Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to allow inbound connections through the PIX Firewall to a Citrix server

Core issue

It is sometimes necessary to permit Citrix port  access through a PIX, so that remote connections can be established. By default, such connections are denied, so the PIX must be configured to allow Citrix traffic from the outside interface to the inside interface.


To permit the connections, ensure that you have appropriate static mapping between the private IP address and public IP address of the server.

Make sure there are enough appropriate ports opened on the outside interface of the PIX to let the traffic pass through the PIX.

Issue the static translation command to establish mapping between private and public IP addresses of the server.

Issue the access-list command to open the ports on the outside.

For information about all the known TCP/IP ports (TCP and/or UDP) that are used by Citrix services, refer to Citrix Ports.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:03 PM
Updated by:
Labels (1)