IPv6 access ICA only

[Joost Sannen]

Hi, I'm trying to setup IPv6 access for ICA connections while keeping the current IPv4 configuration as much as possible. According to Configure IPv6 for ICA connections | VPN configuration on a Citrix Gateway appliance it's quite simple.

 

• enable ns feature IPv6PT
• enable ns mode USNIP was already enabled
• set dns parameter –resolutionOrder AAAAThenAQuery AThenAAAAQuery OnlyAAAAQuery OnlyAQuery

 

Then it get fuzzy to me.

• add a IPv6 SNIP. This must a (public) global IPv6 address?
• created a public AAAA DNS record for the existing Access Gateway. Where to bind it or do I have to setup a new Access Gateway for IPv6?
• (created firewall rules)

 

Any help is appreciated.

 

 

[Joost Sannen]

Yes, got it working! I'm new to IPv6 which took a while for basic undertanding. I created a new CAG without needing any changes to our backend. Wanted to share it with you guys, maybe someone will benefit.

 

Enable IPv6 protocol translation
enable ns feature IPv6PT

 

Add IPv6 SNIP
add ns ip6 [IPv6/prefix] -vServer DISABLED

 

Depending on your routing advertisement add route 
add route6 ::/0 [IPv6] -advertise DISABLED

 

Add new Access Gateway based on IPv6
add vpn vserver [CAG_name] SSL [IPv6] 443 -icaOnly ON -downStateFlush DISABLED -Listenpolicy NONE

 

Add all configuration currently in use for your IPv4 CAG 

 

Setup proper firewalling

Create a public DNS AAAA record with the same value as the A record for your IPv4 CAG

 

Now your Citrix environment is reachable over IPv6.