Cisco Anyconnect and citrix
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2011 01:18 AM - edited 02-21-2020 05:07 PM
Hi,
Does anyone know if anyconnect is working in a citrix environment?
regards
Monty
- Labels:
-
AnyConnect

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2011 02:34 PM
Monty,
Do you mean running citrix apps over anyconnect (yes no problem with that) or running anyconnect from within citrix (never attempted, but would image problem with spawning virtual adapters? ;-)
Marcin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2011 01:00 AM
Hi Marcin
Thanks for replying
We want set up remote SSL-VPN connections to Citrix servers.
We're doing some new things for a client, and one of them is to try and replace the Citrix gateway(CAG) with the Cisco ASA and the anyconnect client,
but the CCO examples are only mentioning the clientless option as opposed to the anyconnect client.
Is there a document describing the Citrix server/ASA connection, and using the anyconnect client?
regards
Monty

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2011 01:09 AM
{{EDITED - I'm missing some info}}
Monty,
Anyconnect cannot terminate SSL session directly on citrix serves if that's what you wanted to achieve.
SSLVPN is currently a standard-less solution (from all vendors), everyone is doing their own way and vendor interoperability is basically unexistant.
While the pure SSL part (as defined by standard) should work I don't believe CAG will be able to answer anyconnect one they start talking inside SSL (think profile updates, CSD, downloading of latest version).
What you can have is terminate Anyconnect on ASA and have citrix client run on the PC with anyconnect.
Marcin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2011 01:25 AM
Hi Marcin
Sorry if was'nt clear enough, We do'nt want the CAG at all, below are the components and connections we
would like to end up with:-
CITRIX SERVER<--------->CISCO ASA 5520<--------------------------------------------->WINDOWS XP w/anyconnect client
CITRIX SERVER<---------------------------------------------SSL--------------------------------->WINDOWS XP w/anyconnect client(via the ASA)
regards
Monty

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2011 01:31 AM
Monty,
Yup, I figured I was mis-interpreting something ;-)
In the scenario your descirbing, yes it will work, in fact it will work natively since from application point of view you will be talking directly to citrix serves.
It does not require any special prepration/configuration since (for the most part) anyconnect is agnostic to traffic which is passing through it.
Normally ctrix provides http interface to it's server and then sends ICA (cookie most of the time) which prompts the client to launch citrix client (java based) and connect on tcp 1494 (AFAIR)
Marcin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2011 01:37 AM
Hi Marcin
Sounds great, I'll go ahead and give a try.
Thanks again for your quick responses.
regards
Monty
