Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 459
  • Last Modified:

how VPN network connect to citrix server

Deat Expert,

sometime our organisation connect to citrix server from VPN. I want more details about this connectivity and architecture. what are the ports,firewall it passes through to connect citrix and other proceess.

1 Solution
If you are using Citrix you don't need to VPN to the server.  You should just connect to Citrix through the Web.
If you need to know the ports (there are several depending on how you use things) here they are for the most part:

ICA session: 1494-tcp
ICA session with Session Reliability: 2598-tcp

Web Interface: 80-tcp
Web Interface with SSL: 443-tcp

Secure Gateway/CAG: 443-tcp

XML browser (default): 80-tcp

I would actually suggest using the VPN if you have it unless you enable Secure Gateway or CAG; the VPN will be higher security than ICA encryption alone.  The Secure Gateway and CAG will provide 128-bit protocol encryption, not just the session encryption ICA does.  
Likely your firewall is providing an IPSEC VPN to your end users.  The ports necessary to be allowed to/by the firewall are ISAKMP, ESP, and probably NAT-T (non500-ISAKMP).  

These ports are:

ISAKMP - udp 500
ESP - IP protocol 50
NAT-T - udp 4500

Typical implementations of firewall VPNs issue IP addresses in a range separate from your internal network and then pass traffic back and forth between the networks without NATing it.  The ports listed above are most often terminated on the firewall and traffic is decrypted before being passed to your internal servers; return traffic is, in turn, encrypted before passing it back to the end user's computer.
AJITPADHYAuthor Commented:
AJITPADHYAuthor Commented:

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now