Jump to content
Welcome to our new Citrix community!

Citric ADC external connection issues

Luis De La Rosa

Recommended Posts

Hello all! I have a bit of an issue with my external connections through my citrix VPX. 


so here is what I am trying to do and what issue I have. We have backend servers that district employees access internally and externally.  We use VIPS through our ADC to connect them to said servers. Internally i create 10.x.x.x Vips and us SSL certs.  if they need to reach anything Externally, we use a DMZ VIP 172.X.X.X also using SSL certs.  internally everything works correctly.  we have no issues.  but when I am outside the network let's say at home I either get a timeout error or it takes a really long time to connect.  It also depends on what browser i use.  Chrome sometimes lets me in with no issues.  but edge and firefox timeout. I do have a http to https redirect built in to the Virtual server.  At first i thought it was a ssl issue, but internally SSL works.  and externally it also works but not all the time.  


I am kinda stumped.  any help will be appreciated.  

Link to comment
Share on other sites

Hi Luis


I've seen something similar to this in the past, and it turned out to be the NAT/port forwarding rule configured on a Palo Alto Firewall. 

The Network guy had configured the firewall rule to for "SSL NATting" rather than TCP 443 NATting. The "SSL Natting" involved packet inspection for malicious payload causing issues. 

Make sure the firewall isn't doing any funky with the packets before forwarding them to the VIP on the NetScaler




Ken Z


P.S. Also check your NetScaler routing. if you have a 2-arm topology make sure the default gateway is the internet and you have static routes to your internet VLANs

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...