Jump to content
Welcome to our new Citrix community!

SSL VPN routen thru tunnel

Patrik Holmberg

Recommended Posts

I now that i can route specific subnets and external url through the tunnel.

But can i route specific TCP port to route that traffic through the tunnel?


Say all traffic from client destination port of 4433 that go through the tunnel also with rest of traffic i have configurate in internet application?


Is this possible?



Link to comment
Share on other sites

If you are using the VPN vserver in full vpn mode and you enable split tunnel, you can identify which networks (destination IPs/subnets and ports) to allow through gateway.

The intranet applications define which networks (subnets or subnets with ports) are intercepted from the client AND sent over the vpn tunnel, when in split tunnel mode.  Non matching traffic is handled client side.


Option 1, is you define your intranet applications with ip/subnets and ports to identify which ports to intercept.

Bind the intranetapplications to the vpn vserver.

You still need to ensure that allow authorization is set at the vpn vserver or group for the connection type so it isn't denied.  Authorizations can be set through either session policies or authorization policies.


Option 2: You can define a broader intranet application with just the subnets to intercept for all ports.

But use additional allow/deny policies (session or authorization policies) to filter allowed destinations.




Link to comment
Share on other sites

Have a good grasp of this otherwise. I have configured many internet applications with IP as destination. But instead of a network or an IP, I want it to just depend on which port the client  used. This means that from a client if you want to use port 4433 for something, that traffic, whatever IP it is that uses port 4433, must go through the tunnel Hope you understand what I am explaining.

Link to comment
Share on other sites


Split tunnel with Transparent Intranet Apps

account for networks, networks with ports. But not ports only.

You still have to tell it which network to intercept; otherwise it is local traffic.


Split Tunnel with Proxy Intranet Apps: Can specify a specific IP or specific destination port or port range. This method MIGHT allow for a port only match BUT it is used by the Java plug in only and not the full client.


So I don't think you can define this as a port only intercept with the regular intranet apps in transparent mode.  You can try with proxy; but I don't think it will work in this instance.


I would recommend that you still define the destination network(s) for port 4433 to avoid sending traffic over a port to a destination you didn't intend.





Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...