Jump to content
Welcome to our new Citrix community!

IPv6 access ICA only


Joost Sannen

Recommended Posts

Hi, I'm trying to setup IPv6 access for ICA connections while keeping the current IPv4 configuration as much as possible. According to Configure IPv6 for ICA connections | VPN configuration on a Citrix Gateway appliance it's quite simple.

 

  • enable ns feature IPv6PT
  • enable ns mode USNIP was already enabled
  • set dns parameter –resolutionOrder AAAAThenAQuery AThenAAAAQuery OnlyAAAAQuery OnlyAQuery

 

Then it get fuzzy to me.

  • add a IPv6 SNIP. This must a (public) global IPv6 address?
  • created a public AAAA DNS record for the existing Access Gateway. Where to bind it or do I have to setup a new Access Gateway for IPv6?
  • (created firewall rules)

 

Any help is appreciated.

 

 

Link to comment
Share on other sites

  • 3 weeks later...

Yes, got it working! I'm new to IPv6 which took a while for basic undertanding. I created a new CAG without needing any changes to our backend. Wanted to share it with you guys, maybe someone will benefit.

 

Enable IPv6 protocol translation
enable ns feature IPv6PT

 

Add IPv6 SNIP
add ns ip6 [IPv6/prefix] -vServer DISABLED

 

Depending on your routing advertisement add route 
add route6 ::/0 [IPv6] -advertise DISABLED

 

Add new Access Gateway based on IPv6
add vpn vserver [CAG_name] SSL [IPv6] 443 -icaOnly ON -downStateFlush DISABLED -Listenpolicy NONE

 

Add all configuration currently in use for your IPv4 CAG 

 

Setup proper firewalling

Create a public DNS AAAA record with the same value as the A record for your IPv4 CAG

 

Now your Citrix environment is reachable over IPv6.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...