Jump to content
Welcome to our new Citrix community!

Citrix VPN cannot connect to internal resources by name when split tunnel is ON


Sunil Chacko

Recommended Posts

we are trying to go in with CItrix gateway VPN as a backup in the time of this turmoil. One issue is, once connected to VPN, i cant ping anything by name. I can ping internal resources only by IP. We running netscaler 12.1.55.18. We have a DNS virtual Server configured in Session profile. Split tunnel is ON. (when its off, i can ping by name) 

Any idea? 

Link to comment
Share on other sites

1) when configuring split tunnel, you must properly configure intranetapps for the networks to intercept as "internal"

2) you need to be sure you've assigned a dns server to teh session profile (or global vpn parameters) so name resolution is handled via tunnel; once destination ips are identified, then intranet apps should guarantee they are intercepted.  (split dns is also a thing).

 

When split tunnel is OFF, the vpn client intercepts ALL client side traffic and sends to vpn vserver and lets the vpn vserver sort it out as allowed/denied.

When split tunnel is ON, only the client side network requests that overlap with an intranetapp are intercepted and sent to the vpn vserver.

Link to comment
Share on other sites

i have internet apps configured and i can ping them by name what i defined

I have DNS server configured in session policy and its working. I can do nslookup and it resolve names

 

But still i cant ping internal resources by name when split tunnel ON. i have a ticket opened up with Citrix team and hope to get some help

Link to comment
Share on other sites

It might also be related to authorization policies. Check syslog to see if you have any deny messages.  As you might not be allowing access to the destination IPs.  Session policies can control authorizations along with authorization policies by group. (Or else, support may have an idea if it isn't just a config issue.)  Good luck.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...