports.html
- http://support.citrix.com/servlet/KbServlet/download/2389-102-704421/CTX101810_28th_June_2013.pdf
Permitting or Deniying Network Access:
- http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_nw.html
If you have any questions let me know,
Please don't forget to rate and to mark as correct the helpful post!
David Castro,
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide