Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
3
Replies

Pix 515e to Citrix

wgranada1
Level 1
Level 1

‎10-22-2007 07:45 AM - edited ‎03-03-2019 07:17 PM

Not sure how to do this but I have web page that I need to connect to. I'm told by the distant end inorder for me to connect to that webpage I need to specify it because it is going through there Citrix server. So inorder for my internal subnet to hit that webpage I need to target a specific IP and port number. The webpage is 10.254.23.41 port 512 my internal subnet is 10.245.181.0......so on my Pix all I need to do is this?

static (inside,outside) 10.254.23.0 10.245.181.0 netmask 255.255.255.0

Labels:
0 Helpful
3 Replies 3

Adam Frederick
Level 3
Level 3

‎10-22-2007 11:32 AM

Confusing. That is what routing tables are for. Sounds like they just want you to test and see if you can connect to that IP/Port. You can do so by using telnet.

0 Helpful

wgranada1
Level 1
Level 1
In response to Adam Frederick

‎10-22-2007 12:01 PM

Hi Adam;

Its a new website that is going over a Citrix server and they asked if I can get to it. I put in the https// address and receive:

page cannot be displayed

I informed the distant end of this and that is when they told me I need to allow the IP and port through my firewall but I thought that if you go from a higher secruity level to a lower you don't need to do so

0 Helpful

Adam Frederick
Level 3
Level 3
In response to wgranada1

‎10-23-2007 05:26 AM

wgranada;

you are exactly right, however in the event you are using an outbound ACL as well as an inbound you'll have to open it up but normal practice is normally just an inbound ACL on smaller networks. So if that case isn't the case, I would recommend doing a few things to troubleshoot, one being a traceroute to the IP. Ensure your packets aren't getting dropped (however they may and this could be normal - however if it drops at your router then you've got some digging to do). The second and best test is to do a telnet to the IP and port and see if it connects or fails. example from dos: telnet 1.2.3.4 5900 .. so basically with this I am testing to see if port 5900/tcp is open on IP 1.2.3.4.

Hope that helps clear it up. Also if you have a friend that works behind a diff. network you could have him try to see if he can connect. If so then it may be easier to narrow down the source or the problem.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card