Jump to content
Welcome to our new Citrix community!

IPv6 access ICA only

Joost Sannen

Recommended Posts

Hi, I'm trying to setup IPv6 access for ICA connections while keeping the current IPv4 configuration as much as possible. According to Configure IPv6 for ICA connections | VPN configuration on a Citrix Gateway appliance it's quite simple.


  • enable ns feature IPv6PT
  • enable ns mode USNIP was already enabled
  • set dns parameter –resolutionOrder AAAAThenAQuery AThenAAAAQuery OnlyAAAAQuery OnlyAQuery


Then it get fuzzy to me.

  • add a IPv6 SNIP. This must a (public) global IPv6 address?
  • created a public AAAA DNS record for the existing Access Gateway. Where to bind it or do I have to setup a new Access Gateway for IPv6?
  • (created firewall rules)


Any help is appreciated.



Link to comment
Share on other sites

  • 3 weeks later...

Yes, got it working! I'm new to IPv6 which took a while for basic undertanding. I created a new CAG without needing any changes to our backend. Wanted to share it with you guys, maybe someone will benefit.


Enable IPv6 protocol translation
enable ns feature IPv6PT


add ns ip6 [IPv6/prefix] -vServer DISABLED


Depending on your routing advertisement add route 
add route6 ::/0 [IPv6] -advertise DISABLED


Add new Access Gateway based on IPv6
add vpn vserver [CAG_name] SSL [IPv6] 443 -icaOnly ON -downStateFlush DISABLED -Listenpolicy NONE


Add all configuration currently in use for your IPv4 CAG 


Setup proper firewalling

Create a public DNS AAAA record with the same value as the A record for your IPv4 CAG


Now your Citrix environment is reachable over IPv6.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...